Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp170340imm; Tue, 18 Sep 2018 19:13:01 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZI50bGlGnUkLeyYZzU1Q30TwLEcdPy6Wzpc+ljaf+tNtBQ2lwBso8psfmrpcoPRge6ObCp X-Received: by 2002:a63:2043:: with SMTP id r3-v6mr30066197pgm.105.1537323181398; Tue, 18 Sep 2018 19:13:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537323181; cv=none; d=google.com; s=arc-20160816; b=xqn8KwXyv4fl6LHLzI1XrrQ7V6EkKsL4PwICIK3xgFvDVpFqV6/hXAm0asqCkKgCDO 0AQhR9Fp9+/lsWi8ze8iozenSi/qB1BypzsVEXFT0Ow+DLKJL8Ti3xop38CQI0Mlg4wm THNoImxxyxpzzB93OrppnfnrOdi3grVDzRPzDhZaKSyfairu+jCPBqHDZO7vkCbXsyvj mQifctt4QM3SN8c8oC0c2Sm+faC6pAF8s5JlMGV08VK7lJJKHQ9UsD5Ey0shWZ55g3PO YMlvHdFMgTjXqaZnx/CR077yn5g7xWxjJ7IvIkP+gj2FYR29nxUqbarf3t2NJnRdUcZk bUxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=AEAcoMGIsRFw3HkHQ8e0m7OE5b3TEmxIotDoO7+No/8=; b=iEvFtT+lAm1rgXkP8jgcu5bWqu8b/uIywJ3A/G1uy42IXT76mXzCauJUdauKu7EF7E DNdO4r92x1uJazSjxAqgNInUOPNNTkaTtpsyTQyEZ+8Py9WwnNgq1KXjRuIkecARd00q hk/nr9o+w7Nq2fVugAUyZNAiBkbSnjvv0Tw1NNdz17Lk25v0N1NU7ulQRBDLAbn4YG1Q Ta+Fb4kkH86ZQHsdqi1LyogagvFUQdBXAs3IeaXUJD+KF3g0KEuyYnePrdUk/mqrDpzG X611u1mCjEPnjmza44wGkuKvOL3mr1sZC6SzwIftdeSdOPzfSC6ImFBzvp7/gkRNqOtD E6Cg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=N8M0ZGQT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d20-v6si19917240pgj.535.2018.09.18.19.12.46; Tue, 18 Sep 2018 19:13:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=N8M0ZGQT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730955AbeISHqn (ORCPT + 99 others); Wed, 19 Sep 2018 03:46:43 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:45412 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730905AbeISHql (ORCPT ); Wed, 19 Sep 2018 03:46:41 -0400 Received: by mail-pf1-f196.google.com with SMTP id i26-v6so1897378pfo.12 for ; Tue, 18 Sep 2018 19:11:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=AEAcoMGIsRFw3HkHQ8e0m7OE5b3TEmxIotDoO7+No/8=; b=N8M0ZGQT3rCZpc1OoPovmvArnrFwprTe9JNn6ycx5Cw8pVb3cFHqq4p4E+HyrgQEbh S7pnMd9Kj8/2Hh0+fj0KVndCOL2DVg/B720g+z6jkcqWlXCov3vJ4IWRMP0SDODuls70 b5eNOmvWHisjFQsxvXuzwQTuu4RY9M1MeZNec= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=AEAcoMGIsRFw3HkHQ8e0m7OE5b3TEmxIotDoO7+No/8=; b=QbWv1bE9ZZHKmQULcUkMpZFVmnhnAPj/T5zva0ipoo/UEJPBZRWx8gL5QN97w/MYsZ BkFWZJSOTKyrTideGIyTeoLZf+UT1MvfJSeJeg0bdrmmNWc0CsrnFdLhc8wGMZmMtKRP sPV8ZDtOhwl8im4mAI8jUctFWc+su58KHZQ8QbfPspxSGGdcHiBKEKEMC1leqdrm7KcP o41ExLkrGZLbvsOlClF/Eg/RC7/nqEwhYekwleCLoPV6T/FVSdDhlKb+Ow85QkT29nal ovwst1YFLr0QZFwZdBY7Jtg/qQCEDSEETGKfi+yPFTvlCHhyf7/HYE/VSx3EI6vrgkvH p2Pg== X-Gm-Message-State: APzg51DyGBDu6lf5fuz5W4UB1ZtB4+r7zgfVbslM/MwZitwrS6XQ80k0 qKThYMc4T/jnsHHBph8UHrKFlw== X-Received: by 2002:a62:4bc6:: with SMTP id d67-v6mr33557881pfj.175.1537323073476; Tue, 18 Sep 2018 19:11:13 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id z11-v6sm26301540pff.162.2018.09.18.19.11.07 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 18 Sep 2018 19:11:10 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Martin Schwidefsky , Heiko Carstens , linux-s390@vger.kernel.org, Ard Biesheuvel , Eric Biggers , linux-crypto , Linux Kernel Mailing List Subject: [PATCH crypto-next 05/23] s390/crypto: Remove VLA usage of skcipher Date: Tue, 18 Sep 2018 19:10:42 -0700 Message-Id: <20180919021100.3380-6-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180919021100.3380-1-keescook@chromium.org> References: <20180919021100.3380-1-keescook@chromium.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: Martin Schwidefsky Cc: Heiko Carstens Cc: linux-s390@vger.kernel.org Signed-off-by: Kees Cook --- arch/s390/crypto/aes_s390.c | 48 ++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c index c54cb26eb7f5..812d9498d97b 100644 --- a/arch/s390/crypto/aes_s390.c +++ b/arch/s390/crypto/aes_s390.c @@ -44,7 +44,7 @@ struct s390_aes_ctx { int key_len; unsigned long fc; union { - struct crypto_skcipher *blk; + struct crypto_sync_skcipher *blk; struct crypto_cipher *cip; } fallback; }; @@ -54,7 +54,7 @@ struct s390_xts_ctx { u8 pcc_key[32]; int key_len; unsigned long fc; - struct crypto_skcipher *fallback; + struct crypto_sync_skcipher *fallback; }; struct gcm_sg_walk { @@ -184,14 +184,15 @@ static int setkey_fallback_blk(struct crypto_tfm *tfm, const u8 *key, struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); unsigned int ret; - crypto_skcipher_clear_flags(sctx->fallback.blk, CRYPTO_TFM_REQ_MASK); - crypto_skcipher_set_flags(sctx->fallback.blk, tfm->crt_flags & + crypto_sync_skcipher_clear_flags(sctx->fallback.blk, + CRYPTO_TFM_REQ_MASK); + crypto_sync_skcipher_set_flags(sctx->fallback.blk, tfm->crt_flags & CRYPTO_TFM_REQ_MASK); - ret = crypto_skcipher_setkey(sctx->fallback.blk, key, len); + ret = crypto_sync_skcipher_setkey(sctx->fallback.blk, key, len); tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; - tfm->crt_flags |= crypto_skcipher_get_flags(sctx->fallback.blk) & + tfm->crt_flags |= crypto_sync_skcipher_get_flags(sctx->fallback.blk) & CRYPTO_TFM_RES_MASK; return ret; @@ -204,9 +205,9 @@ static int fallback_blk_dec(struct blkcipher_desc *desc, unsigned int ret; struct crypto_blkcipher *tfm = desc->tfm; struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(tfm); - SKCIPHER_REQUEST_ON_STACK(req, sctx->fallback.blk); + SYNC_SKCIPHER_REQUEST_ON_STACK(req, sctx->fallback.blk); - skcipher_request_set_tfm(req, sctx->fallback.blk); + skcipher_request_set_sync_tfm(req, sctx->fallback.blk); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); @@ -223,9 +224,9 @@ static int fallback_blk_enc(struct blkcipher_desc *desc, unsigned int ret; struct crypto_blkcipher *tfm = desc->tfm; struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(tfm); - SKCIPHER_REQUEST_ON_STACK(req, sctx->fallback.blk); + SYNC_SKCIPHER_REQUEST_ON_STACK(req, sctx->fallback.blk); - skcipher_request_set_tfm(req, sctx->fallback.blk); + skcipher_request_set_sync_tfm(req, sctx->fallback.blk); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); @@ -306,8 +307,7 @@ static int fallback_init_blk(struct crypto_tfm *tfm) const char *name = tfm->__crt_alg->cra_name; struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); - sctx->fallback.blk = crypto_alloc_skcipher(name, 0, - CRYPTO_ALG_ASYNC | + sctx->fallback.blk = crypto_alloc_sync_skcipher(name, 0, CRYPTO_ALG_NEED_FALLBACK); if (IS_ERR(sctx->fallback.blk)) { @@ -323,7 +323,7 @@ static void fallback_exit_blk(struct crypto_tfm *tfm) { struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); - crypto_free_skcipher(sctx->fallback.blk); + crypto_free_sync_skcipher(sctx->fallback.blk); } static struct crypto_alg ecb_aes_alg = { @@ -453,14 +453,15 @@ static int xts_fallback_setkey(struct crypto_tfm *tfm, const u8 *key, struct s390_xts_ctx *xts_ctx = crypto_tfm_ctx(tfm); unsigned int ret; - crypto_skcipher_clear_flags(xts_ctx->fallback, CRYPTO_TFM_REQ_MASK); - crypto_skcipher_set_flags(xts_ctx->fallback, tfm->crt_flags & + crypto_sync_skcipher_clear_flags(xts_ctx->fallback, + CRYPTO_TFM_REQ_MASK); + crypto_sync_skcipher_set_flags(xts_ctx->fallback, tfm->crt_flags & CRYPTO_TFM_REQ_MASK); - ret = crypto_skcipher_setkey(xts_ctx->fallback, key, len); + ret = crypto_sync_skcipher_setkey(xts_ctx->fallback, key, len); tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; - tfm->crt_flags |= crypto_skcipher_get_flags(xts_ctx->fallback) & + tfm->crt_flags |= crypto_sync_skcipher_get_flags(xts_ctx->fallback) & CRYPTO_TFM_RES_MASK; return ret; @@ -472,10 +473,10 @@ static int xts_fallback_decrypt(struct blkcipher_desc *desc, { struct crypto_blkcipher *tfm = desc->tfm; struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(tfm); - SKCIPHER_REQUEST_ON_STACK(req, xts_ctx->fallback); + SYNC_SKCIPHER_REQUEST_ON_STACK(req, xts_ctx->fallback); unsigned int ret; - skcipher_request_set_tfm(req, xts_ctx->fallback); + skcipher_request_set_sync_tfm(req, xts_ctx->fallback); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); @@ -491,10 +492,10 @@ static int xts_fallback_encrypt(struct blkcipher_desc *desc, { struct crypto_blkcipher *tfm = desc->tfm; struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(tfm); - SKCIPHER_REQUEST_ON_STACK(req, xts_ctx->fallback); + SYNC_SKCIPHER_REQUEST_ON_STACK(req, xts_ctx->fallback); unsigned int ret; - skcipher_request_set_tfm(req, xts_ctx->fallback); + skcipher_request_set_sync_tfm(req, xts_ctx->fallback); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); @@ -611,8 +612,7 @@ static int xts_fallback_init(struct crypto_tfm *tfm) const char *name = tfm->__crt_alg->cra_name; struct s390_xts_ctx *xts_ctx = crypto_tfm_ctx(tfm); - xts_ctx->fallback = crypto_alloc_skcipher(name, 0, - CRYPTO_ALG_ASYNC | + xts_ctx->fallback = crypto_alloc_sync_skcipher(name, 0, CRYPTO_ALG_NEED_FALLBACK); if (IS_ERR(xts_ctx->fallback)) { @@ -627,7 +627,7 @@ static void xts_fallback_exit(struct crypto_tfm *tfm) { struct s390_xts_ctx *xts_ctx = crypto_tfm_ctx(tfm); - crypto_free_skcipher(xts_ctx->fallback); + crypto_free_sync_skcipher(xts_ctx->fallback); } static struct crypto_alg xts_aes_alg = { -- 2.17.1