From patchwork Thu Sep 6 22:58:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10591285 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 89E0A921 for ; Thu, 6 Sep 2018 23:00:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7729F2B163 for ; Thu, 6 Sep 2018 23:00:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6ABA72B1BC; Thu, 6 Sep 2018 23:00:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E618A2B163 for ; Thu, 6 Sep 2018 23:00:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=BcnIxsdPtGc9t5GKrGnnUTIRwNUS5/Q9sMfobO1qoBo=; b=ffZI43RGi6mUkgOKtrr9M9pVpx Tp5d88n+eW0Ks9CyYINqokAMqTl9tQMb/v9tpzRihv8c0pfSWMntfuaOOvp0ib+SCN+ACBRSu+lV6 3dZrtBIyXIjxRfLqWCrBc5zf+Fun0o9SIsVBJBg0eofq/x4dWLl/Xqqgby8Z0YTeDzwg2r9fDoYfv QGw4R99b74N5qWkzuymU8Ppb3D3dsfGCzAr9FwbqXzqcLBOXsmx63vHXCRy4pBXJT3hLO4MWqpnnx 3M/yFvKBSKcOSFrqmq1hZz4KMwlXzWLdiaCeu76vki6mVtK5eg5C8o+qXqwrZV+E4Nm3a3zogAkvQ k3v+Dr3A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fy3Fo-0005lk-HQ; Thu, 06 Sep 2018 23:00:00 +0000 Received: from mail-pg1-x542.google.com ([2607:f8b0:4864:20::542]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fy3F4-0005UR-Dt for linux-arm-kernel@lists.infradead.org; Thu, 06 Sep 2018 22:59:25 +0000 Received: by mail-pg1-x542.google.com with SMTP id 7-v6so5976371pgf.2 for ; Thu, 06 Sep 2018 15:59:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=J0G2Sx5hOKWq7psD4bTWlVfsrIiRfpFq057sVXNCifs=; b=GjDA8xNVXsZrNpIfV9oXjhaeLfPK6jjhTs0b8gPIiuk8PT2k2SniQfrMgTvBQn8xAK UTD+ujqsvkff6p+rWV9KgoXU4lhSz4i4fa9CjMWssKMVraSHJoAx92pjwIQAtwTEOhzi jAIwr3lFdn08CWSiEUfoJrhyRsUWdhT3El2mU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=J0G2Sx5hOKWq7psD4bTWlVfsrIiRfpFq057sVXNCifs=; b=SuKu8tOFd690xcVMBm3Xnzbj6FOjpe1X4Gk84+So+ni6DBNFSToLCJ+4TTzeYCS7ev heV1CzzwCiCHAtwvQN9MXNdJHkx+E+kxn+738uyLjVe6KAW/UcmG1fe/CJcN4toKzUUJ xzdP7YrFGKPOWyhqfPFdxCmjihGq6DuRjTGHaQYd/x83wV8NGEmlsvYMQPvlV5lpwt5c qpeKJTRlfFUyELPc8jJ9RU9jUITSRfUHm2SQjW/3oOqTJ5Z98jVunthRSO9mjgAeIG+r WeSVlJAUIxZFS7AUGgvxqFdaNwhbDjykDBmjgHQv2Y8FBrexk5Rah3FPnQl9Nj0MAV9I 1y6A== X-Gm-Message-State: APzg51BPooqpijFOanMaO3+R04a1XdHTCMC402pxjDLXhQMJzjZ8lqRu GcC4iACpS4vc+zcXbYIIljO8bw== X-Google-Smtp-Source: ANB0VdYbCvFB1nkMmwQhASRHb+MkF34upfkOQqjT6t0RWpXujZd0U1xvwwCMI6ypbfArp60hVrpjFg== X-Received: by 2002:a63:2605:: with SMTP id m5-v6mr5004148pgm.225.1536274744595; Thu, 06 Sep 2018 15:59:04 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id w12-v6sm8657686pfd.110.2018.09.06.15.59.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 06 Sep 2018 15:59:01 -0700 (PDT) From: Kees Cook To: Herbert Xu Subject: [PATCH v2 1/4] crypto: skcipher - Consolidate encrypt/decrypt sanity check Date: Thu, 6 Sep 2018 15:58:51 -0700 Message-Id: <20180906225854.40989-2-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180906225854.40989-1-keescook@chromium.org> References: <20180906225854.40989-1-keescook@chromium.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180906_155914_503674_105C108F X-CRM114-Status: GOOD ( 15.35 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maxime Ripard , Arnaud Ebalard , Kees Cook , Christian Lamparter , Ard Biesheuvel , Antoine Tenart , Boris Brezillon , Eric Biggers , linux-kernel@vger.kernel.org, Gilad Ben-Yossef , Chen-Yu Tsai , Corentin Labbe , linux-crypto@vger.kernel.org, Jonathan Cameron , Philippe Ombredanne , linux-arm-kernel@lists.infradead.org, Alexander Stein MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP In preparation to adding additional sanity checks before running an skcipher request, this consolidates the open-coded checks into a single function. Instead of passing both req and tfm into the new check this just returns the tfm on success and an ERR_PTR on failure, keeping things as clean as possible. Signed-off-by: Kees Cook --- include/crypto/skcipher.h | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index 2f327f090c3e..6e954d398e0f 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -422,6 +422,27 @@ static inline struct crypto_skcipher *crypto_skcipher_reqtfm( return __crypto_skcipher_cast(req->base.tfm); } +/** + * crypto_skcipher_reqtfm_check() - obtain and check cipher handle from request + * @req: skcipher_request out of which the cipher handle is to be obtained + * + * Return the crypto_skcipher handle when furnishing an skcipher_request + * data structure. Check for error conditions that would make it unusable + * for an encrypt/decrypt call. + * + * Return: crypto_skcipher handle, or ERR_PTR on error. + */ +static inline struct crypto_skcipher *crypto_skcipher_reqtfm_check( + struct skcipher_request *req) +{ + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + + if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) + return ERR_PTR(-ENOKEY); + + return tfm; +} + /** * crypto_skcipher_encrypt() - encrypt plaintext * @req: reference to the skcipher_request handle that holds all information @@ -435,10 +456,10 @@ static inline struct crypto_skcipher *crypto_skcipher_reqtfm( */ static inline int crypto_skcipher_encrypt(struct skcipher_request *req) { - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm_check(req); - if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) - return -ENOKEY; + if (IS_ERR(tfm)) + return PTR_ERR(tfm); return tfm->encrypt(req); } @@ -456,10 +477,10 @@ static inline int crypto_skcipher_encrypt(struct skcipher_request *req) */ static inline int crypto_skcipher_decrypt(struct skcipher_request *req) { - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm_check(req); - if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) - return -ENOKEY; + if (IS_ERR(tfm)) + return PTR_ERR(tfm); return tfm->decrypt(req); } From patchwork Thu Sep 6 22:58:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10591287 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 79AA214BD for ; Thu, 6 Sep 2018 23:00:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 659442B163 for ; Thu, 6 Sep 2018 23:00:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5645E2B1BC; Thu, 6 Sep 2018 23:00:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CF93A2B163 for ; Thu, 6 Sep 2018 23:00:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=RTajOFiETZmBaMuz6xSdERIcFFvrqlVKcSaBMxcNo60=; b=BfW5KrHzjBdthn8sQIe9r+OjiN yn3APERrAoGkKILA8c43tcBqGJ3rXuJ/RS6iOlcbh+9uC23/5+Qwvwp/WQJxlIT6Th7tNbWn/S841 cX7+mJdN5Rp0y9CYM3u1iEK/MrqceNdwoc+k1CW13R0qowsX+pnL2EgWAfhcUkYbmchF/feLSweOC wEp4bljIwS4kjiGJnL/kOinSLithijpduOc5YZwk75phTCr50wORdDALlGHAhbBcC0nOTJ4TNNh+9 Bt74NIG9gz0pn+9ma3n1FkWpaN3fsXmeF/+leyDKdZWETdZ/AkPQmDsURph1iHijgU8eMYp88NH3e b9VLYn/w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fy3Ga-0007I7-Kg; Thu, 06 Sep 2018 23:00:48 +0000 Received: from mail-pg1-x542.google.com ([2607:f8b0:4864:20::542]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fy3F4-0005UV-EF for linux-arm-kernel@lists.infradead.org; Thu, 06 Sep 2018 22:59:25 +0000 Received: by mail-pg1-x542.google.com with SMTP id i190-v6so5965114pgc.6 for ; Thu, 06 Sep 2018 15:59:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Wn1xc2a52/YzUXoT89DRQC4Gh3I1xq3VItrgerNYRaI=; b=ad1SXRMi+5hbLSEcUC/UXO8Jj0MKw6UIUyqTWifZb+HYi72gUyQ2sXKP7yEGYQ2GK4 e41qqQQVvgDrvrUoUERmHIbGIxKBuhn4lk84RD1TY7TrAgvr8/x/hVVV7Jg2AcUdY0T9 uNwOw6ZRp3MCYKyOPNj5tmp5dbBVAFao9NxSs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Wn1xc2a52/YzUXoT89DRQC4Gh3I1xq3VItrgerNYRaI=; b=WlmndwsyuRW4YDPIOCuHRuuNHz3pDGO7lrVQ8ioIoBeEVPcqz2IT9Bd/IOvNkBvVqN uNfD0Ezk/eeBXr1AziyI0SMyjJZoBG7Mgf/9yuDI4V6dPFx7TUiwtXLaAo7A1oEWkSYd E8iNAbr7YzF61CddzYQLCr1RfXJnLVu7BJdetAzT4erKmnau+Ufjm3LsgqHFoSixPlIN +Kbmdw9HGMnwl9hDp87s5vzHJ3L03prSb7O/22vFExd3+T1KMFo7bDw7s25YIN42bCjf BsW9Zm+ahq8I7+qKOCIdfbf1K1MzWMNOVky3kBVNhqLb+UV+/jYipl0yxH4ewIDC7mdS XJBg== X-Gm-Message-State: APzg51AXSY0grNO0z50GoKqlBr136k3WTp4vStIYWCGpXMn7RhEJRWVu SA+x8/gswBQMLz+iJdiOl/ZN8Q== X-Google-Smtp-Source: ANB0VdZmpC0GjqPnXs1TkQsf/g68wgkpClc0K71bWag0b15DWWZhxZhibMXOAOY9t0F+ZLs+SK9d3g== X-Received: by 2002:a63:ef10:: with SMTP id u16-v6mr5166270pgh.269.1536274745780; Thu, 06 Sep 2018 15:59:05 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id l10-v6sm8963572pfj.179.2018.09.06.15.59.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 06 Sep 2018 15:59:01 -0700 (PDT) From: Kees Cook To: Herbert Xu Subject: [PATCH v2 2/4] crypto: skcipher - Enforce non-ASYNC for on-stack requests Date: Thu, 6 Sep 2018 15:58:52 -0700 Message-Id: <20180906225854.40989-3-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180906225854.40989-1-keescook@chromium.org> References: <20180906225854.40989-1-keescook@chromium.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180906_155914_484738_E86FC8DB X-CRM114-Status: GOOD ( 15.39 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maxime Ripard , Arnaud Ebalard , Kees Cook , Christian Lamparter , Ard Biesheuvel , Antoine Tenart , Boris Brezillon , Eric Biggers , linux-kernel@vger.kernel.org, Gilad Ben-Yossef , Chen-Yu Tsai , Corentin Labbe , linux-crypto@vger.kernel.org, Jonathan Cameron , Philippe Ombredanne , linux-arm-kernel@lists.infradead.org, Alexander Stein MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Check at use-time whether an skcipher request is on the stack. If it is, enforce that it must be backed by a synchronous algorithm, as is required: https://www.redhat.com/archives/dm-devel/2018-January/msg00087.html Co-developed-by: Ard Biesheuvel Signed-off-by: Kees Cook --- include/crypto/skcipher.h | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index 6e954d398e0f..3aabd5d098ed 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -19,6 +19,7 @@ /** * struct skcipher_request - Symmetric key cipher request + * @__onstack: 1 if the request was allocated by SKCIPHER_REQUEST_ON_STACK * @cryptlen: Number of bytes to encrypt or decrypt * @iv: Initialisation Vector * @src: Source SG list @@ -27,6 +28,7 @@ * @__ctx: Start of private context data */ struct skcipher_request { + unsigned char __onstack; unsigned int cryptlen; u8 *iv; @@ -139,9 +141,12 @@ struct skcipher_alg { struct crypto_alg base; }; +/* + * This must only ever be used with synchronous algorithms. + */ #define SKCIPHER_REQUEST_ON_STACK(name, tfm) \ char __##name##_desc[sizeof(struct skcipher_request) + \ - crypto_skcipher_reqsize(tfm)] CRYPTO_MINALIGN_ATTR; \ + crypto_skcipher_reqsize(tfm)] CRYPTO_MINALIGN_ATTR = { 1 }; \ struct skcipher_request *name = (void *)__##name##_desc /** @@ -437,6 +442,12 @@ static inline struct crypto_skcipher *crypto_skcipher_reqtfm_check( { struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + if (req->__onstack) { + if (WARN_ON(crypto_skcipher_alg(tfm)->base.cra_flags & + CRYPTO_ALG_ASYNC)) + return ERR_PTR(-EINVAL); + } + if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) return ERR_PTR(-ENOKEY); From patchwork Thu Sep 6 22:58:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10591289 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0E4E9921 for ; Thu, 6 Sep 2018 23:01:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F14062B163 for ; Thu, 6 Sep 2018 23:01:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E56122B1BC; Thu, 6 Sep 2018 23:01:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 6E4252B163 for ; Thu, 6 Sep 2018 23:01:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=aPEFx1sAcvZ+xi71fUal7fE4bpUyVl6Q/AMp+W6hUB8=; b=V+V1V0NgIewn9gfV2csNP7AXI7 +Cy8kQjZCc1fkWgw/xs0fC1KhYF+a72yQ8HJ7ay5HlKG92Ij5sIC/LcL1zHjwqfYEsCRFPBKX58HT aPHCClaf/6oz+bATOj7ivs1scHAJN9WSN9Z5eKfx6GIDywgbrRxcQsGcTiPjlAM/GnVQ+0oKD0jYe PMjNtNaSXen596C+rHyMiQUPSdjxaDznvuk/Ao+WldhNOFXnWFyLFZDQI2/sTiD8kgH2lwyC/0K9+ rq2DR62ridha3EY9QSxSvQwVY0K6CF6hYPo2aM9gK8Tu53xVyHKwc6udV8LdkVjIWg5fpXMA9ovzi FNwJ/GYw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fy3HQ-0007dZ-Kr; Thu, 06 Sep 2018 23:01:40 +0000 Received: from mail-pg1-x542.google.com ([2607:f8b0:4864:20::542]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fy3F4-0005UI-Ds for linux-arm-kernel@lists.infradead.org; Thu, 06 Sep 2018 22:59:27 +0000 Received: by mail-pg1-x542.google.com with SMTP id l63-v6so5958328pga.7 for ; Thu, 06 Sep 2018 15:59:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3iq55GoU+tLApB726SD4i2dQYVt9A2ASC3TLsp01ZLo=; b=A3UJKfaDq/KIZ/jSL4CCz6gf6ItNwoNjslBKueg5aPG8kQGOubBHg7K7Il2pd/+Fo9 m9SRDwWCZ+BNIMCbF6OCTkmwG7F2DPAHdEEOIrDOW+HHIZKef8WL5PAXkdZPAGRszfOL tD8KjyfeBs2oEjZcNVZLl2jtOXXzlWyWNbjgs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3iq55GoU+tLApB726SD4i2dQYVt9A2ASC3TLsp01ZLo=; b=CNGDH/hmhbWMXPQJVDSjTr4UGkcXRy/U11ulLbFLiUMtwlFLTHjw6c4ifhRIVkDrHU 9Rnif5YVFB53Mk23VR8kNhPLPqV+25rTIrJFNOKv0QIQni/TJ1HV3RSrI9L4kiD/D/ij 7UG0v3mbUxiF6zHkbhel1LMBlM1DWs9yXZ3bn6rYgUiXLwxxM/I8OsH80WM1oRYUBOcm 7/RGDoA58KVzg3Pjq42i2NQ6D0PkNVgGb1ibIfvKIXXcXTq9sMVhRuZpOSQDQ55Tu17e B0wGO+QUtEZnKAPApzUYjk1Rrf9L/Ks8Ed1jCxZBVQWzqxTXh554o77AluE7EkwJ5U7M X3zQ== X-Gm-Message-State: APzg51A8Jd7k7h0k45EWl5y5b1SBYJCtsoaxcL1QdCSZbKZEzFtJ3rsE 6eo0oZzReUMmkfxQvYGli3z+gQ== X-Google-Smtp-Source: ANB0Vdb093qGdJ0xfu9GJ0+hy2cT35kwDytA4iv8Ph7ohgX2b1qNn+dNjq02qUNHOEwns4ge1kcbfg== X-Received: by 2002:a62:1bc2:: with SMTP id b185-v6mr5445400pfb.170.1536274743739; Thu, 06 Sep 2018 15:59:03 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id c1-v6sm6535693pgp.34.2018.09.06.15.59.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 06 Sep 2018 15:59:01 -0700 (PDT) From: Kees Cook To: Herbert Xu Subject: [PATCH v2 3/4] crypto: skcipher - Remove VLA usage for SKCIPHER_REQUEST_ON_STACK Date: Thu, 6 Sep 2018 15:58:53 -0700 Message-Id: <20180906225854.40989-4-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180906225854.40989-1-keescook@chromium.org> References: <20180906225854.40989-1-keescook@chromium.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180906_155914_507662_D07EAC01 X-CRM114-Status: GOOD ( 15.53 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maxime Ripard , Arnaud Ebalard , Kees Cook , Christian Lamparter , Ard Biesheuvel , Antoine Tenart , Boris Brezillon , Eric Biggers , linux-kernel@vger.kernel.org, Gilad Ben-Yossef , Chen-Yu Tsai , Corentin Labbe , linux-crypto@vger.kernel.org, Jonathan Cameron , Philippe Ombredanne , linux-arm-kernel@lists.infradead.org, Alexander Stein MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this caps the non-ASYNC skcipher request size similar to other limits and adds a sanity check at usage. After a review of all non-ASYNC algorithm callers of crypto_skcipher_set_reqsize(), the largest appears to be 384: 4 struct sun4i_cipher_req_ctx 96 struct crypto_rfc3686_req_ctx 375 cts: 160 crypto_skcipher_blocksize(cipher) (max) 152 struct crypto_cts_reqctx 63 align_mask (max) 384 struct rctx (lrw, xts) [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- include/crypto/skcipher.h | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index 3aabd5d098ed..cca216999bf1 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -144,9 +144,10 @@ struct skcipher_alg { /* * This must only ever be used with synchronous algorithms. */ +#define MAX_SYNC_SKCIPHER_REQSIZE 384 #define SKCIPHER_REQUEST_ON_STACK(name, tfm) \ char __##name##_desc[sizeof(struct skcipher_request) + \ - crypto_skcipher_reqsize(tfm)] CRYPTO_MINALIGN_ATTR = { 1 }; \ + MAX_SYNC_SKCIPHER_REQSIZE] CRYPTO_MINALIGN_ATTR = { 1 }; \ struct skcipher_request *name = (void *)__##name##_desc /** @@ -412,6 +413,17 @@ static inline unsigned int crypto_skcipher_default_keysize( return tfm->keysize; } +/** + * crypto_skcipher_reqsize() - obtain size of the request data structure + * @tfm: cipher handle + * + * Return: number of bytes + */ +static inline unsigned int crypto_skcipher_reqsize(struct crypto_skcipher *tfm) +{ + return tfm->reqsize; +} + /** * crypto_skcipher_reqtfm() - obtain cipher handle from request * @req: skcipher_request out of which the cipher handle is to be obtained @@ -446,6 +458,9 @@ static inline struct crypto_skcipher *crypto_skcipher_reqtfm_check( if (WARN_ON(crypto_skcipher_alg(tfm)->base.cra_flags & CRYPTO_ALG_ASYNC)) return ERR_PTR(-EINVAL); + if (WARN_ON(crypto_skcipher_reqsize(tfm) > + MAX_SYNC_SKCIPHER_REQSIZE)) + return ERR_PTR(-ENOSPC); } if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) @@ -507,17 +522,6 @@ static inline int crypto_skcipher_decrypt(struct skcipher_request *req) * skcipher handle to the crypto_skcipher_* API calls. */ -/** - * crypto_skcipher_reqsize() - obtain size of the request data structure - * @tfm: cipher handle - * - * Return: number of bytes - */ -static inline unsigned int crypto_skcipher_reqsize(struct crypto_skcipher *tfm) -{ - return tfm->reqsize; -} - /** * skcipher_request_set_tfm() - update cipher handle reference in request * @req: request handle to be modified From patchwork Thu Sep 6 22:58:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10591291 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A3DBB139B for ; Thu, 6 Sep 2018 23:02:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 90CB32B163 for ; Thu, 6 Sep 2018 23:02:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 837A22B1BC; Thu, 6 Sep 2018 23:02:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id EFE1A2B163 for ; Thu, 6 Sep 2018 23:02:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=pxkg/kvQIv+EGq0V1HvNcnpOdwpjEY0/+MdY2Wn+b2c=; b=LS8Xig6EwPeidp/Q7nQJP/jtxo nnLEKh5k0PDMWmE9v9j2I/dJwRzULhMsEHjnb/T8xEQSJ1PU6zwA3miAI90xmH2rWqWw768ctjMuz 2Kxq0kkCpDEMlJLE/hFZCmk7Z4UVgvJ4TIIWSkPLV2Wv0PmPwTg7QS5ccqYutXDhtGZxp2RuVlSBD cqQpnapvEfsxQs4m/TQaMTY/d+AE3cTgRGwqlXCQx/ql5dk5XLYIwz+FOiw5XlbxzwqCkmstMI5g6 chUqtC1FPrIcZlUxHcLAbnYVlNrZkF+j6zAKn2n92gJ/VldJH5g5FsAsYPEYkBHjX6JFOfH3MSt6f uNjw0/+w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fy3I7-0007v3-PA; Thu, 06 Sep 2018 23:02:23 +0000 Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fy3F7-0005Ur-On for linux-arm-kernel@lists.infradead.org; Thu, 06 Sep 2018 22:59:31 +0000 Received: by mail-pl1-x642.google.com with SMTP id j8-v6so5643395pll.12 for ; Thu, 06 Sep 2018 15:59:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ASRalIgceGfgHR3P4z5Oe6pkrc8SAXw11+IR3R+90o8=; b=V6Bbzgwc2AX+o0ag2r21zAeIz3jY3zcDh9gwnLZ3PCPNWLsfTFvxia9NEDzTo3a3S9 X9N/Qi+sqWXtkQxx0QKIAbPn0+XVKPUypmEdwHYdBd1DNUowvmSGctCnnJRU2tbnLzEU ibdJlYtWT8spkFmclq07wjqWdiuGLe2M4/jgY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ASRalIgceGfgHR3P4z5Oe6pkrc8SAXw11+IR3R+90o8=; b=VB+xq84h8pWeN7S6amLejNxu8QpOWywMH1lZp2sx9yslLkcT4c8M/NDtPd+3SZqHJ7 FEcAA4s4xZkLAR+DKmUg/6M8fuarN8GtDu3Ty/4gFMkQnIPu2h6q9yCZ0LzHijux5lkK mi2x9w6n346m78Vxd0DsNLnEM4tMMY2RHJMPaDDczaJiK0k0ffagXIp/24nNaqbwo7dr aJrvAv5CM55y1L+irIBC0tbcsEUNlqZmpQ6RXPf8mOrbrFWiSHP01R7I+keyI0VW627h s53NPFUD70jvrTghRhpgC72jrZ1ykcknAwm1F9rUmKhMqciOz2oeTY9ztEvAQS/NHZqX /8jg== X-Gm-Message-State: APzg51BDinphPTJbmtj3C2k2nhu/I6zrHZFA3Y9iim+X9VtqjRA/0vat AbbH5xFCqzAvMTxUK7i9vQUVnw== X-Google-Smtp-Source: ANB0VdZq8UXWKI22/c9SpZ73z+8ZxICqwSsfT9KZ7ehYYhDThhXv+z/Hm8kU0mvivjR4nwkjejoOEw== X-Received: by 2002:a17:902:3a3:: with SMTP id d32-v6mr5036828pld.294.1536274746674; Thu, 06 Sep 2018 15:59:06 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id f75-v6sm13616531pfk.85.2018.09.06.15.59.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 06 Sep 2018 15:59:01 -0700 (PDT) From: Kees Cook To: Herbert Xu Subject: [PATCH 4/4] crypto: skcipher - Remove unused argument to SKCIPHER_REQUEST_ON_STACK() Date: Thu, 6 Sep 2018 15:58:54 -0700 Message-Id: <20180906225854.40989-5-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180906225854.40989-1-keescook@chromium.org> References: <20180906225854.40989-1-keescook@chromium.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180906_155917_829629_A446433D X-CRM114-Status: GOOD ( 15.85 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maxime Ripard , Arnaud Ebalard , Kees Cook , Christian Lamparter , Ard Biesheuvel , Antoine Tenart , Boris Brezillon , Eric Biggers , linux-kernel@vger.kernel.org, Gilad Ben-Yossef , Chen-Yu Tsai , Corentin Labbe , linux-crypto@vger.kernel.org, Jonathan Cameron , Philippe Ombredanne , linux-arm-kernel@lists.infradead.org, Alexander Stein MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Since the size is now fixed, there is no need to include the tfm argument. This removes it from the definition and callers. Suggested-by: Alexander Stein Signed-off-by: Kees Cook --- arch/s390/crypto/aes_s390.c | 8 ++++---- arch/x86/crypto/fpu.c | 4 ++-- crypto/algif_aead.c | 2 +- crypto/authenc.c | 2 +- crypto/authencesn.c | 2 +- crypto/cryptd.c | 4 ++-- crypto/echainiv.c | 2 +- crypto/gcm.c | 2 +- crypto/seqiv.c | 2 +- drivers/block/cryptoloop.c | 2 +- drivers/crypto/axis/artpec6_crypto.c | 2 +- drivers/crypto/ccp/ccp-crypto-aes-xts.c | 2 +- drivers/crypto/chelsio/chcr_algo.c | 2 +- drivers/crypto/mxs-dcp.c | 2 +- drivers/crypto/omap-aes.c | 2 +- drivers/crypto/picoxcell_crypto.c | 2 +- drivers/crypto/qce/ablkcipher.c | 2 +- drivers/crypto/sahara.c | 8 ++++---- drivers/crypto/vmx/aes_cbc.c | 4 ++-- drivers/crypto/vmx/aes_ctr.c | 2 +- drivers/crypto/vmx/aes_xts.c | 2 +- drivers/net/ppp/ppp_mppe.c | 6 +++--- drivers/staging/rtl8192e/rtllib_crypt_tkip.c | 4 ++-- drivers/staging/rtl8192e/rtllib_crypt_wep.c | 4 ++-- .../rtl8192u/ieee80211/ieee80211_crypt_tkip.c | 4 ++-- .../rtl8192u/ieee80211/ieee80211_crypt_wep.c | 4 ++-- drivers/usb/wusbcore/crypto.c | 2 +- include/crypto/skcipher.h | 2 +- net/ceph/crypto.c | 2 +- net/mac802154/llsec.c | 4 ++-- net/rxrpc/rxkad.c | 10 +++++----- net/sunrpc/auth_gss/gss_krb5_crypto.c | 14 +++++++------- net/wireless/lib80211_crypt_tkip.c | 4 ++-- net/wireless/lib80211_crypt_wep.c | 4 ++-- 34 files changed, 62 insertions(+), 62 deletions(-) diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c index c54cb26eb7f5..212c076d36a7 100644 --- a/arch/s390/crypto/aes_s390.c +++ b/arch/s390/crypto/aes_s390.c @@ -204,7 +204,7 @@ static int fallback_blk_dec(struct blkcipher_desc *desc, unsigned int ret; struct crypto_blkcipher *tfm = desc->tfm; struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(tfm); - SKCIPHER_REQUEST_ON_STACK(req, sctx->fallback.blk); + SKCIPHER_REQUEST_ON_STACK(req); skcipher_request_set_tfm(req, sctx->fallback.blk); skcipher_request_set_callback(req, desc->flags, NULL, NULL); @@ -223,7 +223,7 @@ static int fallback_blk_enc(struct blkcipher_desc *desc, unsigned int ret; struct crypto_blkcipher *tfm = desc->tfm; struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(tfm); - SKCIPHER_REQUEST_ON_STACK(req, sctx->fallback.blk); + SKCIPHER_REQUEST_ON_STACK(req); skcipher_request_set_tfm(req, sctx->fallback.blk); skcipher_request_set_callback(req, desc->flags, NULL, NULL); @@ -472,7 +472,7 @@ static int xts_fallback_decrypt(struct blkcipher_desc *desc, { struct crypto_blkcipher *tfm = desc->tfm; struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(tfm); - SKCIPHER_REQUEST_ON_STACK(req, xts_ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(req); unsigned int ret; skcipher_request_set_tfm(req, xts_ctx->fallback); @@ -491,7 +491,7 @@ static int xts_fallback_encrypt(struct blkcipher_desc *desc, { struct crypto_blkcipher *tfm = desc->tfm; struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(tfm); - SKCIPHER_REQUEST_ON_STACK(req, xts_ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(req); unsigned int ret; skcipher_request_set_tfm(req, xts_ctx->fallback); diff --git a/arch/x86/crypto/fpu.c b/arch/x86/crypto/fpu.c index 406680476c52..746cea05c07e 100644 --- a/arch/x86/crypto/fpu.c +++ b/arch/x86/crypto/fpu.c @@ -44,7 +44,7 @@ static int crypto_fpu_encrypt(struct skcipher_request *req) struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct crypto_fpu_ctx *ctx = crypto_skcipher_ctx(tfm); struct crypto_skcipher *child = ctx->child; - SKCIPHER_REQUEST_ON_STACK(subreq, child); + SKCIPHER_REQUEST_ON_STACK(subreq); int err; skcipher_request_set_tfm(subreq, child); @@ -65,7 +65,7 @@ static int crypto_fpu_decrypt(struct skcipher_request *req) struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct crypto_fpu_ctx *ctx = crypto_skcipher_ctx(tfm); struct crypto_skcipher *child = ctx->child; - SKCIPHER_REQUEST_ON_STACK(subreq, child); + SKCIPHER_REQUEST_ON_STACK(subreq); int err; skcipher_request_set_tfm(subreq, child); diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index c40a8c7ee8ae..2f7d95d63fa9 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -79,7 +79,7 @@ static int crypto_aead_copy_sgl(struct crypto_skcipher *null_tfm, struct scatterlist *src, struct scatterlist *dst, unsigned int len) { - SKCIPHER_REQUEST_ON_STACK(skreq, null_tfm); + SKCIPHER_REQUEST_ON_STACK(skreq); skcipher_request_set_tfm(skreq, null_tfm); skcipher_request_set_callback(skreq, CRYPTO_TFM_REQ_MAY_BACKLOG, diff --git a/crypto/authenc.c b/crypto/authenc.c index 4fa8d40d947b..17116e8c60b7 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -185,7 +185,7 @@ static int crypto_authenc_copy_assoc(struct aead_request *req) { struct crypto_aead *authenc = crypto_aead_reqtfm(req); struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); - SKCIPHER_REQUEST_ON_STACK(skreq, ctx->null); + SKCIPHER_REQUEST_ON_STACK(skreq); skcipher_request_set_tfm(skreq, ctx->null); skcipher_request_set_callback(skreq, aead_request_flags(req), diff --git a/crypto/authencesn.c b/crypto/authencesn.c index 50b804747e20..70ee4e55ae21 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c @@ -183,7 +183,7 @@ static int crypto_authenc_esn_copy(struct aead_request *req, unsigned int len) { struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req); struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn); - SKCIPHER_REQUEST_ON_STACK(skreq, ctx->null); + SKCIPHER_REQUEST_ON_STACK(skreq); skcipher_request_set_tfm(skreq, ctx->null); skcipher_request_set_callback(skreq, aead_request_flags(req), diff --git a/crypto/cryptd.c b/crypto/cryptd.c index addca7bae33f..4c51fff4263e 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -484,7 +484,7 @@ static void cryptd_skcipher_encrypt(struct crypto_async_request *base, struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); struct crypto_skcipher *child = ctx->child; - SKCIPHER_REQUEST_ON_STACK(subreq, child); + SKCIPHER_REQUEST_ON_STACK(subreq); if (unlikely(err == -EINPROGRESS)) goto out; @@ -512,7 +512,7 @@ static void cryptd_skcipher_decrypt(struct crypto_async_request *base, struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); struct crypto_skcipher *child = ctx->child; - SKCIPHER_REQUEST_ON_STACK(subreq, child); + SKCIPHER_REQUEST_ON_STACK(subreq); if (unlikely(err == -EINPROGRESS)) goto out; diff --git a/crypto/echainiv.c b/crypto/echainiv.c index 45819e6015bf..0289873f3b08 100644 --- a/crypto/echainiv.c +++ b/crypto/echainiv.c @@ -47,7 +47,7 @@ static int echainiv_encrypt(struct aead_request *req) info = req->iv; if (req->src != req->dst) { - SKCIPHER_REQUEST_ON_STACK(nreq, ctx->sknull); + SKCIPHER_REQUEST_ON_STACK(nreq); skcipher_request_set_tfm(nreq, ctx->sknull); skcipher_request_set_callback(nreq, req->base.flags, diff --git a/crypto/gcm.c b/crypto/gcm.c index 0ad879e1f9b2..4aae4e30d74b 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -1067,7 +1067,7 @@ static int crypto_rfc4543_copy_src_to_dst(struct aead_request *req, bool enc) unsigned int authsize = crypto_aead_authsize(aead); unsigned int nbytes = req->assoclen + req->cryptlen - (enc ? 0 : authsize); - SKCIPHER_REQUEST_ON_STACK(nreq, ctx->null); + SKCIPHER_REQUEST_ON_STACK(nreq); skcipher_request_set_tfm(nreq, ctx->null); skcipher_request_set_callback(nreq, req->base.flags, NULL, NULL); diff --git a/crypto/seqiv.c b/crypto/seqiv.c index 39dbf2f7e5f5..920161e65dd9 100644 --- a/crypto/seqiv.c +++ b/crypto/seqiv.c @@ -73,7 +73,7 @@ static int seqiv_aead_encrypt(struct aead_request *req) info = req->iv; if (req->src != req->dst) { - SKCIPHER_REQUEST_ON_STACK(nreq, ctx->sknull); + SKCIPHER_REQUEST_ON_STACK(nreq); skcipher_request_set_tfm(nreq, ctx->sknull); skcipher_request_set_callback(nreq, req->base.flags, diff --git a/drivers/block/cryptoloop.c b/drivers/block/cryptoloop.c index 7033a4beda66..1c58b5a1d875 100644 --- a/drivers/block/cryptoloop.c +++ b/drivers/block/cryptoloop.c @@ -110,7 +110,7 @@ cryptoloop_transfer(struct loop_device *lo, int cmd, int size, sector_t IV) { struct crypto_skcipher *tfm = lo->key_data; - SKCIPHER_REQUEST_ON_STACK(req, tfm); + SKCIPHER_REQUEST_ON_STACK(req); struct scatterlist sg_out; struct scatterlist sg_in; diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index 7f07a5085e9b..ac422c455e12 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -1205,7 +1205,7 @@ artpec6_crypto_ctr_crypt(struct skcipher_request *req, bool encrypt) return ret; { - SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(subreq); skcipher_request_set_tfm(subreq, ctx->fallback); skcipher_request_set_callback(subreq, req->base.flags, diff --git a/drivers/crypto/ccp/ccp-crypto-aes-xts.c b/drivers/crypto/ccp/ccp-crypto-aes-xts.c index 94b5bcf5b628..b5bc6ad74768 100644 --- a/drivers/crypto/ccp/ccp-crypto-aes-xts.c +++ b/drivers/crypto/ccp/ccp-crypto-aes-xts.c @@ -151,7 +151,7 @@ static int ccp_aes_xts_crypt(struct ablkcipher_request *req, (ctx->u.aes.key_len != AES_KEYSIZE_256)) fallback = 1; if (fallback) { - SKCIPHER_REQUEST_ON_STACK(subreq, ctx->u.aes.tfm_skcipher); + SKCIPHER_REQUEST_ON_STACK(subreq); /* Use the fallback to process the request for any * unsupported unit sizes or key sizes diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 5c539af8ed60..eb1101e6a7bd 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -681,7 +681,7 @@ static int chcr_cipher_fallback(struct crypto_skcipher *cipher, { int err; - SKCIPHER_REQUEST_ON_STACK(subreq, cipher); + SKCIPHER_REQUEST_ON_STACK(subreq); skcipher_request_set_tfm(subreq, cipher); skcipher_request_set_callback(subreq, flags, NULL, NULL); diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c index a10c418d4e5c..c81b11d34903 100644 --- a/drivers/crypto/mxs-dcp.c +++ b/drivers/crypto/mxs-dcp.c @@ -376,7 +376,7 @@ static int mxs_dcp_block_fallback(struct ablkcipher_request *req, int enc) { struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req); struct dcp_async_ctx *ctx = crypto_ablkcipher_ctx(tfm); - SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(subreq); int ret; skcipher_request_set_tfm(subreq, ctx->fallback); diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c index 9019f6b67986..67626c523160 100644 --- a/drivers/crypto/omap-aes.c +++ b/drivers/crypto/omap-aes.c @@ -522,7 +522,7 @@ static int omap_aes_crypt(struct ablkcipher_request *req, unsigned long mode) !!(mode & FLAGS_CBC)); if (req->nbytes < aes_fallback_sz) { - SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(subreq); skcipher_request_set_tfm(subreq, ctx->fallback); skcipher_request_set_callback(subreq, req->base.flags, NULL, diff --git a/drivers/crypto/picoxcell_crypto.c b/drivers/crypto/picoxcell_crypto.c index 321d5e2ac833..1ba6a3ab9421 100644 --- a/drivers/crypto/picoxcell_crypto.c +++ b/drivers/crypto/picoxcell_crypto.c @@ -914,7 +914,7 @@ static int spacc_ablk_do_fallback(struct ablkcipher_request *req, struct crypto_tfm *old_tfm = crypto_ablkcipher_tfm(crypto_ablkcipher_reqtfm(req)); struct spacc_ablk_ctx *ctx = crypto_tfm_ctx(old_tfm); - SKCIPHER_REQUEST_ON_STACK(subreq, ctx->sw_cipher); + SKCIPHER_REQUEST_ON_STACK(subreq); int err; /* diff --git a/drivers/crypto/qce/ablkcipher.c b/drivers/crypto/qce/ablkcipher.c index ea4d96bf47e8..cde3dad00ddf 100644 --- a/drivers/crypto/qce/ablkcipher.c +++ b/drivers/crypto/qce/ablkcipher.c @@ -212,7 +212,7 @@ static int qce_ablkcipher_crypt(struct ablkcipher_request *req, int encrypt) if (IS_AES(rctx->flags) && ctx->enc_keylen != AES_KEYSIZE_128 && ctx->enc_keylen != AES_KEYSIZE_256) { - SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(subreq); skcipher_request_set_tfm(subreq, ctx->fallback); skcipher_request_set_callback(subreq, req->base.flags, diff --git a/drivers/crypto/sahara.c b/drivers/crypto/sahara.c index e7540a5b8197..f9a29d8bbf1a 100644 --- a/drivers/crypto/sahara.c +++ b/drivers/crypto/sahara.c @@ -666,7 +666,7 @@ static int sahara_aes_ecb_encrypt(struct ablkcipher_request *req) int err; if (unlikely(ctx->keylen != AES_KEYSIZE_128)) { - SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(subreq); skcipher_request_set_tfm(subreq, ctx->fallback); skcipher_request_set_callback(subreq, req->base.flags, @@ -688,7 +688,7 @@ static int sahara_aes_ecb_decrypt(struct ablkcipher_request *req) int err; if (unlikely(ctx->keylen != AES_KEYSIZE_128)) { - SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(subreq); skcipher_request_set_tfm(subreq, ctx->fallback); skcipher_request_set_callback(subreq, req->base.flags, @@ -710,7 +710,7 @@ static int sahara_aes_cbc_encrypt(struct ablkcipher_request *req) int err; if (unlikely(ctx->keylen != AES_KEYSIZE_128)) { - SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(subreq); skcipher_request_set_tfm(subreq, ctx->fallback); skcipher_request_set_callback(subreq, req->base.flags, @@ -732,7 +732,7 @@ static int sahara_aes_cbc_decrypt(struct ablkcipher_request *req) int err; if (unlikely(ctx->keylen != AES_KEYSIZE_128)) { - SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(subreq); skcipher_request_set_tfm(subreq, ctx->fallback); skcipher_request_set_callback(subreq, req->base.flags, diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c index b71895871be3..c4a02092e798 100644 --- a/drivers/crypto/vmx/aes_cbc.c +++ b/drivers/crypto/vmx/aes_cbc.c @@ -100,7 +100,7 @@ static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm)); if (in_interrupt()) { - SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(req); skcipher_request_set_tfm(req, ctx->fallback); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); @@ -139,7 +139,7 @@ static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc, crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm)); if (in_interrupt()) { - SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(req); skcipher_request_set_tfm(req, ctx->fallback); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); diff --git a/drivers/crypto/vmx/aes_ctr.c b/drivers/crypto/vmx/aes_ctr.c index cd777c75291d..936d21fcd094 100644 --- a/drivers/crypto/vmx/aes_ctr.c +++ b/drivers/crypto/vmx/aes_ctr.c @@ -119,7 +119,7 @@ static int p8_aes_ctr_crypt(struct blkcipher_desc *desc, crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm)); if (in_interrupt()) { - SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(req); skcipher_request_set_tfm(req, ctx->fallback); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c index e9954a7d4694..1004f7a08d72 100644 --- a/drivers/crypto/vmx/aes_xts.c +++ b/drivers/crypto/vmx/aes_xts.c @@ -109,7 +109,7 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm)); if (in_interrupt()) { - SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); + SKCIPHER_REQUEST_ON_STACK(req); skcipher_request_set_tfm(req, ctx->fallback); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c index a205750b431b..ec598650b92f 100644 --- a/drivers/net/ppp/ppp_mppe.c +++ b/drivers/net/ppp/ppp_mppe.c @@ -155,7 +155,7 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state) static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) { struct scatterlist sg_in[1], sg_out[1]; - SKCIPHER_REQUEST_ON_STACK(req, state->arc4); + SKCIPHER_REQUEST_ON_STACK(req); skcipher_request_set_tfm(req, state->arc4); skcipher_request_set_callback(req, 0, NULL, NULL); @@ -366,7 +366,7 @@ mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf, int isize, int osize) { struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; - SKCIPHER_REQUEST_ON_STACK(req, state->arc4); + SKCIPHER_REQUEST_ON_STACK(req); int proto; int err; struct scatterlist sg_in[1], sg_out[1]; @@ -480,7 +480,7 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, int osize) { struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; - SKCIPHER_REQUEST_ON_STACK(req, state->arc4); + SKCIPHER_REQUEST_ON_STACK(req); unsigned ccount; int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED; struct scatterlist sg_in[1], sg_out[1]; diff --git a/drivers/staging/rtl8192e/rtllib_crypt_tkip.c b/drivers/staging/rtl8192e/rtllib_crypt_tkip.c index 9f18be14dda6..b53ea12a43f7 100644 --- a/drivers/staging/rtl8192e/rtllib_crypt_tkip.c +++ b/drivers/staging/rtl8192e/rtllib_crypt_tkip.c @@ -337,7 +337,7 @@ static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) *pos++ = (tkey->tx_iv32 >> 24) & 0xff; if (!tcb_desc->bHwSec) { - SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4); + SKCIPHER_REQUEST_ON_STACK(req); icv = skb_put(skb, 4); crc = ~crc32_le(~0, pos, len); @@ -420,7 +420,7 @@ static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) pos += 8; if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) { - SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4); + SKCIPHER_REQUEST_ON_STACK(req); if ((iv32 < tkey->rx_iv32 || (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) && diff --git a/drivers/staging/rtl8192e/rtllib_crypt_wep.c b/drivers/staging/rtl8192e/rtllib_crypt_wep.c index b3343a5d0fd6..4d53ad9d44bf 100644 --- a/drivers/staging/rtl8192e/rtllib_crypt_wep.c +++ b/drivers/staging/rtl8192e/rtllib_crypt_wep.c @@ -135,7 +135,7 @@ static int prism2_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv) memcpy(key + 3, wep->key, wep->key_len); if (!tcb_desc->bHwSec) { - SKCIPHER_REQUEST_ON_STACK(req, wep->tx_tfm); + SKCIPHER_REQUEST_ON_STACK(req); /* Append little-endian CRC32 and encrypt it to produce ICV */ crc = ~crc32_le(~0, pos, len); @@ -199,7 +199,7 @@ static int prism2_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv) plen = skb->len - hdr_len - 8; if (!tcb_desc->bHwSec) { - SKCIPHER_REQUEST_ON_STACK(req, wep->rx_tfm); + SKCIPHER_REQUEST_ON_STACK(req); sg_init_one(&sg, pos, plen+4); crypto_skcipher_setkey(wep->rx_tfm, key, klen); diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c index 1088fa0aee0e..0f67b0da45b7 100644 --- a/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c +++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c @@ -340,7 +340,7 @@ static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) *pos++ = (tkey->tx_iv32 >> 24) & 0xff; if (!tcb_desc->bHwSec) { - SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4); + SKCIPHER_REQUEST_ON_STACK(req); icv = skb_put(skb, 4); crc = ~crc32_le(~0, pos, len); @@ -418,7 +418,7 @@ static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) pos += 8; if (!tcb_desc->bHwSec) { - SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4); + SKCIPHER_REQUEST_ON_STACK(req); if (iv32 < tkey->rx_iv32 || (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) { diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_wep.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_wep.c index b9f86be9e52b..4dffbd55db7c 100644 --- a/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_wep.c +++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_wep.c @@ -128,7 +128,7 @@ static int prism2_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv) memcpy(key + 3, wep->key, wep->key_len); if (!tcb_desc->bHwSec) { - SKCIPHER_REQUEST_ON_STACK(req, wep->tx_tfm); + SKCIPHER_REQUEST_ON_STACK(req); /* Append little-endian CRC32 and encrypt it to produce ICV */ crc = ~crc32_le(~0, pos, len); @@ -193,7 +193,7 @@ static int prism2_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv) plen = skb->len - hdr_len - 8; if (!tcb_desc->bHwSec) { - SKCIPHER_REQUEST_ON_STACK(req, wep->rx_tfm); + SKCIPHER_REQUEST_ON_STACK(req); crypto_skcipher_setkey(wep->rx_tfm, key, klen); sg_init_one(&sg, pos, plen+4); diff --git a/drivers/usb/wusbcore/crypto.c b/drivers/usb/wusbcore/crypto.c index aff50eb09ca9..4f151cf5992e 100644 --- a/drivers/usb/wusbcore/crypto.c +++ b/drivers/usb/wusbcore/crypto.c @@ -198,7 +198,7 @@ static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc, size_t blen) { int result = 0; - SKCIPHER_REQUEST_ON_STACK(req, tfm_cbc); + SKCIPHER_REQUEST_ON_STACK(req); struct scatterlist sg[4], sg_dst; void *dst_buf; size_t dst_size; diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index cca216999bf1..09270f12b90b 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -145,7 +145,7 @@ struct skcipher_alg { * This must only ever be used with synchronous algorithms. */ #define MAX_SYNC_SKCIPHER_REQSIZE 384 -#define SKCIPHER_REQUEST_ON_STACK(name, tfm) \ +#define SKCIPHER_REQUEST_ON_STACK(name) \ char __##name##_desc[sizeof(struct skcipher_request) + \ MAX_SYNC_SKCIPHER_REQSIZE] CRYPTO_MINALIGN_ATTR = { 1 }; \ struct skcipher_request *name = (void *)__##name##_desc diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c index 02172c408ff2..f4ceab8fa0e4 100644 --- a/net/ceph/crypto.c +++ b/net/ceph/crypto.c @@ -216,7 +216,7 @@ static void teardown_sgtable(struct sg_table *sgt) static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt, void *buf, int buf_len, int in_len, int *pout_len) { - SKCIPHER_REQUEST_ON_STACK(req, key->tfm); + SKCIPHER_REQUEST_ON_STACK(req); struct sg_table sgt; struct scatterlist prealloc_sg; char iv[AES_BLOCK_SIZE] __aligned(8); diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c index 2fb703d70803..b957a04329d0 100644 --- a/net/mac802154/llsec.c +++ b/net/mac802154/llsec.c @@ -622,7 +622,7 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec, { u8 iv[16]; struct scatterlist src; - SKCIPHER_REQUEST_ON_STACK(req, key->tfm0); + SKCIPHER_REQUEST_ON_STACK(req); int err, datalen; unsigned char *data; @@ -840,7 +840,7 @@ llsec_do_decrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec, unsigned char *data; int datalen; struct scatterlist src; - SKCIPHER_REQUEST_ON_STACK(req, key->tfm0); + SKCIPHER_REQUEST_ON_STACK(req); int err; llsec_geniv(iv, dev_addr, &hdr->sec); diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c index cea16838d588..49d7480ea514 100644 --- a/net/rxrpc/rxkad.c +++ b/net/rxrpc/rxkad.c @@ -104,7 +104,7 @@ static int rxkad_init_connection_security(struct rxrpc_connection *conn) static int rxkad_prime_packet_security(struct rxrpc_connection *conn) { struct rxrpc_key_token *token; - SKCIPHER_REQUEST_ON_STACK(req, conn->cipher); + SKCIPHER_REQUEST_ON_STACK(req); struct scatterlist sg; struct rxrpc_crypt iv; __be32 *tmpbuf; @@ -250,7 +250,7 @@ static int rxkad_secure_packet(struct rxrpc_call *call, void *sechdr) { struct rxrpc_skb_priv *sp; - SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); + SKCIPHER_REQUEST_ON_STACK(req); struct rxrpc_crypt iv; struct scatterlist sg; u32 x, y; @@ -506,7 +506,7 @@ static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb, unsigned int offset, unsigned int len, rxrpc_seq_t seq, u16 expected_cksum) { - SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); + SKCIPHER_REQUEST_ON_STACK(req); struct rxrpc_crypt iv; struct scatterlist sg; bool aborted; @@ -755,7 +755,7 @@ static void rxkad_encrypt_response(struct rxrpc_connection *conn, struct rxkad_response *resp, const struct rxkad_key *s2) { - SKCIPHER_REQUEST_ON_STACK(req, conn->cipher); + SKCIPHER_REQUEST_ON_STACK(req); struct rxrpc_crypt iv; struct scatterlist sg[1]; @@ -1021,7 +1021,7 @@ static void rxkad_decrypt_response(struct rxrpc_connection *conn, struct rxkad_response *resp, const struct rxrpc_crypt *session_key) { - SKCIPHER_REQUEST_ON_STACK(req, rxkad_ci); + SKCIPHER_REQUEST_ON_STACK(req); struct scatterlist sg[1]; struct rxrpc_crypt iv; diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c index 0220e1ca5280..cd910960e734 100644 --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c @@ -62,7 +62,7 @@ krb5_encrypt( u32 ret = -EINVAL; struct scatterlist sg[1]; u8 local_iv[GSS_KRB5_MAX_BLOCKSIZE] = {0}; - SKCIPHER_REQUEST_ON_STACK(req, tfm); + SKCIPHER_REQUEST_ON_STACK(req); if (length % crypto_skcipher_blocksize(tfm) != 0) goto out; @@ -101,7 +101,7 @@ krb5_decrypt( u32 ret = -EINVAL; struct scatterlist sg[1]; u8 local_iv[GSS_KRB5_MAX_BLOCKSIZE] = {0}; - SKCIPHER_REQUEST_ON_STACK(req, tfm); + SKCIPHER_REQUEST_ON_STACK(req); if (length % crypto_skcipher_blocksize(tfm) != 0) goto out; @@ -531,7 +531,7 @@ gss_encrypt_xdr_buf(struct crypto_skcipher *tfm, struct xdr_buf *buf, { int ret; struct encryptor_desc desc; - SKCIPHER_REQUEST_ON_STACK(req, tfm); + SKCIPHER_REQUEST_ON_STACK(req); BUG_ON((buf->len - offset) % crypto_skcipher_blocksize(tfm) != 0); @@ -613,7 +613,7 @@ gss_decrypt_xdr_buf(struct crypto_skcipher *tfm, struct xdr_buf *buf, { int ret; struct decryptor_desc desc; - SKCIPHER_REQUEST_ON_STACK(req, tfm); + SKCIPHER_REQUEST_ON_STACK(req); /* XXXJBF: */ BUG_ON((buf->len - offset) % crypto_skcipher_blocksize(tfm) != 0); @@ -677,7 +677,7 @@ gss_krb5_cts_crypt(struct crypto_skcipher *cipher, struct xdr_buf *buf, { u32 ret; struct scatterlist sg[1]; - SKCIPHER_REQUEST_ON_STACK(req, cipher); + SKCIPHER_REQUEST_ON_STACK(req); u8 *data; struct page **save_pages; u32 len = buf->len - offset; @@ -807,7 +807,7 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset, memset(desc.iv, 0, sizeof(desc.iv)); if (cbcbytes) { - SKCIPHER_REQUEST_ON_STACK(req, aux_cipher); + SKCIPHER_REQUEST_ON_STACK(req); desc.pos = offset + GSS_KRB5_TOK_HDR_LEN; desc.fragno = 0; @@ -891,7 +891,7 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, struct xdr_buf *buf, memset(desc.iv, 0, sizeof(desc.iv)); if (cbcbytes) { - SKCIPHER_REQUEST_ON_STACK(req, aux_cipher); + SKCIPHER_REQUEST_ON_STACK(req); desc.fragno = 0; desc.fraglen = 0; diff --git a/net/wireless/lib80211_crypt_tkip.c b/net/wireless/lib80211_crypt_tkip.c index e6bce1f130c9..f181ed4e8c22 100644 --- a/net/wireless/lib80211_crypt_tkip.c +++ b/net/wireless/lib80211_crypt_tkip.c @@ -344,7 +344,7 @@ static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len, static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) { struct lib80211_tkip_data *tkey = priv; - SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4); + SKCIPHER_REQUEST_ON_STACK(req); int len; u8 rc4key[16], *pos, *icv; u32 crc; @@ -400,7 +400,7 @@ static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n, static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) { struct lib80211_tkip_data *tkey = priv; - SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4); + SKCIPHER_REQUEST_ON_STACK(req); u8 rc4key[16]; u8 keyidx, *pos; u32 iv32; diff --git a/net/wireless/lib80211_crypt_wep.c b/net/wireless/lib80211_crypt_wep.c index d05f58b0fd04..f642f45ae9ff 100644 --- a/net/wireless/lib80211_crypt_wep.c +++ b/net/wireless/lib80211_crypt_wep.c @@ -129,7 +129,7 @@ static int lib80211_wep_build_iv(struct sk_buff *skb, int hdr_len, static int lib80211_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv) { struct lib80211_wep_data *wep = priv; - SKCIPHER_REQUEST_ON_STACK(req, wep->tx_tfm); + SKCIPHER_REQUEST_ON_STACK(req); u32 crc, klen, len; u8 *pos, *icv; struct scatterlist sg; @@ -182,7 +182,7 @@ static int lib80211_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv) static int lib80211_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv) { struct lib80211_wep_data *wep = priv; - SKCIPHER_REQUEST_ON_STACK(req, wep->rx_tfm); + SKCIPHER_REQUEST_ON_STACK(req); u32 crc, klen, plen; u8 key[WEP_KEY_LEN + 3]; u8 keyidx, *pos, icv[4];