lib80211: Remove VLA usage of skcipher
In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: Johannes Berg <johannes@sipsolutions.net> Cc: linux-wireless@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Kees Cook
@@ -64,9 +64,9 @@ struct lib80211_tkip_data {
|
||||
|
||||
int key_idx;
|
||||
|
||||
struct crypto_skcipher *rx_tfm_arc4;
|
||||
struct crypto_sync_skcipher *rx_tfm_arc4;
|
||||
struct crypto_shash *rx_tfm_michael;
|
||||
struct crypto_skcipher *tx_tfm_arc4;
|
||||
struct crypto_sync_skcipher *tx_tfm_arc4;
|
||||
struct crypto_shash *tx_tfm_michael;
|
||||
|
||||
/* scratch buffers for virt_to_page() (crypto API) */
|
||||
@@ -99,8 +99,7 @@ static void *lib80211_tkip_init(int key_idx)
|
||||
|
||||
priv->key_idx = key_idx;
|
||||
|
||||
priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
|
||||
CRYPTO_ALG_ASYNC);
|
||||
priv->tx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
|
||||
if (IS_ERR(priv->tx_tfm_arc4)) {
|
||||
priv->tx_tfm_arc4 = NULL;
|
||||
goto fail;
|
||||
@@ -112,8 +111,7 @@ static void *lib80211_tkip_init(int key_idx)
|
||||
goto fail;
|
||||
}
|
||||
|
||||
priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
|
||||
CRYPTO_ALG_ASYNC);
|
||||
priv->rx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
|
||||
if (IS_ERR(priv->rx_tfm_arc4)) {
|
||||
priv->rx_tfm_arc4 = NULL;
|
||||
goto fail;
|
||||
@@ -130,9 +128,9 @@ static void *lib80211_tkip_init(int key_idx)
|
||||
fail:
|
||||
if (priv) {
|
||||
crypto_free_shash(priv->tx_tfm_michael);
|
||||
crypto_free_skcipher(priv->tx_tfm_arc4);
|
||||
crypto_free_sync_skcipher(priv->tx_tfm_arc4);
|
||||
crypto_free_shash(priv->rx_tfm_michael);
|
||||
crypto_free_skcipher(priv->rx_tfm_arc4);
|
||||
crypto_free_sync_skcipher(priv->rx_tfm_arc4);
|
||||
kfree(priv);
|
||||
}
|
||||
|
||||
@@ -144,9 +142,9 @@ static void lib80211_tkip_deinit(void *priv)
|
||||
struct lib80211_tkip_data *_priv = priv;
|
||||
if (_priv) {
|
||||
crypto_free_shash(_priv->tx_tfm_michael);
|
||||
crypto_free_skcipher(_priv->tx_tfm_arc4);
|
||||
crypto_free_sync_skcipher(_priv->tx_tfm_arc4);
|
||||
crypto_free_shash(_priv->rx_tfm_michael);
|
||||
crypto_free_skcipher(_priv->rx_tfm_arc4);
|
||||
crypto_free_sync_skcipher(_priv->rx_tfm_arc4);
|
||||
}
|
||||
kfree(priv);
|
||||
}
|
||||
@@ -344,7 +342,7 @@ static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
|
||||
static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
|
||||
{
|
||||
struct lib80211_tkip_data *tkey = priv;
|
||||
SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4);
|
||||
SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4);
|
||||
int len;
|
||||
u8 rc4key[16], *pos, *icv;
|
||||
u32 crc;
|
||||
@@ -374,9 +372,9 @@ static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
|
||||
icv[2] = crc >> 16;
|
||||
icv[3] = crc >> 24;
|
||||
|
||||
crypto_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
|
||||
crypto_sync_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
|
||||
sg_init_one(&sg, pos, len + 4);
|
||||
skcipher_request_set_tfm(req, tkey->tx_tfm_arc4);
|
||||
skcipher_request_set_sync_tfm(req, tkey->tx_tfm_arc4);
|
||||
skcipher_request_set_callback(req, 0, NULL, NULL);
|
||||
skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL);
|
||||
err = crypto_skcipher_encrypt(req);
|
||||
@@ -400,7 +398,7 @@ static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
|
||||
static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
|
||||
{
|
||||
struct lib80211_tkip_data *tkey = priv;
|
||||
SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4);
|
||||
SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4);
|
||||
u8 rc4key[16];
|
||||
u8 keyidx, *pos;
|
||||
u32 iv32;
|
||||
@@ -463,9 +461,9 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
|
||||
|
||||
plen = skb->len - hdr_len - 12;
|
||||
|
||||
crypto_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
|
||||
crypto_sync_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
|
||||
sg_init_one(&sg, pos, plen + 4);
|
||||
skcipher_request_set_tfm(req, tkey->rx_tfm_arc4);
|
||||
skcipher_request_set_sync_tfm(req, tkey->rx_tfm_arc4);
|
||||
skcipher_request_set_callback(req, 0, NULL, NULL);
|
||||
skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL);
|
||||
err = crypto_skcipher_decrypt(req);
|
||||
@@ -660,9 +658,9 @@ static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
|
||||
struct lib80211_tkip_data *tkey = priv;
|
||||
int keyidx;
|
||||
struct crypto_shash *tfm = tkey->tx_tfm_michael;
|
||||
struct crypto_skcipher *tfm2 = tkey->tx_tfm_arc4;
|
||||
struct crypto_sync_skcipher *tfm2 = tkey->tx_tfm_arc4;
|
||||
struct crypto_shash *tfm3 = tkey->rx_tfm_michael;
|
||||
struct crypto_skcipher *tfm4 = tkey->rx_tfm_arc4;
|
||||
struct crypto_sync_skcipher *tfm4 = tkey->rx_tfm_arc4;
|
||||
|
||||
keyidx = tkey->key_idx;
|
||||
memset(tkey, 0, sizeof(*tkey));
|
||||
|
||||
Reference in New Issue
Block a user