[PATCH v2 3/4] crypto: skcipher - Remove VLA usage for SKCIPHER_REQUEST_ON_STACK

From: Kees Cook
Date: Thu Sep 06 2018 - 18:59:22 EST

Next message: Kees Cook: "[PATCH v2 1/4] crypto: skcipher - Consolidate encrypt/decrypt sanity check"
Previous message: Kees Cook: "[PATCH v2 2/4] crypto: skcipher - Enforce non-ASYNC for on-stack requests"
In reply to: Kees Cook: "Re: [PATCH v2 2/4] crypto: skcipher - Enforce non-ASYNC for on-stack requests"
Next in thread: Kees Cook: "[PATCH v2 1/4] crypto: skcipher - Consolidate encrypt/decrypt sanity check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In the quest to remove all stack VLA usage from the kernel[1], this caps
the non-ASYNC skcipher request size similar to other limits and adds a
sanity check at usage. After a review of all non-ASYNC algorithm callers
of crypto_skcipher_set_reqsize(), the largest appears to be 384:

4 struct sun4i_cipher_req_ctx
96 struct crypto_rfc3686_req_ctx
375 cts:
160 crypto_skcipher_blocksize(cipher) (max)
152 struct crypto_cts_reqctx
63 align_mask (max)
384 struct rctx (lrw, xts)

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@xxxxxxxxxxxxxx

Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
include/crypto/skcipher.h | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 3aabd5d098ed..cca216999bf1 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -144,9 +144,10 @@ struct skcipher_alg {
/*
* This must only ever be used with synchronous algorithms.
*/
+#define MAX_SYNC_SKCIPHER_REQSIZE 384
#define SKCIPHER_REQUEST_ON_STACK(name, tfm) \
char __##name##_desc[sizeof(struct skcipher_request) + \
- crypto_skcipher_reqsize(tfm)] CRYPTO_MINALIGN_ATTR = { 1 }; \
+ MAX_SYNC_SKCIPHER_REQSIZE] CRYPTO_MINALIGN_ATTR = { 1 }; \
struct skcipher_request *name = (void *)__##name##_desc

/**
@@ -412,6 +413,17 @@ static inline unsigned int crypto_skcipher_default_keysize(
return tfm->keysize;
}

+/**
+ * crypto_skcipher_reqsize() - obtain size of the request data structure
+ * @tfm: cipher handle
+ *
+ * Return: number of bytes
+ */
+static inline unsigned int crypto_skcipher_reqsize(struct crypto_skcipher *tfm)
+{
+ return tfm->reqsize;
+}
+
/**
* crypto_skcipher_reqtfm() - obtain cipher handle from request
* @req: skcipher_request out of which the cipher handle is to be obtained
@@ -446,6 +458,9 @@ static inline struct crypto_skcipher *crypto_skcipher_reqtfm_check(
if (WARN_ON(crypto_skcipher_alg(tfm)->base.cra_flags &
CRYPTO_ALG_ASYNC))
return ERR_PTR(-EINVAL);
+ if (WARN_ON(crypto_skcipher_reqsize(tfm) >
+ MAX_SYNC_SKCIPHER_REQSIZE))
+ return ERR_PTR(-ENOSPC);
}

if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
@@ -507,17 +522,6 @@ static inline int crypto_skcipher_decrypt(struct skcipher_request *req)
* skcipher handle to the crypto_skcipher_* API calls.
*/

-/**
- * crypto_skcipher_reqsize() - obtain size of the request data structure
- * @tfm: cipher handle
- *
- * Return: number of bytes
- */
-static inline unsigned int crypto_skcipher_reqsize(struct crypto_skcipher *tfm)
-{
- return tfm->reqsize;
-}
-
/**
* skcipher_request_set_tfm() - update cipher handle reference in request
* @req: request handle to be modified
--
2.17.1

Next message: Kees Cook: "[PATCH v2 1/4] crypto: skcipher - Consolidate encrypt/decrypt sanity check"
Previous message: Kees Cook: "[PATCH v2 2/4] crypto: skcipher - Enforce non-ASYNC for on-stack requests"
In reply to: Kees Cook: "Re: [PATCH v2 2/4] crypto: skcipher - Enforce non-ASYNC for on-stack requests"
Next in thread: Kees Cook: "[PATCH v2 1/4] crypto: skcipher - Consolidate encrypt/decrypt sanity check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]