Commit afddce13ce81d ("crypto: api - Add reqsize to crypto_alg")
introduced cra_reqsize field in crypto_alg struct to replace type
specific reqsize fields. It looks like this was introduced specifically
for ahash and acomp from the commit description as subsequent commits
add necessary changes in these alg frameworks.

However, this is being recommended for use in all crypto algs [1]
instead of setting reqsize using crypto_*_set_reqsize(). Using
cra_reqsize in skcipher and aead algorithms, hence, causes memory
corruptions and crashes as the underlying functions in the algorithm
framework have not been updated to set the reqsize properly from
cra_reqsize. [2]

Add proper set_reqsize calls in the skcipher and aead init functions to
properly initialize reqsize for these algorithms in the framework.

[1]: https://lore.kernel.org/linux-crypto/aCL8BxpHr5OpT04k@gondor.apana.org.au/
[2]: https://gist.github.com/Pratham-T/24247446f1faf4b7843e4014d5089f6b

Fixes: afddce13ce81d ("crypto: api - Add reqsize to crypto_alg")
Signed-off-by: T Pratham <t-pratham@ti.com>
---

Found this while developing TI DTHEv2 crypto driver. I narrowed that
these crashes in [2] are due to some upstream change and not my code as
the same driver is working fine in our internal 6.12 LTS version (with
daily CI builds not showing any regression from crypto subsystem). The
*only* change is replacing crypto_skcipher_set_reqsize() with
cra_reqsize in algorithms as this patch was introduced after 6.12.

Now, these crashes were not caught earlier because [3] split the
in-kernel self-tests into two configs (CRYPTO_SELFTESTS and
CRYPTO_SELFTESTS_FULL) which went unnoticed in my local development flow
and the CRYPTO_SELFTESTS_FULL config was not enabled till recently. [2]
shows after applying this patch, the driver passes all selftests
succssfully with CRYPTO_SELFTESTS_FULL=y.

[3]: https://lore.kernel.org/linux-crypto/20250612174709.26990-1-ebiggers@kernel.org/
---
 crypto/aead.c     | 1 +
 crypto/skcipher.c | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/crypto/aead.c b/crypto/aead.c
index 5d14b775036ee..51ab3af691af2 100644
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -120,6 +120,7 @@ static int crypto_aead_init_tfm(struct crypto_tfm *tfm)
 	struct aead_alg *alg = crypto_aead_alg(aead);
 
 	crypto_aead_set_flags(aead, CRYPTO_TFM_NEED_KEY);
+	crypto_aead_set_reqsize(aead, crypto_tfm_alg_reqsize(tfm));
 
 	aead->authsize = alg->maxauthsize;
 
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index de5fc91bba267..8fa5d9686d085 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -294,6 +294,8 @@ static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm)
 		return crypto_init_lskcipher_ops_sg(tfm);
 	}
 
+	crypto_skcipher_set_reqsize(skcipher, crypto_tfm_alg_reqsize(tfm));
+
 	if (alg->exit)
 		skcipher->base.exit = crypto_skcipher_exit_tfm;
 
-- 
2.43.0

On Tue, Oct 07, 2025 at 07:27:51PM +0530, T Pratham wrote:
> Commit afddce13ce81d ("crypto: api - Add reqsize to crypto_alg")
> introduced cra_reqsize field in crypto_alg struct to replace type
> specific reqsize fields. It looks like this was introduced specifically
> for ahash and acomp from the commit description as subsequent commits
> add necessary changes in these alg frameworks.
> 
> However, this is being recommended for use in all crypto algs [1]
> instead of setting reqsize using crypto_*_set_reqsize(). Using
> cra_reqsize in skcipher and aead algorithms, hence, causes memory
> corruptions and crashes as the underlying functions in the algorithm
> framework have not been updated to set the reqsize properly from
> cra_reqsize. [2]
> 
> Add proper set_reqsize calls in the skcipher and aead init functions to
> properly initialize reqsize for these algorithms in the framework.
> 
> [1]: https://lore.kernel.org/linux-crypto/aCL8BxpHr5OpT04k@gondor.apana.org.au/
> [2]: https://gist.github.com/Pratham-T/24247446f1faf4b7843e4014d5089f6b
> 
> Fixes: afddce13ce81d ("crypto: api - Add reqsize to crypto_alg")
> Signed-off-by: T Pratham <t-pratham@ti.com>
> ---
> 
> Found this while developing TI DTHEv2 crypto driver. I narrowed that
> these crashes in [2] are due to some upstream change and not my code as
> the same driver is working fine in our internal 6.12 LTS version (with
> daily CI builds not showing any regression from crypto subsystem). The
> *only* change is replacing crypto_skcipher_set_reqsize() with
> cra_reqsize in algorithms as this patch was introduced after 6.12.
> 
> Now, these crashes were not caught earlier because [3] split the
> in-kernel self-tests into two configs (CRYPTO_SELFTESTS and
> CRYPTO_SELFTESTS_FULL) which went unnoticed in my local development flow
> and the CRYPTO_SELFTESTS_FULL config was not enabled till recently. [2]
> shows after applying this patch, the driver passes all selftests
> succssfully with CRYPTO_SELFTESTS_FULL=y.
> 
> [3]: https://lore.kernel.org/linux-crypto/20250612174709.26990-1-ebiggers@kernel.org/
> ---
>  crypto/aead.c     | 1 +
>  crypto/skcipher.c | 2 ++
>  2 files changed, 3 insertions(+)

Thanks.  I've applied the skcipher part of your patch.

Please repost the AEAD part as a separate patch.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

On 08/10/25 13:45, Herbert Xu wrote:
> On Tue, Oct 07, 2025 at 07:27:51PM +0530, T Pratham wrote:
>> Commit afddce13ce81d ("crypto: api - Add reqsize to crypto_alg")
>> introduced cra_reqsize field in crypto_alg struct to replace type
>> specific reqsize fields. It looks like this was introduced specifically
>> for ahash and acomp from the commit description as subsequent commits
>> add necessary changes in these alg frameworks.
>>
>> However, this is being recommended for use in all crypto algs [1]
>> instead of setting reqsize using crypto_*_set_reqsize(). Using
>> cra_reqsize in skcipher and aead algorithms, hence, causes memory
>> corruptions and crashes as the underlying functions in the algorithm
>> framework have not been updated to set the reqsize properly from
>> cra_reqsize. [2]
>>
>> Add proper set_reqsize calls in the skcipher and aead init functions to
>> properly initialize reqsize for these algorithms in the framework.
>>
>> [1]: https://lore.kernel.org/linux-crypto/aCL8BxpHr5OpT04k@gondor.apana.org.au/
>> [2]: https://gist.github.com/Pratham-T/24247446f1faf4b7843e4014d5089f6b
>>
>> Fixes: afddce13ce81d ("crypto: api - Add reqsize to crypto_alg")
>> Signed-off-by: T Pratham <t-pratham@ti.com>
>> ---
>>
>> Found this while developing TI DTHEv2 crypto driver. I narrowed that
>> these crashes in [2] are due to some upstream change and not my code as
>> the same driver is working fine in our internal 6.12 LTS version (with
>> daily CI builds not showing any regression from crypto subsystem). The
>> *only* change is replacing crypto_skcipher_set_reqsize() with
>> cra_reqsize in algorithms as this patch was introduced after 6.12.
>>
>> Now, these crashes were not caught earlier because [3] split the
>> in-kernel self-tests into two configs (CRYPTO_SELFTESTS and
>> CRYPTO_SELFTESTS_FULL) which went unnoticed in my local development flow
>> and the CRYPTO_SELFTESTS_FULL config was not enabled till recently. [2]
>> shows after applying this patch, the driver passes all selftests
>> succssfully with CRYPTO_SELFTESTS_FULL=y.
>>
>> [3]: https://lore.kernel.org/linux-crypto/20250612174709.26990-1-ebiggers@kernel.org/
>> ---
>>  crypto/aead.c     | 1 +
>>  crypto/skcipher.c | 2 ++
>>  2 files changed, 3 insertions(+)
> 
> Thanks.  I've applied the skcipher part of your patch.
> 
> Please repost the AEAD part as a separate patch.
> 
> Cheers,

Sent.
https://lore.kernel.org/linux-crypto/20251008100117.808195-1-t-pratham@ti.com/T/#u

-- 
Regards
T Pratham <t-pratham@ti.com>