Commit 3a58c231 authored by Herbert Xu's avatar Herbert Xu

crypto: cryptd - Use request context instead of stack for sub-request

cryptd is buggy as it tries to use sync_skcipher without going
through the proper sync_skcipher interface.  In fact it doesn't
even need sync_skcipher since it's already a proper skcipher and
can easily access the request context instead of using something
off the stack.

Fixes: 36b3875a ("crypto: cryptd - Remove VLA usage of skcipher")
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 824db5cd
...@@ -68,11 +68,12 @@ struct aead_instance_ctx { ...@@ -68,11 +68,12 @@ struct aead_instance_ctx {
struct cryptd_skcipher_ctx { struct cryptd_skcipher_ctx {
refcount_t refcnt; refcount_t refcnt;
struct crypto_sync_skcipher *child; struct crypto_skcipher *child;
}; };
struct cryptd_skcipher_request_ctx { struct cryptd_skcipher_request_ctx {
crypto_completion_t complete; crypto_completion_t complete;
struct skcipher_request req;
}; };
struct cryptd_hash_ctx { struct cryptd_hash_ctx {
...@@ -227,13 +228,13 @@ static int cryptd_skcipher_setkey(struct crypto_skcipher *parent, ...@@ -227,13 +228,13 @@ static int cryptd_skcipher_setkey(struct crypto_skcipher *parent,
const u8 *key, unsigned int keylen) const u8 *key, unsigned int keylen)
{ {
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(parent); struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(parent);
struct crypto_sync_skcipher *child = ctx->child; struct crypto_skcipher *child = ctx->child;
crypto_sync_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
crypto_sync_skcipher_set_flags(child, crypto_skcipher_set_flags(child,
crypto_skcipher_get_flags(parent) & crypto_skcipher_get_flags(parent) &
CRYPTO_TFM_REQ_MASK); CRYPTO_TFM_REQ_MASK);
return crypto_sync_skcipher_setkey(child, key, keylen); return crypto_skcipher_setkey(child, key, keylen);
} }
static void cryptd_skcipher_complete(struct skcipher_request *req, int err) static void cryptd_skcipher_complete(struct skcipher_request *req, int err)
...@@ -258,13 +259,13 @@ static void cryptd_skcipher_encrypt(struct crypto_async_request *base, ...@@ -258,13 +259,13 @@ static void cryptd_skcipher_encrypt(struct crypto_async_request *base,
struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req); struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req);
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
struct crypto_sync_skcipher *child = ctx->child; struct skcipher_request *subreq = &rctx->req;
SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, child); struct crypto_skcipher *child = ctx->child;
if (unlikely(err == -EINPROGRESS)) if (unlikely(err == -EINPROGRESS))
goto out; goto out;
skcipher_request_set_sync_tfm(subreq, child); skcipher_request_set_tfm(subreq, child);
skcipher_request_set_callback(subreq, CRYPTO_TFM_REQ_MAY_SLEEP, skcipher_request_set_callback(subreq, CRYPTO_TFM_REQ_MAY_SLEEP,
NULL, NULL); NULL, NULL);
skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen,
...@@ -286,13 +287,13 @@ static void cryptd_skcipher_decrypt(struct crypto_async_request *base, ...@@ -286,13 +287,13 @@ static void cryptd_skcipher_decrypt(struct crypto_async_request *base,
struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req); struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req);
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
struct crypto_sync_skcipher *child = ctx->child; struct skcipher_request *subreq = &rctx->req;
SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, child); struct crypto_skcipher *child = ctx->child;
if (unlikely(err == -EINPROGRESS)) if (unlikely(err == -EINPROGRESS))
goto out; goto out;
skcipher_request_set_sync_tfm(subreq, child); skcipher_request_set_tfm(subreq, child);
skcipher_request_set_callback(subreq, CRYPTO_TFM_REQ_MAY_SLEEP, skcipher_request_set_callback(subreq, CRYPTO_TFM_REQ_MAY_SLEEP,
NULL, NULL); NULL, NULL);
skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen,
...@@ -343,9 +344,10 @@ static int cryptd_skcipher_init_tfm(struct crypto_skcipher *tfm) ...@@ -343,9 +344,10 @@ static int cryptd_skcipher_init_tfm(struct crypto_skcipher *tfm)
if (IS_ERR(cipher)) if (IS_ERR(cipher))
return PTR_ERR(cipher); return PTR_ERR(cipher);
ctx->child = (struct crypto_sync_skcipher *)cipher; ctx->child = cipher;
crypto_skcipher_set_reqsize( crypto_skcipher_set_reqsize(
tfm, sizeof(struct cryptd_skcipher_request_ctx)); tfm, sizeof(struct cryptd_skcipher_request_ctx) +
crypto_skcipher_reqsize(cipher));
return 0; return 0;
} }
...@@ -353,7 +355,7 @@ static void cryptd_skcipher_exit_tfm(struct crypto_skcipher *tfm) ...@@ -353,7 +355,7 @@ static void cryptd_skcipher_exit_tfm(struct crypto_skcipher *tfm)
{ {
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
crypto_free_sync_skcipher(ctx->child); crypto_free_skcipher(ctx->child);
} }
static void cryptd_skcipher_free(struct skcipher_instance *inst) static void cryptd_skcipher_free(struct skcipher_instance *inst)
...@@ -931,7 +933,7 @@ struct crypto_skcipher *cryptd_skcipher_child(struct cryptd_skcipher *tfm) ...@@ -931,7 +933,7 @@ struct crypto_skcipher *cryptd_skcipher_child(struct cryptd_skcipher *tfm)
{ {
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base); struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
return &ctx->child->base; return ctx->child;
} }
EXPORT_SYMBOL_GPL(cryptd_skcipher_child); EXPORT_SYMBOL_GPL(cryptd_skcipher_child);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment