Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

dm crypt: Avoid using MAX_CIPHER_BLOCKSIZE

MAX_CIPHER_BLOCKSIZE is an internal implementation detail and should
not be relied on by users of the Crypto API.

Instead of storing the IV on the stack, allocate it together with
the crypto request.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

+11 -4
+11 -4
drivers/md/dm-crypt.c
··· 31 31 #include <asm/unaligned.h> 32 32 #include <crypto/hash.h> 33 33 #include <crypto/md5.h> 34 - #include <crypto/algapi.h> 35 34 #include <crypto/skcipher.h> 36 35 #include <crypto/aead.h> 37 36 #include <crypto/authenc.h> 37 + #include <crypto/utils.h> 38 38 #include <linux/rtnetlink.h> /* for struct rtattr and RTA macros only */ 39 39 #include <linux/key-type.h> 40 40 #include <keys/user-type.h> ··· 745 745 static int crypt_iv_eboiv_gen(struct crypt_config *cc, u8 *iv, 746 746 struct dm_crypt_request *dmreq) 747 747 { 748 - u8 buf[MAX_CIPHER_BLOCKSIZE] __aligned(__alignof__(__le64)); 748 + struct crypto_skcipher *tfm = any_tfm(cc); 749 749 struct skcipher_request *req; 750 750 struct scatterlist src, dst; 751 751 DECLARE_CRYPTO_WAIT(wait); 752 + unsigned int reqsize; 752 753 int err; 754 + u8 *buf; 753 755 754 - req = skcipher_request_alloc(any_tfm(cc), GFP_NOIO); 756 + reqsize = ALIGN(crypto_skcipher_reqsize(tfm), __alignof__(__le64)); 757 + 758 + req = kmalloc(reqsize + cc->iv_size, GFP_NOIO); 755 759 if (!req) 756 760 return -ENOMEM; 757 761 762 + skcipher_request_set_tfm(req, tfm); 763 + 764 + buf = (u8 *)req + reqsize; 758 765 memset(buf, 0, cc->iv_size); 759 766 *(__le64 *)buf = cpu_to_le64(dmreq->iv_sector * cc->sector_size); 760 767 ··· 770 763 skcipher_request_set_crypt(req, &src, &dst, cc->iv_size, buf); 771 764 skcipher_request_set_callback(req, 0, crypto_req_done, &wait); 772 765 err = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); 773 - skcipher_request_free(req); 766 + kfree_sensitive(req); 774 767 775 768 return err; 776 769 }