Re: [PATCH v11 2/8] pkcs7: Allow the signing algo to calculate the digest itself

Next message: Peter Zijlstra: "Re: [PATCH 0/4] Inline helpers into Rust without full LTO"
Previous message: Maxime Ripard: "Re: [PATCH 08/12] drm/bridge: imx8mp-hdmi-pvi: convert to of_drm_find_and_get_bridge()"
In reply to: David Howells: "Re: [PATCH v11 2/8] pkcs7: Allow the signing algo to calculate the digest itself"
Next in thread: David Howells: "[PATCH v11 1/8] crypto: Add ML-DSA crypto_sig support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ignat Korchagin

Date: Wed Jan 07 2026 - 09:00:01 EST

On Wed, Jan 7, 2026 at 1:53 PM David Howells <dhowells@xxxxxxxxxx> wrote:
>
> Ignat Korchagin <ignat@xxxxxxxxxxxxxx> wrote:
>
> > > + ret = -ENOMEM;
> > > + sig->digest = kmalloc(umax(sinfo->authattrs_len, sig->digest_size),
> > > + GFP_KERNEL);
> >
> > Can we refactor this so we allocate the right size from the start.
>
> The problem is that we don't know the right size until we've tried parsing it.
>
> > Alternatively, should we just unconditionally use this approach
> > "overallocating" some times?
>
> In some ways, what I'd rather do is push the hash calculation down into the
> crypto/ layer for all public key algos.

Probably better indeed

> Also, we probably don't actually need to copy the authattrs, just retain a
> pointer into the source buffer and the length since we don't intend to keep
> the digest around beyond the verification procedure. So I might be able to
> get away with just a flag saying I don't need to free it.
>
> However, there's an intermediate hash if there are authattrs, so I will need
> to store that somewhere - though that could be allocated on demand.
>
> David
>

Ignat