Received: by 10.213.65.68 with SMTP id h4csp111503imn;
        Fri, 30 Mar 2018 01:55:50 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+2rlR/tVP9Ti3JM7cbBEm+4Y98HaUiSqW69teHx7n5T4ToXp8zU5v7FgQICPf4gCh+jtZY
X-Received: by 2002:a17:902:8d96:: with SMTP id v22-v6mr12371621plo.373.1522400150094;
        Fri, 30 Mar 2018 01:55:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522400150; cv=none;
        d=google.com; s=arc-20160816;
        b=yfhzb2LuVPDg4FmztPvbUhuRiQWRgqfGwihCpkLOnOJR+zoZ9fsWLMIEwBw1yHnR8P
         sXZ8Oo41eoz6iTUKDNdkH/imx0fPGss3bjprJO9weeX4eXygfvj9+UwEdC9A5ufpAbSX
         ud/TfCZp1Re/mg7pKcJANk3N0Z0TI1bWkQNyaqJ/SIAkkOxXjXRS3Cn9nvIrPbVcKndQ
         q98T8ickx0xkuEgPzzAXl64sxfLhO6uv3OEoKqEhrUjLZfwa6EcmjmmRYgqdl3mzAyQt
         26zTgRZLd9eGpgITV8+dZv3ZAT/T0l8+79qEXb5QSenDefATN21aEPTeOSIUrP/OHzi6
         kKCQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=pDoNOVwK7qAVEtx0ZUWXAmQXO3jwjzFr/1BD4vPGBZ4=;
        b=qoe0d7h6Ngs78N2xTprBsQwLty2uspvbkjaoGdA3ohrmxigYbwF23lur6wMrZuAxYS
         80RI62XkobABmdoAV/dZvo8KgPssWE4OfgYaGvPclW1calWdFlNIYyBbbjzOnkxYMQhQ
         ImUG4KJoe5yN5CSb8toiWO2ovaKaQhWs6kBsVHwfi+yOaEV3WBYb65Mbhjocy0oVOdNV
         d2yFz1GadprY7JwZk6oYKX1NLlxzaNx0n5g4l9hv5XvJLTv1degwp0HqG5vARRWp7+mG
         RlvS8iTEDVlHm/6CkdbcvzRgPqCEiacCX6lCT9xVpNSfgdUpTMb0EJhpOiBzrt4UWg5C
         BVdg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=QxF86thL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j8si5431005pgt.582.2018.03.30.01.55.36;
        Fri, 30 Mar 2018 01:55:50 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=QxF86thL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751244AbeC3Ixn (ORCPT <rfc822;chenl.lei@gmail.com> + 99 others);
        Fri, 30 Mar 2018 04:53:43 -0400
Received: from mail-wr0-f195.google.com ([209.85.128.195]:38709 "EHLO
        mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751213AbeC3Ixl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 30 Mar 2018 04:53:41 -0400
Received: by mail-wr0-f195.google.com with SMTP id m13so7490153wrj.5;
        Fri, 30 Mar 2018 01:53:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=pDoNOVwK7qAVEtx0ZUWXAmQXO3jwjzFr/1BD4vPGBZ4=;
        b=QxF86thLcNULHIQBL4RQiqYBY26HJwI3en2sB+/PUrSkuhZ45oafKI0mA9we8K7vdk
         eYLcGzcCMEkCwg687tlIusyntiUR6YPW97DGvBV5nWm0CWRIA+AbW12qdXrg8WcIHFH0
         tJzeHd0pugXgFIbZfoPAdN2oIjLY07Mz8C8zUNF/1BQ+H8Dx7zLJkAt+J+EyuyjLnzBL
         HlG1dM0MlfEkyrC2kkMOch+UYb2pEa/0ez5kCyYst3O6pL3lpq80Tz0lxd52OaEDvPq1
         7erBLnJBPTYe3lM5UFFtly3XuJ5QWuSd+Ts+ZKa5MDCM1e7yfYqzlfvTHmSWwpb7c3xR
         9PEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=pDoNOVwK7qAVEtx0ZUWXAmQXO3jwjzFr/1BD4vPGBZ4=;
        b=SFTViru2F6KH2t/2aVCiS8oNPzw2iCaPRM59tkbaEuF9Fj3RprimO21dIM4/jqHSWU
         q97k7yAY6/MTmBb+UXSeco3daQ/nor27v+8ZcPNu5dUgdB5MdEh+2d/i0/qo533eXv5q
         zy9++PD6ORl4C2OBiB8s2246uQt1xl5um71+QkVB+rLYV0tQfmQTw+46f87d/hvqLeCb
         61rXObf3SxvvmDGMWLYr6kuRlS4WA8V9D8aQG/LQQ26+7ZBf40ZX86rpQQUUv+/rFRtz
         GkW0e6i9k1pSdn9R5oSrMRTJnmXHY2hYgUd2iL4I1J4XAbNNQpaZA0tnvO1eCL50eoYm
         l/fA==
X-Gm-Message-State: AElRT7HyZSYAptyVL4GsbbvXttNCcYpfZ5pqiT4yc8BG112D2JTLKmRv
        ZFsFJcqNSkNRF+KbkRnu1T/7LTuV/xc/aw==
X-Received: by 10.223.179.195 with SMTP id x3mr9239762wrd.94.1522400019924;
        Fri, 30 Mar 2018 01:53:39 -0700 (PDT)
Received: from localhost ([2.46.125.87])
        by smtp.gmail.com with ESMTPSA id t196sm3304957wme.35.2018.03.30.01.53.38
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Fri, 30 Mar 2018 01:53:39 -0700 (PDT)
From:   Salvatore Mesoraca <s.mesoraca16@gmail.com>
To:     linux-kernel@vger.kernel.org
Cc:     kernel-hardening@lists.openwall.com, linux-crypto@vger.kernel.org,
        "David S. Miller" <davem@davemloft.net>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Kees Cook <keescook@chromium.org>,
        Salvatore Mesoraca <s.mesoraca16@gmail.com>,
        Eric Biggers <ebiggers3@gmail.com>
Subject: [v3] crypto: ctr - avoid VLA use
Date:   Fri, 30 Mar 2018 10:53:26 +0200
Message-Id: <1522400006-8859-1-git-send-email-s.mesoraca16@gmail.com>
X-Mailer: git-send-email 1.9.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

All ciphers implemented in Linux have a block size less than or
equal to 16 bytes and the most demanding hw require 16 bytes
alignment for the block buffer.
We avoid 2 VLAs[1] by always allocating 16 bytes with 16 bytes
alignment, unless the architecture supports efficient unaligned
accesses.
We also check the selected cipher at instance creation time, if
it doesn't comply with these limits, we fail the creation.

[1] https://lkml.org/lkml/2018/3/7/621

Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
---
 crypto/ctr.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/crypto/ctr.c b/crypto/ctr.c
index 854d924..49c469d 100644
--- a/crypto/ctr.c
+++ b/crypto/ctr.c
@@ -21,6 +21,9 @@
 #include <linux/scatterlist.h>
 #include <linux/slab.h>
 
+#define MAX_BLOCKSIZE 16
+#define MAX_ALIGNMASK 15
+
 struct crypto_ctr_ctx {
 	struct crypto_cipher *child;
 };
@@ -58,7 +61,7 @@ static void crypto_ctr_crypt_final(struct blkcipher_walk *walk,
 	unsigned int bsize = crypto_cipher_blocksize(tfm);
 	unsigned long alignmask = crypto_cipher_alignmask(tfm);
 	u8 *ctrblk = walk->iv;
-	u8 tmp[bsize + alignmask];
+	u8 tmp[MAX_BLOCKSIZE + MAX_ALIGNMASK];
 	u8 *keystream = PTR_ALIGN(tmp + 0, alignmask + 1);
 	u8 *src = walk->src.virt.addr;
 	u8 *dst = walk->dst.virt.addr;
@@ -106,7 +109,7 @@ static int crypto_ctr_crypt_inplace(struct blkcipher_walk *walk,
 	unsigned int nbytes = walk->nbytes;
 	u8 *ctrblk = walk->iv;
 	u8 *src = walk->src.virt.addr;
-	u8 tmp[bsize + alignmask];
+	u8 tmp[MAX_BLOCKSIZE + MAX_ALIGNMASK];
 	u8 *keystream = PTR_ALIGN(tmp + 0, alignmask + 1);
 
 	do {
@@ -206,6 +209,14 @@ static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb)
 	if (alg->cra_blocksize < 4)
 		goto out_put_alg;
 
+	/* Block size must be <= MAX_BLOCKSIZE. */
+	if (alg->cra_blocksize > MAX_BLOCKSIZE)
+		goto out_put_alg;
+
+	/* Alignmask must be <= MAX_ALIGNMASK. */
+	if (alg->cra_alignmask > MAX_ALIGNMASK)
+		goto out_put_alg;
+
 	/* If this is false we'd fail the alignment of crypto_inc. */
 	if (alg->cra_blocksize % 4)
 		goto out_put_alg;
-- 
1.9.1