Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp174923imm; Tue, 18 Sep 2018 19:19:49 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZ7xjFIylgZZ1xGHw54qQpndAqeCNItgf7Ms+CeM3uUPPwYJ76OTH7RT6A0OBckXrR7KILu X-Received: by 2002:a63:5055:: with SMTP id q21-v6mr30296606pgl.397.1537323588985; Tue, 18 Sep 2018 19:19:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537323588; cv=none; d=google.com; s=arc-20160816; b=hd4lNCR3NpsSz8vC8qvergmllTiBRi9kvN5PcEBUekb7UbNIg7wLcKMJdCinQMWJGt Le7AlLRPzmD+Fq5nCtS+ra0fA8svy//kbnO51ZmV4tSSrli/VuC/evFStyJFf+vQv6kY 9zv/JsjdYcUX0AMLbHFVTOdCJDw1kMlyNI/TvXHUclI93EJ6NCYM8B1K2OOIoLa5O2N2 Pnpm/b1mN5gVtjm7gxJJ4X0Lv6pOPrjPSyZrs8alyfUntgDrDf4sSaQ7rK0et7HvFM1O c4vtkuOajlQjCK9dUqTbE/WSm3TY2blpgpi7vajQG0CrFVI413yjuVRpqqSLB2m5zKqT heFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=nX8MhHJeg4eisDy8vxqN/vLEivEa4yzpbmxml8l/MbY=; b=KcNq4fsCVpRT72JBzp0V7bE3JgULjlHUUBkCGyosdJg1cUUVpnXjyWLYw9vS53pyRW XeSfqCmEeI5Zf6CSbZ1+8JOl4UgE6IOzWxsypKmbXS7S7MVi4FhBgwEKwQp5z0DbvRMs 1gZMq50O6nunEt/iq+i8j47VvduLc/BiZLKMCXpFNPnfqOYkIy5aPoBoTWXWqPkVk93D gWydencfus5jItTcoXnWytKW5QxUo/Fv0B5+6YQ4byB6w1R4bNeKoD3/GAqQR8hE9448 wej7QgqaUrYn3qw9NR8p5VlArASE31jqhtq1OBViqWQ+iOJYjHG4sAgW7OpAy4gIQf6k irTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=FOvEDzQP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l12-v6si19682189plc.332.2018.09.18.19.19.31; Tue, 18 Sep 2018 19:19:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=FOvEDzQP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730933AbeISHy4 (ORCPT + 99 others); Wed, 19 Sep 2018 03:54:56 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:34565 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730854AbeISHyz (ORCPT ); Wed, 19 Sep 2018 03:54:55 -0400 Received: by mail-pf1-f193.google.com with SMTP id k19-v6so1929841pfi.1 for ; Tue, 18 Sep 2018 19:19:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nX8MhHJeg4eisDy8vxqN/vLEivEa4yzpbmxml8l/MbY=; b=FOvEDzQPfthxL8BZJgzRXyF0feGHmaPYxCQHydY70vlhsYm5YQqZM3fktVJ0sRa3mW KjZuAMBjuweI0ue3Qm8boYUD8jM6hGUVFvc0l3VMlGn9PEzxftaUdkBK9ngSAHzwyp8g meEXoXvEoVLHrGqRHSL6vkzJJpzFGDA0FxIyY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nX8MhHJeg4eisDy8vxqN/vLEivEa4yzpbmxml8l/MbY=; b=Hlah3F1w0hnEXVcSGrMzVMuQRXZgbeG0dSG4jaUibV4/FI/1Ge3mcDTaMvCk8Fchn9 MWFBUiXwy+IGqFtKSDaobdWmfKtkc2EkaBWDzn4/s0oRDTQJWFeJCih7LDXjGK+3NBFF IwwI5X/e91/UIv9EgVMiOTMXm5KnHASs/akN511y43owEPTsm9cEF5r7nHaLndbJwQQ9 Vgwecpvu3rGOO3si7pcJd0IakS4uC3EePDIk+PSEIBYTa2nYBwhOsBcOriV6+z6p8K0w uEKo0rpft3PX892bF6Il5u830QLyjql/oWmxzjdvtjBOkJbGxZwZJm8LRsg0iU6QxCZy 2XJw== X-Gm-Message-State: APzg51Blmy7li8ilK5cssg+IzbWWDlREhXw0IjC3DLMr4XP2EDH0S+ik gbqj0++3ArCTrQgWmpyphq8gzA== X-Received: by 2002:a63:6ecf:: with SMTP id j198-v6mr29732918pgc.3.1537323564374; Tue, 18 Sep 2018 19:19:24 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id z5-v6sm24605991pfh.83.2018.09.18.19.19.20 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 18 Sep 2018 19:19:23 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Ard Biesheuvel , Eric Biggers , linux-crypto , Linux Kernel Mailing List Subject: [PATCH crypto-next 20/23] crypto: mxs-dcp - Remove VLA usage of skcipher Date: Tue, 18 Sep 2018 19:10:57 -0700 Message-Id: <20180919021100.3380-21-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180919021100.3380-1-keescook@chromium.org> References: <20180919021100.3380-1-keescook@chromium.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- drivers/crypto/mxs-dcp.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c index a10c418d4e5c..430174be6f92 100644 --- a/drivers/crypto/mxs-dcp.c +++ b/drivers/crypto/mxs-dcp.c @@ -84,7 +84,7 @@ struct dcp_async_ctx { unsigned int hot:1; /* Crypto-specific context */ - struct crypto_skcipher *fallback; + struct crypto_sync_skcipher *fallback; unsigned int key_len; uint8_t key[AES_KEYSIZE_128]; }; @@ -376,10 +376,10 @@ static int mxs_dcp_block_fallback(struct ablkcipher_request *req, int enc) { struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req); struct dcp_async_ctx *ctx = crypto_ablkcipher_ctx(tfm); - SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); + SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); int ret; - skcipher_request_set_tfm(subreq, ctx->fallback); + skcipher_request_set_sync_tfm(subreq, ctx->fallback); skcipher_request_set_callback(subreq, req->base.flags, NULL, NULL); skcipher_request_set_crypt(subreq, req->src, req->dst, req->nbytes, req->info); @@ -460,16 +460,16 @@ static int mxs_dcp_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key, * but is supported by in-kernel software implementation, we use * software fallback. */ - crypto_skcipher_clear_flags(actx->fallback, CRYPTO_TFM_REQ_MASK); - crypto_skcipher_set_flags(actx->fallback, + crypto_sync_skcipher_clear_flags(actx->fallback, CRYPTO_TFM_REQ_MASK); + crypto_sync_skcipher_set_flags(actx->fallback, tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK); - ret = crypto_skcipher_setkey(actx->fallback, key, len); + ret = crypto_sync_skcipher_setkey(actx->fallback, key, len); if (!ret) return 0; tfm->base.crt_flags &= ~CRYPTO_TFM_RES_MASK; - tfm->base.crt_flags |= crypto_skcipher_get_flags(actx->fallback) & + tfm->base.crt_flags |= crypto_sync_skcipher_get_flags(actx->fallback) & CRYPTO_TFM_RES_MASK; return ret; @@ -478,11 +478,10 @@ static int mxs_dcp_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key, static int mxs_dcp_aes_fallback_init(struct crypto_tfm *tfm) { const char *name = crypto_tfm_alg_name(tfm); - const uint32_t flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK; struct dcp_async_ctx *actx = crypto_tfm_ctx(tfm); - struct crypto_skcipher *blk; + struct crypto_sync_skcipher *blk; - blk = crypto_alloc_skcipher(name, 0, flags); + blk = crypto_alloc_sync_skcipher(name, 0, CRYPTO_ALG_NEED_FALLBACK); if (IS_ERR(blk)) return PTR_ERR(blk); @@ -495,7 +494,7 @@ static void mxs_dcp_aes_fallback_exit(struct crypto_tfm *tfm) { struct dcp_async_ctx *actx = crypto_tfm_ctx(tfm); - crypto_free_skcipher(actx->fallback); + crypto_free_sync_skcipher(actx->fallback); } /* -- 2.17.1