Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4d78d339 authored by Kees Cook's avatar Kees Cook Committed by Jordan Crouse
Browse files

crypto: ccp - Remove VLA usage of skcipher 

In the quest to remove all stack VLA usage from the kernel[1], this
replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage
with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(),
which uses a fixed stack size.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com



Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gary Hook <gary.hook@amd.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Git-Commit: 7f28615df88a6311e233c2da9279e013ea1ee76b
Git-Repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


Change-Id: Ic0dedbad132f6546feb06add3e36e12def449b7a
Signed-off-by: default avatarJordan Crouse <jcrouse@codeaurora.org>
parent 29c770a6

drivers/crypto/ccp/ccp-crypto-aes-xts.c

+7 −6
Original line number Diff line number Diff line
@@ -102,7 +102,7 @@ static int ccp_aes_xts_setkey(struct crypto_ablkcipher *tfm, const u8 *key, 
	ctx->u.aes.key_len = key_len / 2;

	sg_init_one(&ctx->u.aes.key_sg, ctx->u.aes.key, key_len);



	return crypto_skcipher_setkey(ctx->u.aes.tfm_skcipher, key, key_len);

	return crypto_sync_skcipher_setkey(ctx->u.aes.tfm_skcipher, key, key_len);

}



static int ccp_aes_xts_crypt(struct ablkcipher_request *req,
@@ -151,12 +151,13 @@ static int ccp_aes_xts_crypt(struct ablkcipher_request *req, 
	    (ctx->u.aes.key_len != AES_KEYSIZE_256))

		fallback = 1;

	if (fallback) {

		SKCIPHER_REQUEST_ON_STACK(subreq, ctx->u.aes.tfm_skcipher);

		SYNC_SKCIPHER_REQUEST_ON_STACK(subreq,

					       ctx->u.aes.tfm_skcipher);



		/* Use the fallback to process the request for any

		 * unsupported unit sizes or key sizes

		 */

		skcipher_request_set_tfm(subreq, ctx->u.aes.tfm_skcipher);

		skcipher_request_set_sync_tfm(subreq, ctx->u.aes.tfm_skcipher);

		skcipher_request_set_callback(subreq, req->base.flags,

					      NULL, NULL);

		skcipher_request_set_crypt(subreq, req->src, req->dst,
@@ -203,12 +204,12 @@ static int ccp_aes_xts_decrypt(struct ablkcipher_request *req) 
static int ccp_aes_xts_cra_init(struct crypto_tfm *tfm)

{

	struct ccp_ctx *ctx = crypto_tfm_ctx(tfm);

	struct crypto_skcipher *fallback_tfm;

	struct crypto_sync_skcipher *fallback_tfm;



	ctx->complete = ccp_aes_xts_complete;

	ctx->u.aes.key_len = 0;



	fallback_tfm = crypto_alloc_skcipher("xts(aes)", 0,

	fallback_tfm = crypto_alloc_sync_skcipher("xts(aes)", 0,

					     CRYPTO_ALG_ASYNC |

					     CRYPTO_ALG_NEED_FALLBACK);

	if (IS_ERR(fallback_tfm)) {
@@ -226,7 +227,7 @@ static void ccp_aes_xts_cra_exit(struct crypto_tfm *tfm) 
{

	struct ccp_ctx *ctx = crypto_tfm_ctx(tfm);



	crypto_free_skcipher(ctx->u.aes.tfm_skcipher);

	crypto_free_sync_skcipher(ctx->u.aes.tfm_skcipher);

}



static int ccp_register_aes_xts_alg(struct list_head *head,

drivers/crypto/ccp/ccp-crypto.h

+1 −1
Original line number Diff line number Diff line
@@ -88,7 +88,7 @@ static inline struct ccp_crypto_ahash_alg * 
/***** AES related defines *****/

struct ccp_aes_ctx {

	/* Fallback cipher for XTS with unsupported unit sizes */

	struct crypto_skcipher *tfm_skcipher;

	struct crypto_sync_skcipher *tfm_skcipher;



	/* Cipher used to generate CMAC K1/K2 keys */

	struct crypto_cipher *tfm_cipher;