From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kees Cook Subject: [PATCH v6 02/18] crypto: cbc: Remove VLA usage Date: Tue, 24 Jul 2018 09:49:20 -0700 Message-ID: <20180724164936.37477-3-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells Return-path: In-Reply-To: <20180724164936.37477-1-keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> Sender: linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: linux-crypto.vger.kernel.org In the quest to remove all stack VLA usage from the kernel[1], this uses the upper bounds on blocksize. Since this is always a cipher blocksize, use the existing cipher max blocksize. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org Signed-off-by: Kees Cook --- include/crypto/cbc.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/crypto/cbc.h b/include/crypto/cbc.h index f5b8bfc22e6d..47db0aac2ab9 100644 --- a/include/crypto/cbc.h +++ b/include/crypto/cbc.h @@ -113,7 +113,9 @@ static inline int crypto_cbc_decrypt_inplace( unsigned int bsize = crypto_skcipher_blocksize(tfm); unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; - u8 last_iv[bsize]; + u8 last_iv[MAX_CIPHER_BLOCKSIZE]; + + BUG_ON(bsize > sizeof(last_iv)); /* Start of the last block. */ src += nbytes - (nbytes & (bsize - 1)) - bsize; -- 2.17.1