diff options
| author | Kees Cook <keescook@chromium.org> | 2018-09-18 22:10:41 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2018-09-28 00:46:07 -0400 |
| commit | 3103f4a71be3ac22abe926f827653f28a04ce83e (patch) | |
| tree | 994156f0dc696fb3b720b0c2eb694aac4b62eb75 | |
| parent | db20f570e17a7ab91f489d1fea942b3b7c00663c (diff) | |
mac802154: Remove VLA usage of skcipher
In the quest to remove all stack VLA usage from the kernel[1], this
replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage
with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(),
which uses a fixed stack size.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Cc: Alexander Aring <alex.aring@gmail.com>
Cc: Stefan Schmidt <stefan@datenfreihafen.org>
Cc: linux-wpan@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| -rw-r--r-- | net/mac802154/llsec.c | 16 | ||||
| -rw-r--r-- | net/mac802154/llsec.h | 2 |
2 files changed, 9 insertions, 9 deletions
diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c index 2fb703d70803..7e29f88dbf6a 100644 --- a/net/mac802154/llsec.c +++ b/net/mac802154/llsec.c | |||
| @@ -146,18 +146,18 @@ llsec_key_alloc(const struct ieee802154_llsec_key *template) | |||
| 146 | goto err_tfm; | 146 | goto err_tfm; |
| 147 | } | 147 | } |
| 148 | 148 | ||
| 149 | key->tfm0 = crypto_alloc_skcipher("ctr(aes)", 0, CRYPTO_ALG_ASYNC); | 149 | key->tfm0 = crypto_alloc_sync_skcipher("ctr(aes)", 0, 0); |
| 150 | if (IS_ERR(key->tfm0)) | 150 | if (IS_ERR(key->tfm0)) |
| 151 | goto err_tfm; | 151 | goto err_tfm; |
| 152 | 152 | ||
| 153 | if (crypto_skcipher_setkey(key->tfm0, template->key, | 153 | if (crypto_sync_skcipher_setkey(key->tfm0, template->key, |
| 154 | IEEE802154_LLSEC_KEY_SIZE)) | 154 | IEEE802154_LLSEC_KEY_SIZE)) |
| 155 | goto err_tfm0; | 155 | goto err_tfm0; |
| 156 | 156 | ||
| 157 | return key; | 157 | return key; |
| 158 | 158 | ||
| 159 | err_tfm0: | 159 | err_tfm0: |
| 160 | crypto_free_skcipher(key->tfm0); | 160 | crypto_free_sync_skcipher(key->tfm0); |
| 161 | err_tfm: | 161 | err_tfm: |
| 162 | for (i = 0; i < ARRAY_SIZE(key->tfm); i++) | 162 | for (i = 0; i < ARRAY_SIZE(key->tfm); i++) |
| 163 | if (key->tfm[i]) | 163 | if (key->tfm[i]) |
| @@ -177,7 +177,7 @@ static void llsec_key_release(struct kref *ref) | |||
| 177 | for (i = 0; i < ARRAY_SIZE(key->tfm); i++) | 177 | for (i = 0; i < ARRAY_SIZE(key->tfm); i++) |
| 178 | crypto_free_aead(key->tfm[i]); | 178 | crypto_free_aead(key->tfm[i]); |
| 179 | 179 | ||
| 180 | crypto_free_skcipher(key->tfm0); | 180 | crypto_free_sync_skcipher(key->tfm0); |
| 181 | kzfree(key); | 181 | kzfree(key); |
| 182 | } | 182 | } |
| 183 | 183 | ||
| @@ -622,7 +622,7 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec, | |||
| 622 | { | 622 | { |
| 623 | u8 iv[16]; | 623 | u8 iv[16]; |
| 624 | struct scatterlist src; | 624 | struct scatterlist src; |
| 625 | SKCIPHER_REQUEST_ON_STACK(req, key->tfm0); | 625 | SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm0); |
| 626 | int err, datalen; | 626 | int err, datalen; |
| 627 | unsigned char *data; | 627 | unsigned char *data; |
| 628 | 628 | ||
| @@ -632,7 +632,7 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec, | |||
| 632 | datalen = skb_tail_pointer(skb) - data; | 632 | datalen = skb_tail_pointer(skb) - data; |
| 633 | sg_init_one(&src, data, datalen); | 633 | sg_init_one(&src, data, datalen); |
| 634 | 634 | ||
| 635 | skcipher_request_set_tfm(req, key->tfm0); | 635 | skcipher_request_set_sync_tfm(req, key->tfm0); |
| 636 | skcipher_request_set_callback(req, 0, NULL, NULL); | 636 | skcipher_request_set_callback(req, 0, NULL, NULL); |
| 637 | skcipher_request_set_crypt(req, &src, &src, datalen, iv); | 637 | skcipher_request_set_crypt(req, &src, &src, datalen, iv); |
| 638 | err = crypto_skcipher_encrypt(req); | 638 | err = crypto_skcipher_encrypt(req); |
| @@ -840,7 +840,7 @@ llsec_do_decrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec, | |||
| 840 | unsigned char *data; | 840 | unsigned char *data; |
| 841 | int datalen; | 841 | int datalen; |
| 842 | struct scatterlist src; | 842 | struct scatterlist src; |
| 843 | SKCIPHER_REQUEST_ON_STACK(req, key->tfm0); | 843 | SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm0); |
| 844 | int err; | 844 | int err; |
| 845 | 845 | ||
| 846 | llsec_geniv(iv, dev_addr, &hdr->sec); | 846 | llsec_geniv(iv, dev_addr, &hdr->sec); |
| @@ -849,7 +849,7 @@ llsec_do_decrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec, | |||
| 849 | 849 | ||
| 850 | sg_init_one(&src, data, datalen); | 850 | sg_init_one(&src, data, datalen); |
| 851 | 851 | ||
| 852 | skcipher_request_set_tfm(req, key->tfm0); | 852 | skcipher_request_set_sync_tfm(req, key->tfm0); |
| 853 | skcipher_request_set_callback(req, 0, NULL, NULL); | 853 | skcipher_request_set_callback(req, 0, NULL, NULL); |
| 854 | skcipher_request_set_crypt(req, &src, &src, datalen, iv); | 854 | skcipher_request_set_crypt(req, &src, &src, datalen, iv); |
| 855 | 855 | ||
diff --git a/net/mac802154/llsec.h b/net/mac802154/llsec.h index 6f3b658e3279..8be46d74dc39 100644 --- a/net/mac802154/llsec.h +++ b/net/mac802154/llsec.h | |||
| @@ -29,7 +29,7 @@ struct mac802154_llsec_key { | |||
| 29 | 29 | ||
| 30 | /* one tfm for each authsize (4/8/16) */ | 30 | /* one tfm for each authsize (4/8/16) */ |
| 31 | struct crypto_aead *tfm[3]; | 31 | struct crypto_aead *tfm[3]; |
| 32 | struct crypto_skcipher *tfm0; | 32 | struct crypto_sync_skcipher *tfm0; |
| 33 | 33 | ||
| 34 | struct kref ref; | 34 | struct kref ref; |
| 35 | }; | 35 | }; |