Received: by 10.192.165.148 with SMTP id m20csp5086327imm;
        Tue, 24 Apr 2018 13:29:23 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZp6fU9h9hFbGs5cqFUC2KLBK6ScNAc1hSkMY4qMvVQ9iDclkm2e16u7LY9ipVC/SF6pspIz
X-Received: by 2002:a17:902:5502:: with SMTP id f2-v6mr1693989pli.108.1524601763695;
        Tue, 24 Apr 2018 13:29:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524601763; cv=none;
        d=google.com; s=arc-20160816;
        b=xOXN5kq+MgwQJc6+5O71uvgSaaNrINxORgdq8Cgvym/qaNJ46/Vt4pO8cZrXErCeKp
         GDZS6nJF8FoPELiqOZv738zJK1Xf0GWrZzaid0MMz+lvmajIQ/w6XkrY8h3WnT26FSgC
         0BwamdJHz6MWahqyuYR/gQXoCNMt2JXnCWhmsa3brc16N1KkB14VUVSeBscMGkwpSTth
         zLxkR8bRixfJo/65kk/pDnwlmIeIeYTlgr8m4U/X5CTm3nIAw9EhiWS2uJ0Jxr2yZLHe
         TVgsz98TgoLnu5Mub7SDX/xKKtf6NA5fTHfl7gb3GzaejfqH6UofbZpXcQbxi1/Ia7PQ
         n7Uw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:dkim-signature:arc-authentication-results;
        bh=zVwg/XtOp7qOT82C31VjLPjQE83Md8m19QwRBi3Aiho=;
        b=Ad4pSYedyodf+L9SiDsqaualJ5Ua1rMQEdydVzIzwWCAAKebOK7n1/ZHZ68iM2WnRb
         +7CMJwM7HfvEyme6GRLAp1qa3DMotPwzUXoavk3GCFuuO6hx8eGzmrYEULV4uhZPrfNd
         n0BAcksJ58HavkD+MZkJAn+8dVBca5PMSwHwrDCLwed/SEWzCHJQejLZnkKVBhixhHHN
         93sue57+KHo/ayujTjz28/5UdHeVpKINGQH9zD0+MlKkLUQSApTzpNQVaDK5duRGt+fX
         LdiwO9BIAJ0rkLQyjGKG4GzoWfJ6E3jZNxbKAPgUcN0YrYhgyU0RKYIYx6Iefb2y8Ccj
         oqmA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=qYqWEPrv;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u16-v6si1174486plq.398.2018.04.24.13.29.09;
        Tue, 24 Apr 2018 13:29:23 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=qYqWEPrv;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751323AbeDXU2B (ORCPT <rfc822;testajctc@gmail.com> + 99 others);
        Tue, 24 Apr 2018 16:28:01 -0400
Received: from mail-pf0-f196.google.com ([209.85.192.196]:37394 "EHLO
        mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751216AbeDXU1t (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 24 Apr 2018 16:27:49 -0400
Received: by mail-pf0-f196.google.com with SMTP id p6so13215061pfn.4
        for <linux-kernel@vger.kernel.org>; Tue, 24 Apr 2018 13:27:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tycho-ws.20150623.gappssmtp.com; s=20150623;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=zVwg/XtOp7qOT82C31VjLPjQE83Md8m19QwRBi3Aiho=;
        b=qYqWEPrv+Qxz/4FicZR9H9ZZwC+SZvhDCXznV2ZP8l+JF/Fehx1kscQSNSh3iMrgI3
         zjXpf5g7X+FZ/hCghJP2seL6Qlx9DYQqx+VMq/IMtX/l94LJH7weSf9fyippgRQJGqqK
         dM2KN8GDnxWhUe3DXeAnCkoiJMVVAHvTuDLo+yeX8kYMgPqDFhMMKRh9YLg09wOn/VhY
         ab/pNOZtq+3IU0yLcwWs4nxjk0srur/egM3O/1S1VNabLi5zEIgIfhbzifmIpygE4LLT
         847xsBzcYOPmohIUrhh7Zigf8y5BoWcVDYsjhay3hampbObQBimKOGt7ZNLzcdiQ9bVQ
         bHmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=zVwg/XtOp7qOT82C31VjLPjQE83Md8m19QwRBi3Aiho=;
        b=RmhnTjD9ZCAO+BYdY3GYTybI3f7CL9U0qcfHB2fDA9vF0w1oJwq6PISCFrlosPpatC
         oXMDLvNtylksc20OBxLzPUHRQjQkLDOSa6u9fj3HCf8fOZ29IUNRhOgW4lJvrLqpwmWW
         eWhxaVLrsnrunOsHV0uURz9siqghX4bS+p0WvZSPB4+aNtfSvMyaGhGRHyliidBPfRY9
         /I4HQxheTeZkgGRqA4dgBXpCAaLOaZLWgE4hv/AOQc6/Q+oX9mDB/gKCQ9L4vtLcv9Td
         WVEyRVNolNN0KKxzx6Pn8HypBoSUyYGslxiICLJiUZkz08G0NSuC8eBKD1Eeweno2QZg
         8uFA==
X-Gm-Message-State: ALQs6tBQwgF7ANXudi5V5uQRTPih6+dM6DsUheDaMR+5x/lvFezg/QTB
        1J03i3uR81groHd/mLmZYEbe5Q==
X-Received: by 10.99.124.1 with SMTP id x1mr20787938pgc.286.1524601668945;
        Tue, 24 Apr 2018 13:27:48 -0700 (PDT)
Received: from localhost.localdomain ([128.107.241.171])
        by smtp.gmail.com with ESMTPSA id r82sm49943847pfk.187.2018.04.24.13.27.45
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 24 Apr 2018 13:27:48 -0700 (PDT)
From:   Tycho Andersen <tycho@tycho.ws>
To:     David Howells <dhowells@redhat.com>
Cc:     keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com,
        Tycho Andersen <tycho@tycho.ws>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Eric Biggers <ebiggers3@gmail.com>
Subject: [PATCH v3 3/3] dh key: get rid of stack allocated array for zeroes
Date:   Tue, 24 Apr 2018 14:26:39 -0600
Message-Id: <20180424202639.19830-3-tycho@tycho.ws>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180424202639.19830-1-tycho@tycho.ws>
References: <20180424202639.19830-1-tycho@tycho.ws>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

We're interested in getting rid of all of the stack allocated arrays in
the kernel: https://lkml.org/lkml/2018/3/7/621

This case is interesting, since we really just need an array of bytes that
are zero. The loop already ensures that if the array isn't exactly the
right size that enough zero bytes will be copied in. So, instead of
choosing this value to be the size of the hash, let's just choose it to be
32, since that is a common size, is not too big, and will not result in too
many extra iterations of the loop.

v2: split out from other patch, just hardcode array size instead of
    dynamically allocating something the right size
v3: fix typo of 256 -> 32

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
CC: David Howells <dhowells@redhat.com>
CC: James Morris <jmorris@namei.org>
CC: "Serge E. Hallyn" <serge@hallyn.com>
CC: Eric Biggers <ebiggers3@gmail.com>
---
 security/keys/dh.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/keys/dh.c b/security/keys/dh.c
index 9fecaea6c298..f7403821db7f 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -162,8 +162,8 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
 			goto err;
 
 		if (zlen && h) {
-			u8 tmpbuffer[h];
-			size_t chunk = min_t(size_t, zlen, h);
+			u8 tmpbuffer[32];
+			size_t chunk = min_t(size_t, zlen, sizeof(tmpbuffer));
 			memset(tmpbuffer, 0, chunk);
 
 			do {
@@ -173,7 +173,7 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
 					goto err;
 
 				zlen -= chunk;
-				chunk = min_t(size_t, zlen, h);
+				chunk = min_t(size_t, zlen, sizeof(tmpbuffer));
 			} while (zlen);
 		}
 
-- 
2.17.0