Received: by 10.213.65.68 with SMTP id h4csp489690imn; Tue, 13 Mar 2018 10:40:19 -0700 (PDT) X-Google-Smtp-Source: AG47ELtrrJV980a+2vNPG+vGk6P1Dk996wRShjvF9E8YnEmzEwZxhszdxv/4xjcMu+tuYY0Rb0cj X-Received: by 10.98.253.17 with SMTP id p17mr1365463pfh.105.1520962819497; Tue, 13 Mar 2018 10:40:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520962819; cv=none; d=google.com; s=arc-20160816; b=jHyB7d9/hmweF7Y/YPZt9qkeMj/JLgdbRI34wiaUb55iw2L3/u5NzgRWGss8iM21rX mg5ie2LmLrSQ5EmVIh1ZV4ROFlw2gq0cTls7GjBCjjQW/0vSbB97hKLzcaDAJaigbCFJ ofsSFLxOPJ/MsSrlrZwytzqVvWYp/0ekMDYKmEPXgDg4eMht3XUNfyPSLCvRIOuIfxzx XsIWlcPj1mvcuTAH6I/vOWU+eYZJkREYv1snVLw+h4pY6vo+BO3pHwGOHkHUEwVeLJVk SPFuXcoEeVkUXvWiSicfKA3zDWWtrOE17Wzzwv6MClWcTD1NwsFeLVQwgpHd6yghRmcS YEhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=OGorCORTG1h99xv6KxW/Vx2q7ldQEou7Bq+yROgH/y0=; b=mhtuH1HmAXgfZKwlbEAt0sfLi5ebXVTrfzojcHq6TMJNg7fMyWG9dZ9dheHHZ4cEyv gXmyqqJsBSWUZJa0gFH6PDQSn2kSAve4pvwE8/mSLq1ZVnjUF32Fr79ECj6RKVcfcrJg PWayqShlND2uc2msOQfmDsKg+bBnFb23TRs/HT8c16GGzCGvnMxawcDVLDlQ2TD+Fm48 UMogFdnov8ju+N44fXTDp2sNFRgHX3mwaI11iLhwDb/3sN3766umRkXO7wfiKNtSy5v5 GJqwIdnrCMEi9UN0ypa5mc+UgxPteSP555q4/0DYHqquXiz8rhkijwNAJqhuc1KZnOjj lerQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a88si509943pfk.40.2018.03.13.10.40.05; Tue, 13 Mar 2018 10:40:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752110AbeCMRjG (ORCPT + 99 others); Tue, 13 Mar 2018 13:39:06 -0400 Received: from h2.hallyn.com ([78.46.35.8]:42932 "EHLO mail.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751362AbeCMRjE (ORCPT ); Tue, 13 Mar 2018 13:39:04 -0400 Received: by mail.hallyn.com (Postfix, from userid 1001) id 1B6C1120C23; Tue, 13 Mar 2018 12:39:03 -0500 (CDT) Date: Tue, 13 Mar 2018 12:39:03 -0500 From: "Serge E. Hallyn" To: Tycho Andersen Cc: David Howells , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, James Morris , "Serge E. Hallyn" Subject: Re: [PATCH 2/2] dh key: get rid of stack array allocation Message-ID: <20180313173903.GA19174@mail.hallyn.com> References: <20180313042907.29598-1-tycho@tycho.ws> <20180313042907.29598-2-tycho@tycho.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180313042907.29598-2-tycho@tycho.ws> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Quoting Tycho Andersen (tycho@tycho.ws): > Similarly to the previous patch, we would like to get rid of stack > allocated arrays: https://lkml.org/lkml/2018/3/7/621 > > In this case, we can also use a malloc style approach to free the temporary > buffer, being careful to also use kzfree to free them (indeed, at least one > of these has a memzero_explicit, but it seems like maybe they both > should?). > > Signed-off-by: Tycho Andersen > CC: David Howells > CC: James Morris > CC: "Serge E. Hallyn" Acked-by: Serge Hallyn for both, thanks. > --- > security/keys/dh.c | 27 +++++++++++++++++++++------ > 1 file changed, 21 insertions(+), 6 deletions(-) > > diff --git a/security/keys/dh.c b/security/keys/dh.c > index d1ea9f325f94..f02261b24759 100644 > --- a/security/keys/dh.c > +++ b/security/keys/dh.c > @@ -162,19 +162,27 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen, > goto err; > > if (zlen && h) { > - u8 tmpbuffer[h]; > + u8 *tmpbuffer; > size_t chunk = min_t(size_t, zlen, h); > - memset(tmpbuffer, 0, chunk); > + > + err = -ENOMEM; > + tmpbuffer = kzalloc(chunk, GFP_KERNEL); > + if (!tmpbuffer) > + goto err; > > do { > err = crypto_shash_update(desc, tmpbuffer, > chunk); > - if (err) > + if (err) { > + kzfree(tmpbuffer); > goto err; > + } > > zlen -= chunk; > chunk = min_t(size_t, zlen, h); > } while (zlen); > + > + kzfree(tmpbuffer); > } > > if (src && slen) { > @@ -184,13 +192,20 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen, > } > > if (dlen < h) { > - u8 tmpbuffer[h]; > + u8 *tmpbuffer; > + > + err = -ENOMEM; > + tmpbuffer = kzalloc(h, GFP_KERNEL); > + if (!tmpbuffer) > + goto err; > > err = crypto_shash_final(desc, tmpbuffer); > - if (err) > + if (err) { > + kzfree(tmpbuffer); > goto err; > + } > memcpy(dst, tmpbuffer, dlen); > - memzero_explicit(tmpbuffer, h); > + kzfree(tmpbuffer); > return 0; > } else { > err = crypto_shash_final(desc, dst); > -- > 2.15.1