From patchwork Tue Oct 22 15:14:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 177205 Delivered-To: patch@linaro.org Received: by 2002:a92:409a:0:0:0:0:0 with SMTP id d26csp5002097ill; Tue, 22 Oct 2019 08:14:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqwRr/Xv2E30pvu2hChzlyKn42RbZmvfqkW/aAngaZYvYQJVyn6PaIQd0elroHAL/44/tOQJ X-Received: by 2002:aa7:c248:: with SMTP id y8mr18568297edo.74.1571757287400; Tue, 22 Oct 2019 08:14:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571757287; cv=none; d=google.com; s=arc-20160816; b=eygr7CkhbpRbw/fY0DcNVPyekjAsWcJeZ8+0G70rFrCCCwBqbqYaNLLQdkOSNzdRcr B1c4hJqrcYKy8JC1oVa2Fo91vPpRJ9ERKv2X4bOxzP7ek2uBN+0N4+2uKdYMorJ/n32R GH3N+ku29KYULPSjqGx/TV8zHTS4qH10WeibW+61qOPw02kMpXzjYGQy7iXAx1ZwQj4Z pOWwEdcFNONF0ZQxbvRuDWfGFG3KZiRxW7v/u+3o/a15brz2iy5FmxHzMSIP4frUtzol svPVB9GqdC9Qpn1BFdRTz3sGSzuUOLJEMoVdoggDWhCgcfiG7YfID/IJB2lp+Ov0e9aC kscQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=+XV3Fv+vK2D1wGvzCeXAPGVIjIVfhIvxnnv7oj963Zw=; b=GF3VtmAnUMxdrjfqM2galCkXl4+wveD9PNJXOrn3szO41MQA+sNL78HVYSIz9AUir6 7dCecnSXA4Lfgc7BzbEIfxMsM9+ArwWGC3AFv5wm+8YDGPmhx6dUPxKx0UE7KN4UvXpB G9lPvzqNBLtGBikUeAGmAIj/NXqKiPOMysqL/I/FkfOZKfo/vl2cO0BMM0wUmKmUaOns y45SpijpUozdBJbrOUgFEgmaxCIQDLt2MCMaECVlbH8IWTvbXyncB/K6yAYveacfPHF1 gATYOblS/JQq6mBNQQpGt7pJLHGgpoXxMXQP35tTISWIkE7j3bM+hv/5xOqOupasNG06 vIng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y57si5355512edb.138.2019.10.22.08.14.47; Tue, 22 Oct 2019 08:14:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732163AbfJVPOn (ORCPT + 3 others); Tue, 22 Oct 2019 11:14:43 -0400 Received: from mout.kundenserver.de ([212.227.17.10]:48207 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731217AbfJVPOm (ORCPT ); Tue, 22 Oct 2019 11:14:42 -0400 Received: from threadripper.lan ([149.172.19.189]) by mrelayeu.kundenserver.de (mreue108 [212.227.15.145]) with ESMTPA (Nemesis) id 1Mgefy-1howQO1DYq-00h5Gs; Tue, 22 Oct 2019 17:14:24 +0200 From: Arnd Bergmann To: Antoine Tenart , Herbert Xu , "David S. Miller" Cc: Arnd Bergmann , Pascal van Leeuwen , Pascal van Leeuwen , Ard Biesheuvel , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] [v2] crypto: inside-secure - Reduce stack usage Date: Tue, 22 Oct 2019 17:14:13 +0200 Message-Id: <20191022151421.2070738-1-arnd@arndb.de> X-Mailer: git-send-email 2.20.0 MIME-Version: 1.0 X-Provags-ID: V03:K1:pqcp+K0sEi/P5yFUWgxVVEcF23D/yPVAcJF8awdcfDaTOwqQWoT 2hMql8OAX8C1UJagJ92f3cEMvaA88tFMOpKF7/PNlBb6rgHLhBqrXC+Ty4tdK910Bh6IO24 yv7TswO4T11bJo5BWYhboBfTkiRRcDIbuZ60jWc/2WrL+EfMgBQRR7VMDXkK/xr/xyavD+S HR8c+XJcvaclst8HfNrXA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1; V03:K0:vm0p90nu1Aw=:mBHfVJmjuC6ufwmQ85cSXl pbUSEqMbCU8ZRdHQEceAK1WBieArZ3UzZS1wxNAPJB2XJmJftp47PkuL8Qr0KezNIKDu2oeQ4 gI4S2D1xJphSinZTEgR6Y+V4G7BHogwwE4hCFoadAag4MRj1gQ1PSH11CpkMl2zvZtE1nFz0B 8WbaRuflYrLG3aQhioDf0XHwTxpnrcLP4689sPS1jVUX1wQ01heUU4ChPP5unGuXoI8HwypSQ fSpEEvJ7TVXfh0VErIHqn0sX/EK8ZikN5nbrOqt0l8a9qzp6PL1dIRIu+l7z7P3NX8IGDgxag g3sCtPAJl+3cgJd5IxlyIFKwCiR9n5wz2Ir8Rexrq9M+/1meCTi1OKUKNxDIVwVWJyfcOBgra p5OzjyqRI4nNSFit3sqCWzcTejri22MU/8pUAPLW15vmv5adh3bYqC0NIvsxb7ziPfh1Q2vBz rlI9Pa6Dk/uMEeozDIBPa3J36pOPuh6UD7lpBPWFIC4xpV4MD2LLcHTBxnW8khgAWdLvd430f k7v2fFcvEbWDFvjrdrpw4Qxfsoz5OXz9569dcJljkHUq8ayBnPumJXbyXNZWVW/qmBXgR9fkt tAKpc4ZCWYKMTmm9rvFEIfQ/vPzSLTs1pt9w7B99+5CMQjj2JIbEo8hr/4af52xom9akTCTnJ sHlIp3xQNDFQdPMeCHOt+8GZVuOkoKI+jPBH4nT4c0eBSv28rHF52uvwIk+Gsk9y7xBKjBYHP dlGUTk8F/Jepko7SU4SvO5ndDVPU+moB5kHM3tLsJTm8WLy85ayyH6DeKDQGi2pjBxUikZfLJ VmZe+0557bzD5/0mQH9EEcjQbauXJIit5nDOjSqy7SSZURWQXYv7yxJHNNxFiBQ1MQ4824J1J nJSo7tH+M2QtWNtp9CNQ== Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org safexcel_aead_setkey() contains three large stack variables, totalling slightly more than the 1024 byte warning limit: drivers/crypto/inside-secure/safexcel_cipher.c:303:12: error: stack frame size of 1032 bytes in function 'safexcel_aead_setkey' [-Werror,-Wframe-larger-than=] The function already contains a couple of dynamic allocations, so it is likely not performance critical and it can only be called in a context that allows sleeping, so the easiest workaround is to add change it to use dynamic allocations. Combining istate and ostate into a single variable simplifies the allocation at the cost of making it slightly less readable. Alternatively, it should be possible to shrink these allocations as the extra buffers appear to be largely unnecessary, but doing this would be a much more invasive change. Fixes: 0e17e3621a28 ("crypto: inside-secure - add support for authenc(hmac(sha*),rfc3686(ctr(aes))) suites") Signed-off-by: Arnd Bergmann --- v2: rebase against crypto/master --- .../crypto/inside-secure/safexcel_cipher.c | 55 ++++++++++++------- 1 file changed, 36 insertions(+), 19 deletions(-) -- 2.20.0 diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c index 407ebcd8d71f..1aade2fd6f1e 100644 --- a/drivers/crypto/inside-secure/safexcel_cipher.c +++ b/drivers/crypto/inside-secure/safexcel_cipher.c @@ -354,10 +354,10 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key, { struct crypto_tfm *tfm = crypto_aead_tfm(ctfm); struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); - struct safexcel_ahash_export_state istate, ostate; + struct safexcel_ahash_export_state *state; struct safexcel_crypto_priv *priv = ctx->priv; + struct crypto_aes_ctx *aes; struct crypto_authenc_keys keys; - struct crypto_aes_ctx aes; int err = -EINVAL; if (unlikely(crypto_authenc_extractkeys(&keys, key, len))) @@ -387,7 +387,14 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key, goto badkey_expflags; break; case SAFEXCEL_AES: - err = aes_expandkey(&aes, keys.enckey, keys.enckeylen); + aes = kzalloc(sizeof(*aes), GFP_KERNEL); + if (!aes) { + err = -ENOMEM; + goto badkey; + } + + err = aes_expandkey(aes, keys.enckey, keys.enckeylen); + kfree(aes); if (unlikely(err)) goto badkey; break; @@ -404,61 +411,71 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key, memcmp(ctx->key, keys.enckey, keys.enckeylen)) ctx->base.needs_inv = true; + state = kzalloc(sizeof(struct safexcel_ahash_export_state) * 2, GFP_KERNEL); + if (!state) { + err = -ENOMEM; + goto badkey; + } + /* Auth key */ switch (ctx->hash_alg) { case CONTEXT_CONTROL_CRYPTO_ALG_SHA1: if (safexcel_hmac_setkey("safexcel-sha1", keys.authkey, - keys.authkeylen, &istate, &ostate)) - goto badkey; + keys.authkeylen, &state[0], &state[1])) + goto badkey_free; break; case CONTEXT_CONTROL_CRYPTO_ALG_SHA224: if (safexcel_hmac_setkey("safexcel-sha224", keys.authkey, - keys.authkeylen, &istate, &ostate)) - goto badkey; + keys.authkeylen, &state[0], &state[1])) + goto badkey_free; break; case CONTEXT_CONTROL_CRYPTO_ALG_SHA256: if (safexcel_hmac_setkey("safexcel-sha256", keys.authkey, - keys.authkeylen, &istate, &ostate)) - goto badkey; + keys.authkeylen, &state[0], &state[1])) + goto badkey_free; break; case CONTEXT_CONTROL_CRYPTO_ALG_SHA384: if (safexcel_hmac_setkey("safexcel-sha384", keys.authkey, - keys.authkeylen, &istate, &ostate)) - goto badkey; + keys.authkeylen, &state[0], &state[1])) + goto badkey_free; break; case CONTEXT_CONTROL_CRYPTO_ALG_SHA512: if (safexcel_hmac_setkey("safexcel-sha512", keys.authkey, - keys.authkeylen, &istate, &ostate)) - goto badkey; + keys.authkeylen, &state[0], &state[1])) + goto badkey_free; break; case CONTEXT_CONTROL_CRYPTO_ALG_SM3: if (safexcel_hmac_setkey("safexcel-sm3", keys.authkey, - keys.authkeylen, &istate, &ostate)) + keys.authkeylen, &state[0], &state[1])) goto badkey; break; default: dev_err(priv->dev, "aead: unsupported hash algorithm\n"); - goto badkey; + goto badkey_free; } crypto_aead_set_flags(ctfm, crypto_aead_get_flags(ctfm) & CRYPTO_TFM_RES_MASK); if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma && - (memcmp(ctx->ipad, istate.state, ctx->state_sz) || - memcmp(ctx->opad, ostate.state, ctx->state_sz))) + (memcmp(ctx->ipad, &state[0].state, ctx->state_sz) || + memcmp(ctx->opad, &state[1].state, ctx->state_sz))) ctx->base.needs_inv = true; /* Now copy the keys into the context */ memcpy(ctx->key, keys.enckey, keys.enckeylen); ctx->key_len = keys.enckeylen; - memcpy(ctx->ipad, &istate.state, ctx->state_sz); - memcpy(ctx->opad, &ostate.state, ctx->state_sz); + memcpy(ctx->ipad, &state[0].state, ctx->state_sz); + memcpy(ctx->opad, &state[1].state, ctx->state_sz); memzero_explicit(&keys, sizeof(keys)); + kfree(state); + return 0; +badkey_free: + kfree(state); badkey: crypto_aead_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN); badkey_expflags: