Menu
▾
▴
linux-ima-user — Q&A for users of IMA
This list is closed, nobody may subscribe to it.
| 2007 |
Jan
|
Feb
(10) |
Mar
(26) |
Apr
(8) |
May
(3) |
Jun
|
Jul
(26) |
Aug
(10) |
Sep
|
Oct
|
Nov
(2) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
(13) |
Mar
(4) |
Apr
(3) |
May
(5) |
Jun
|
Jul
(7) |
Aug
(8) |
Sep
(5) |
Oct
(16) |
Nov
|
Dec
(6) |
| 2009 |
Jan
(2) |
Feb
|
Mar
(3) |
Apr
|
May
|
Jun
(19) |
Jul
(4) |
Aug
|
Sep
(13) |
Oct
(10) |
Nov
(12) |
Dec
(2) |
| 2010 |
Jan
|
Feb
(2) |
Mar
(17) |
Apr
(28) |
May
|
Jun
(17) |
Jul
(11) |
Aug
(12) |
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
| 2011 |
Jan
|
Feb
|
Mar
(20) |
Apr
(10) |
May
(1) |
Jun
|
Jul
|
Aug
(15) |
Sep
(14) |
Oct
(2) |
Nov
|
Dec
|
| 2012 |
Jan
(1) |
Feb
(53) |
Mar
(15) |
Apr
(4) |
May
(2) |
Jun
(13) |
Jul
|
Aug
|
Sep
(12) |
Oct
|
Nov
|
Dec
(6) |
| 2013 |
Jan
(7) |
Feb
(8) |
Mar
(4) |
Apr
(5) |
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(6) |
Oct
|
Nov
(5) |
Dec
(8) |
| 2014 |
Jan
(17) |
Feb
(24) |
Mar
(8) |
Apr
(7) |
May
(18) |
Jun
(15) |
Jul
(5) |
Aug
(2) |
Sep
(49) |
Oct
(28) |
Nov
(7) |
Dec
(30) |
| 2015 |
Jan
(40) |
Feb
|
Mar
(9) |
Apr
(2) |
May
(9) |
Jun
(31) |
Jul
(33) |
Aug
(5) |
Sep
(20) |
Oct
|
Nov
(3) |
Dec
(12) |
| 2016 |
Jan
(14) |
Feb
(29) |
Mar
(10) |
Apr
(4) |
May
(4) |
Jun
|
Jul
(5) |
Aug
(19) |
Sep
(21) |
Oct
(2) |
Nov
(36) |
Dec
(30) |
| 2017 |
Jan
(101) |
Feb
(12) |
Mar
(7) |
Apr
(2) |
May
(29) |
Jun
(22) |
Jul
(7) |
Aug
(93) |
Sep
(27) |
Oct
(39) |
Nov
|
Dec
|
|
From: <be...@co...> - 2014-09-23 04:42:59
|
From: Jan-Simon Möller <dl...@gm...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller <dl...@gm...>
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Acked-by: Herbert Xu <he...@go...>
---
drivers/crypto/ccp/ccp-crypto-sha.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c b/drivers/crypto/ccp/ccp-crypto-sha.c
index 873f234..9653157 100644
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -198,10 +198,9 @@ static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
{
struct ccp_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
struct crypto_shash *shash = ctx->u.sha.hmac_tfm;
- struct {
- struct shash_desc sdesc;
- char ctx[crypto_shash_descsize(shash)];
- } desc;
+
+ SHASH_DESC_ON_STACK(sdesc, shash);
+
unsigned int block_size = crypto_shash_blocksize(shash);
unsigned int digest_size = crypto_shash_digestsize(shash);
int i, ret;
@@ -216,11 +215,11 @@ static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
if (key_len > block_size) {
/* Must hash the input key */
- desc.sdesc.tfm = shash;
- desc.sdesc.flags = crypto_ahash_get_flags(tfm) &
+ sdesc->tfm = shash;
+ sdesc->flags = crypto_ahash_get_flags(tfm) &
CRYPTO_TFM_REQ_MAY_SLEEP;
- ret = crypto_shash_digest(&desc.sdesc, key, key_len,
+ ret = crypto_shash_digest(sdesc, key, key_len,
ctx->u.sha.key);
if (ret) {
crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
--
1.9.1
|
|
From: <be...@co...> - 2014-09-23 04:42:57
|
From: Vinícius Tinti <vin...@gm...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch instead allocates the appropriate amount of
memory using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Vinícius Tinti <vin...@gm...>
Reviewed-by: Jan-Simon Möller <dl...@gm...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Signed-off-by: Behan Webster <be...@co...>
Acked-by: Chris Mason <cl...@fb...>
Acked-by: Herbert Xu <he...@go...>
Cc: "David S. Miller" <da...@da...>
---
fs/btrfs/hash.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/fs/btrfs/hash.c b/fs/btrfs/hash.c
index 85889aa..4bf4d3a 100644
--- a/fs/btrfs/hash.c
+++ b/fs/btrfs/hash.c
@@ -33,18 +33,16 @@ void btrfs_hash_exit(void)
u32 btrfs_crc32c(u32 crc, const void *address, unsigned int length)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
+ u32 *ctx = (u32 *)shash_desc_ctx(shash);
int err;
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
- *(u32 *)desc.ctx = crc;
+ shash->tfm = tfm;
+ shash->flags = 0;
+ *ctx = crc;
- err = crypto_shash_update(&desc.shash, address, length);
+ err = crypto_shash_update(shash, address, length);
BUG_ON(err);
- return *(u32 *)desc.ctx;
+ return *ctx;
}
--
1.9.1
|
|
From: <be...@co...> - 2014-09-23 04:42:53
|
From: Behan Webster <be...@co...>
Add a macro which replaces the use of a Variable Length Array In Struct (VLAIS)
with a C99 compliant equivalent. This macro instead allocates the appropriate
amount of memory using an char array.
The new code can be compiled with both gcc and clang.
struct shash_desc contains a flexible array member member ctx declared with
CRYPTO_MINALIGN_ATTR, so sizeof(struct shash_desc) aligns the beginning
of the array declared after struct shash_desc with long long.
No trailing padding is required because it is not a struct type that can
be used in an array.
The CRYPTO_MINALIGN_ATTR is required so that desc is aligned with long long
as would be the case for a struct containing a member with
CRYPTO_MINALIGN_ATTR.
If you want to get to the ctx at the end of the shash_desc as before you can do
so using shash_desc_ctx(shash)
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Acked-by: Herbert Xu <he...@go...>
Cc: Michał Mirosław <mi...@gm...>
---
include/crypto/hash.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index a391955..74b13ec 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -58,6 +58,11 @@ struct shash_desc {
void *__ctx[] CRYPTO_MINALIGN_ATTR;
};
+#define SHASH_DESC_ON_STACK(shash, ctx) \
+ char __##shash##_desc[sizeof(struct shash_desc) + \
+ crypto_shash_descsize(ctx)] CRYPTO_MINALIGN_ATTR; \
+ struct shash_desc *shash = (struct shash_desc *)__##shash##_desc
+
struct shash_alg {
int (*init)(struct shash_desc *desc);
int (*update)(struct shash_desc *desc, const u8 *data,
--
1.9.1
|
|
From: <be...@co...> - 2014-09-23 04:42:51
|
From: Behan Webster <be...@co...> Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99 compliant equivalent. These patches allocate the appropriate amount of memory using a char array using the SHASH_DESC_ON_STACK macro. There are places in the kernel whose maintainers have previously taken our patches to remove VLAIS from their crypto code. Once this patch set is accepted into mainline, I'll go back and resubmit patches to these maintainers to use this new macro so the same approach is used consistently in all places in the kernel. The LLVMLinux project aims to fully build the Linux kernel using both gcc and clang (the C front end for the LLVM compiler infrastructure project). Behan Webster (6): crypto: LLVMLinux: Add macro to remove use of VLAIS in crypto code crypto: LLVMLinux: Remove VLAIS from crypto/mv_cesa.c crypto: LLVMLinux: Remove VLAIS from crypto/n2_core.c crypto: LLVMLinux: Remove VLAIS from crypto/omap_sham.c crypto: LLVMLinux: Remove VLAIS from crypto/.../qat_algs.c security, crypto: LLVMLinux: Remove VLAIS from ima_crypto.c Jan-Simon Möller (5): crypto: LLVMLinux: Remove VLAIS from crypto/ccp/ccp-crypto-sha.c crypto, dm: LLVMLinux: Remove VLAIS usage from dm-crypt crypto: LLVMLinux: Remove VLAIS usage from crypto/hmac.c crypto: LLVMLinux: Remove VLAIS usage from libcrc32c.c crypto: LLVMLinux: Remove VLAIS usage from crypto/testmgr.c Vinícius Tinti (1): btrfs: LLVMLinux: Remove VLAIS crypto/hmac.c | 25 ++++++++--------- crypto/testmgr.c | 14 ++++------ drivers/crypto/ccp/ccp-crypto-sha.c | 13 ++++----- drivers/crypto/mv_cesa.c | 41 ++++++++++++---------------- drivers/crypto/n2_core.c | 11 +++----- drivers/crypto/omap-sham.c | 28 ++++++++----------- drivers/crypto/qat/qat_common/qat_algs.c | 31 ++++++++++----------- drivers/md/dm-crypt.c | 34 ++++++++++------------- fs/btrfs/hash.c | 16 +++++------ include/crypto/hash.h | 5 ++++ lib/libcrc32c.c | 16 +++++------ security/integrity/ima/ima_crypto.c | 47 +++++++++++++------------------- 12 files changed, 122 insertions(+), 159 deletions(-) -- 1.9.1 |
|
From: Behan W. <be...@co...> - 2014-09-17 15:26:30
|
On 09/17/14 04:30, Herbert Xu wrote: > On Wed, Sep 17, 2014 at 02:15:40PM +0300, Dmitry Kasatkin wrote: >> On 17/09/14 12:22, Herbert Xu wrote: >>> On Mon, Sep 15, 2014 at 12:30:23AM -0700, be...@co... wrote: >>>> From: Behan Webster <be...@co...> >>>> >>>> Add a macro which replaces the use of a Variable Length Array In Struct (VLAIS) >>>> with a C99 compliant equivalent. This macro instead allocates the appropriate >>>> amount of memory using an char array. >>>> >>>> The new code can be compiled with both gcc and clang. >>>> >>>> struct shash_desc contains a flexible array member member ctx declared with >>>> CRYPTO_MINALIGN_ATTR, so sizeof(struct shash_desc) aligns the beginning >>>> of the array declared after struct shash_desc with long long. >>>> >>>> No trailing padding is required because it is not a struct type that can >>>> be used in an array. >>>> >>>> The CRYPTO_MINALIGN_ATTR is required so that desc is aligned with long long >>>> as would be the case for a struct containing a member with >>>> CRYPTO_MINALIGN_ATTR. >>>> >>>> Signed-off-by: Behan Webster <be...@co...> >>> Acked-by: Herbert Xu <he...@go...> >>> >>> Thanks, >> Just in case. >> I would still follow advice from "Michał Mirosław" to use shash##__desc[] Absolutely. I will be posting a v4 patchset . Just waiting a bit more for more comments on v3. The macro from v4 will look like this which I believe will satisfy the concern and indeed be safer than my previous version. +#define SHASH_DESC_ON_STACK(shash, tfm) \ + char __##shash##_desc[sizeof(struct shash_desc) + \ + crypto_shash_descsize(tfm)] CRYPTO_MINALIGN_ATTR; \ + struct shash_desc *shash = (struct shash_desc *)__##shash##_desc Hmm. Is it worth adding a comment with this macro explaining the reason this works? Essentially much of what is in the commit message? > Oh yes of course. My ack is more about the approach. Wonderful! Indeed. I would have asked for you to wait for v4 anyways. :) Thank you, Behan -- Behan Webster be...@co... |
|
From: Chris M. <cl...@fb...> - 2014-09-17 14:17:37
|
On 09/15/2014 03:30 AM, be...@co... wrote:
> From: Vinícius Tinti <vin...@gm...>
>
> Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
> compliant equivalent. This is the original VLAIS struct.
>
> struct {
> struct shash_desc shash;
> char ctx[crypto_shash_descsize(tfm)];
> } desc;
>
> This patch instead allocates the appropriate amount of memory using a
> char array using the SHASH_DESC_ON_STACK macro.
>
> The new code can be compiled with both gcc and clang.
>
> Signed-off-by: Vinícius Tinti <vin...@gm...>
> Reviewed-by: Jan-Simon Möller <dl...@gm...>
> Reviewed-by: Mark Charlebois <cha...@gm...>
> Signed-off-by: Behan Webster <be...@co...>
> Cc: "David S. Miller" <da...@da...>
> Cc: Herbert Xu <he...@go...>
Acked-by: Chris Mason <cl...@fb...>
On the btrfs bits. Thanks for the v3.
-chris
|
|
From: Herbert Xu <he...@go...> - 2014-09-17 11:31:15
|
On Wed, Sep 17, 2014 at 02:15:40PM +0300, Dmitry Kasatkin wrote: > On 17/09/14 12:22, Herbert Xu wrote: > > On Mon, Sep 15, 2014 at 12:30:23AM -0700, be...@co... wrote: > >> From: Behan Webster <be...@co...> > >> > >> Add a macro which replaces the use of a Variable Length Array In Struct (VLAIS) > >> with a C99 compliant equivalent. This macro instead allocates the appropriate > >> amount of memory using an char array. > >> > >> The new code can be compiled with both gcc and clang. > >> > >> struct shash_desc contains a flexible array member member ctx declared with > >> CRYPTO_MINALIGN_ATTR, so sizeof(struct shash_desc) aligns the beginning > >> of the array declared after struct shash_desc with long long. > >> > >> No trailing padding is required because it is not a struct type that can > >> be used in an array. > >> > >> The CRYPTO_MINALIGN_ATTR is required so that desc is aligned with long long > >> as would be the case for a struct containing a member with > >> CRYPTO_MINALIGN_ATTR. > >> > >> Signed-off-by: Behan Webster <be...@co...> > > Acked-by: Herbert Xu <he...@go...> > > > > Thanks, > > Just in case. > I would still follow advice from "Michał Mirosław" to use shash##__desc[] Oh yes of course. My ack is more about the approach. Cheers, -- Email: Herbert Xu <he...@go...> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt |
|
From: Dmitry K. <d.k...@sa...> - 2014-09-17 11:15:20
|
On 17/09/14 12:22, Herbert Xu wrote: > On Mon, Sep 15, 2014 at 12:30:23AM -0700, be...@co... wrote: >> From: Behan Webster <be...@co...> >> >> Add a macro which replaces the use of a Variable Length Array In Struct (VLAIS) >> with a C99 compliant equivalent. This macro instead allocates the appropriate >> amount of memory using an char array. >> >> The new code can be compiled with both gcc and clang. >> >> struct shash_desc contains a flexible array member member ctx declared with >> CRYPTO_MINALIGN_ATTR, so sizeof(struct shash_desc) aligns the beginning >> of the array declared after struct shash_desc with long long. >> >> No trailing padding is required because it is not a struct type that can >> be used in an array. >> >> The CRYPTO_MINALIGN_ATTR is required so that desc is aligned with long long >> as would be the case for a struct containing a member with >> CRYPTO_MINALIGN_ATTR. >> >> Signed-off-by: Behan Webster <be...@co...> > Acked-by: Herbert Xu <he...@go...> > > Thanks, Just in case. I would still follow advice from "Michał Mirosław" to use shash##__desc[] - Dmitry |
|
From: Herbert Xu <he...@go...> - 2014-09-17 10:07:34
|
On Mon, Sep 15, 2014 at 12:30:23AM -0700, be...@co... wrote: > From: Behan Webster <be...@co...> > > Add a macro which replaces the use of a Variable Length Array In Struct (VLAIS) > with a C99 compliant equivalent. This macro instead allocates the appropriate > amount of memory using an char array. > > The new code can be compiled with both gcc and clang. > > struct shash_desc contains a flexible array member member ctx declared with > CRYPTO_MINALIGN_ATTR, so sizeof(struct shash_desc) aligns the beginning > of the array declared after struct shash_desc with long long. > > No trailing padding is required because it is not a struct type that can > be used in an array. > > The CRYPTO_MINALIGN_ATTR is required so that desc is aligned with long long > as would be the case for a struct containing a member with > CRYPTO_MINALIGN_ATTR. > > Signed-off-by: Behan Webster <be...@co...> Acked-by: Herbert Xu <he...@go...> Thanks, -- Email: Herbert Xu <he...@go...> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt |
|
From: Dmitry K. <d.k...@sa...> - 2014-09-17 08:43:13
|
Hello,
It seems the patch does not change default behavior which forbids
opening files with O_DIRECT when IMA is enabled.
It only disallows policy to have permit_directio option to "permit"
opening of files with O_DIRECT.
Was it the real intention of the patch?
I could imaging such patch which change default behavior and "allow" to
open files with O_DIRECT without permit_directio policy option.
Otherwise I feel it does not bring any advantage over policy option.
Thanks,
Dmitry
On 16/09/14 23:12, Mimi Zohar wrote:
> Commit f9b2a73 "ima: audit log files opened with "O_DIRECT"
> resolved a lockdep, by defining the "permit_directio" policy rule
> option, which allowed files to be opened without being measured,
> appraised or audit logged. All other files opened with the
> "O_DIRECT" flag were denied.
>
> Since not all file systems support the "O_DIRECT" flag, on failure
> applications are suppose to automatically retry opening the file
> without the flag. This is indeed what happens for the original
> Debian boot lockdep report ("CONCURRENCY=makefile").
>
> Unfortunately it is impossible to know whether all applications
> fallback to opening the file without the O_DIRECT flag. For now,
> this patch further restricts allowing the "permit_directio" policy
> option requiring it to be configured.
>
> Signed-off-by: Mimi Zohar <zo...@li...>
> ---
> security/integrity/ima/Kconfig | 14 ++++++++++++++
> security/integrity/ima/ima_policy.c | 4 ++++
> 2 files changed, 18 insertions(+)
>
> diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> index e099875..5a4d483 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -44,6 +44,20 @@ config IMA_LSM_RULES
> help
> Disabling this option will disregard LSM based policy rules.
>
> +config IMA_PERMIT_DIRECTIO
> + bool "permit files opened with O_DIRECT flag"
> + depends on IMA
> + default n
> + help
> + Since not all files systems support the open "O_DIRECT" flag,
> + on failure applications are suppose to retry opening the file
> + without it. For those applications that absolutely require
> + "O_DIRECT", permit the open without measuring, appraising or
> + audit logging the file.
> +
> + Permitting open with O_DIRECT flag will result in measurement,
> + appraisal, or audit logging gaps. Not recommended.
> +
> choice
> prompt "Default template"
> default IMA_NG_TEMPLATE
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 07099a8..7bd774e 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -629,7 +629,11 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
> result = -EINVAL;
> break;
> case Opt_permit_directio:
> +#ifdef CONFIG_IMA_PERMIT_DIRECTIO
> entry->flags |= IMA_PERMIT_DIRECTIO;
> +#else
> + result = -EINVAL;
> +#endif
> break;
> case Opt_err:
> ima_log_string(ab, "UNKNOWN", p);
|
|
From: Mimi Z. <zo...@li...> - 2014-09-16 20:12:13
|
Commit f9b2a73 "ima: audit log files opened with "O_DIRECT"
resolved a lockdep, by defining the "permit_directio" policy rule
option, which allowed files to be opened without being measured,
appraised or audit logged. All other files opened with the
"O_DIRECT" flag were denied.
Since not all file systems support the "O_DIRECT" flag, on failure
applications are suppose to automatically retry opening the file
without the flag. This is indeed what happens for the original
Debian boot lockdep report ("CONCURRENCY=makefile").
Unfortunately it is impossible to know whether all applications
fallback to opening the file without the O_DIRECT flag. For now,
this patch further restricts allowing the "permit_directio" policy
option requiring it to be configured.
Signed-off-by: Mimi Zohar <zo...@li...>
---
security/integrity/ima/Kconfig | 14 ++++++++++++++
security/integrity/ima/ima_policy.c | 4 ++++
2 files changed, 18 insertions(+)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index e099875..5a4d483 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -44,6 +44,20 @@ config IMA_LSM_RULES
help
Disabling this option will disregard LSM based policy rules.
+config IMA_PERMIT_DIRECTIO
+ bool "permit files opened with O_DIRECT flag"
+ depends on IMA
+ default n
+ help
+ Since not all files systems support the open "O_DIRECT" flag,
+ on failure applications are suppose to retry opening the file
+ without it. For those applications that absolutely require
+ "O_DIRECT", permit the open without measuring, appraising or
+ audit logging the file.
+
+ Permitting open with O_DIRECT flag will result in measurement,
+ appraisal, or audit logging gaps. Not recommended.
+
choice
prompt "Default template"
default IMA_NG_TEMPLATE
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 07099a8..7bd774e 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -629,7 +629,11 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
result = -EINVAL;
break;
case Opt_permit_directio:
+#ifdef CONFIG_IMA_PERMIT_DIRECTIO
entry->flags |= IMA_PERMIT_DIRECTIO;
+#else
+ result = -EINVAL;
+#endif
break;
case Opt_err:
ima_log_string(ab, "UNKNOWN", p);
--
1.8.1.4
|
|
From: Behan W. <be...@co...> - 2014-09-15 14:25:58
|
On 09/15/14 07:21, Linus Torvalds wrote: > On Mon, Sep 15, 2014 at 12:30 AM, <be...@co...> wrote: >> From: Behan Webster <be...@co...> >> >> Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99 >> compliant equivalent. This patch allocates the appropriate amount of memory >> using a char array using the SHASH_DESC_ON_STACK macro. > You only made the first case use SHASH_DESC_ON_STACK, the two other > cases you left in the ugly format. Was that just an oversight, or was > there some reason for it? > Oversight. Will Fix. Behan -- Behan Webster be...@co... |
|
From: Linus T. <tor...@li...> - 2014-09-15 14:21:53
|
On Mon, Sep 15, 2014 at 12:30 AM, <be...@co...> wrote:
> From: Behan Webster <be...@co...>
>
> Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
> compliant equivalent. This patch allocates the appropriate amount of memory
> using a char array using the SHASH_DESC_ON_STACK macro.
You only made the first case use SHASH_DESC_ON_STACK, the two other
cases you left in the ugly format. Was that just an oversight, or was
there some reason for it?
Linus
|
|
From: Behan W. <be...@co...> - 2014-09-15 08:37:55
|
On 09/15/14 01:06, Michał Mirosław wrote: > 2014-09-15 9:30 GMT+02:00 <be...@co...>: > [...] >> +#define SHASH_DESC_ON_STACK(shash, tfm) \ >> + char __desc[sizeof(struct shash_desc) + \ >> + crypto_shash_descsize(tfm)] CRYPTO_MINALIGN_ATTR; \ >> + struct shash_desc *shash = (struct shash_desc *)__desc >> + > char shash##__desc[] or similar? Otherwise it won't work if you use > this macro twice in the same block. > > Best Regards, > Michał Mirosław Good thinking. Will fix. Behan -- Behan Webster be...@co... |
|
From: Michał M. <mi...@gm...> - 2014-09-15 08:07:21
|
2014-09-15 9:30 GMT+02:00 <be...@co...>: [...] > +#define SHASH_DESC_ON_STACK(shash, tfm) \ > + char __desc[sizeof(struct shash_desc) + \ > + crypto_shash_descsize(tfm)] CRYPTO_MINALIGN_ATTR; \ > + struct shash_desc *shash = (struct shash_desc *)__desc > + char shash##__desc[] or similar? Otherwise it won't work if you use this macro twice in the same block. Best Regards, Michał Mirosław |
|
From: <be...@co...> - 2014-09-15 07:32:06
|
From: Jan-Simon Möller <dl...@gm...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller <dl...@gm...>
Signed-off-by: Behan Webster <be...@co...>
Cc: pag...@fr...
---
crypto/testmgr.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index ac2b631..b959c0c 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1714,16 +1714,14 @@ static int alg_test_crc32c(const struct alg_test_desc *desc,
}
do {
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } sdesc;
+ SHASH_DESC_ON_STACK(shash, tfm);
+ u32 *ctx = (u32 *)shash_desc_ctx(shash);
- sdesc.shash.tfm = tfm;
- sdesc.shash.flags = 0;
+ shash->tfm = tfm;
+ shash->flags = 0;
- *(u32 *)sdesc.ctx = le32_to_cpu(420553207);
- err = crypto_shash_final(&sdesc.shash, (u8 *)&val);
+ *ctx = le32_to_cpu(420553207);
+ err = crypto_shash_final(shash, (u8 *)&val);
if (err) {
printk(KERN_ERR "alg: crc32c: Operation failed for "
"%s: %d\n", driver, err);
--
1.9.1
|
|
From: <be...@co...> - 2014-09-15 07:32:04
|
From: Jan-Simon Möller <dl...@gm...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller <dl...@gm...>
Signed-off-by: Behan Webster <be...@co...>
Cc: pag...@fr...
Cc: "David S. Miller" <da...@da...>
Cc: Herbert Xu <he...@go...>
---
lib/libcrc32c.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c
index b3131f5..6a08ce7 100644
--- a/lib/libcrc32c.c
+++ b/lib/libcrc32c.c
@@ -41,20 +41,18 @@ static struct crypto_shash *tfm;
u32 crc32c(u32 crc, const void *address, unsigned int length)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
+ u32 *ctx = (u32 *)shash_desc_ctx(shash);
int err;
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
- *(u32 *)desc.ctx = crc;
+ shash->tfm = tfm;
+ shash->flags = 0;
+ *ctx = crc;
- err = crypto_shash_update(&desc.shash, address, length);
+ err = crypto_shash_update(shash, address, length);
BUG_ON(err);
- return *(u32 *)desc.ctx;
+ return *ctx;
}
EXPORT_SYMBOL(crc32c);
--
1.9.1
|
|
From: <be...@co...> - 2014-09-15 07:32:03
|
From: Behan Webster <be...@co...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Reviewed-by: Jan-Simon Möller <dl...@gm...>
Cc: tg...@li...
---
security/integrity/ima/ima_crypto.c | 51 +++++++++++++++++--------------------
1 file changed, 23 insertions(+), 28 deletions(-)
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 0bd7328..bb55737 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -380,17 +380,14 @@ static int ima_calc_file_hash_tfm(struct file *file,
loff_t i_size, offset = 0;
char *rbuf;
int rc, read = 0;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash->tfm = tfm;
+ shash->flags = 0;
hash->length = crypto_shash_digestsize(tfm);
- rc = crypto_shash_init(&desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -420,7 +417,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
break;
offset += rbuf_len;
- rc = crypto_shash_update(&desc.shash, rbuf, rbuf_len);
+ rc = crypto_shash_update(shash, rbuf, rbuf_len);
if (rc)
break;
}
@@ -429,7 +426,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
kfree(rbuf);
out:
if (!rc)
- rc = crypto_shash_final(&desc.shash, hash->digest);
+ rc = crypto_shash_final(shash, hash->digest);
return rc;
}
@@ -487,18 +484,17 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
struct ima_digest_data *hash,
struct crypto_shash *tfm)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ char desc[sizeof(struct shash_desc) +
+ crypto_shash_descsize(tfm)] CRYPTO_MINALIGN_ATTR;
+ struct shash_desc *shash = (struct shash_desc *)desc;
int rc, i;
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash->tfm = tfm;
+ shash->flags = 0;
hash->length = crypto_shash_digestsize(tfm);
- rc = crypto_shash_init(&desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -508,7 +504,7 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
u32 datalen = field_data[i].len;
if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
- rc = crypto_shash_update(&desc.shash,
+ rc = crypto_shash_update(shash,
(const u8 *) &field_data[i].len,
sizeof(field_data[i].len));
if (rc)
@@ -518,13 +514,13 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
data_to_hash = buffer;
datalen = IMA_EVENT_NAME_LEN_MAX + 1;
}
- rc = crypto_shash_update(&desc.shash, data_to_hash, datalen);
+ rc = crypto_shash_update(shash, data_to_hash, datalen);
if (rc)
break;
}
if (!rc)
- rc = crypto_shash_final(&desc.shash, hash->digest);
+ rc = crypto_shash_final(shash, hash->digest);
return rc;
}
@@ -565,15 +561,14 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest,
{
u8 pcr_i[TPM_DIGEST_SIZE];
int rc, i;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ char desc[sizeof(struct shash_desc) +
+ crypto_shash_descsize(tfm)] CRYPTO_MINALIGN_ATTR;
+ struct shash_desc *shash = (struct shash_desc *)desc;
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash->tfm = tfm;
+ shash->flags = 0;
- rc = crypto_shash_init(&desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -581,10 +576,10 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest,
for (i = TPM_PCR0; i < TPM_PCR8; i++) {
ima_pcrread(i, pcr_i);
/* now accumulate with current aggregate */
- rc = crypto_shash_update(&desc.shash, pcr_i, TPM_DIGEST_SIZE);
+ rc = crypto_shash_update(shash, pcr_i, TPM_DIGEST_SIZE);
}
if (!rc)
- crypto_shash_final(&desc.shash, digest);
+ crypto_shash_final(shash, digest);
return rc;
}
--
1.9.1
|
|
From: <be...@co...> - 2014-09-15 07:31:58
|
From: Jan-Simon Möller <dl...@gm...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller <dl...@gm...>
Signed-off-by: Behan Webster <be...@co...>
Cc: pag...@fr...
---
crypto/hmac.c | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 8d9544c..e392219 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -52,20 +52,17 @@ static int hmac_setkey(struct crypto_shash *parent,
struct hmac_ctx *ctx = align_ptr(opad + ss,
crypto_tfm_ctx_alignment());
struct crypto_shash *hash = ctx->hash;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(hash)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, hash);
unsigned int i;
- desc.shash.tfm = hash;
- desc.shash.flags = crypto_shash_get_flags(parent) &
- CRYPTO_TFM_REQ_MAY_SLEEP;
+ shash->tfm = hash;
+ shash->flags = crypto_shash_get_flags(parent)
+ & CRYPTO_TFM_REQ_MAY_SLEEP;
if (keylen > bs) {
int err;
- err = crypto_shash_digest(&desc.shash, inkey, keylen, ipad);
+ err = crypto_shash_digest(shash, inkey, keylen, ipad);
if (err)
return err;
@@ -81,12 +78,12 @@ static int hmac_setkey(struct crypto_shash *parent,
opad[i] ^= 0x5c;
}
- return crypto_shash_init(&desc.shash) ?:
- crypto_shash_update(&desc.shash, ipad, bs) ?:
- crypto_shash_export(&desc.shash, ipad) ?:
- crypto_shash_init(&desc.shash) ?:
- crypto_shash_update(&desc.shash, opad, bs) ?:
- crypto_shash_export(&desc.shash, opad);
+ return crypto_shash_init(shash) ?:
+ crypto_shash_update(shash, ipad, bs) ?:
+ crypto_shash_export(shash, ipad) ?:
+ crypto_shash_init(shash) ?:
+ crypto_shash_update(shash, opad, bs) ?:
+ crypto_shash_export(shash, opad);
}
static int hmac_export(struct shash_desc *pdesc, void *out)
--
1.9.1
|
|
From: <be...@co...> - 2014-09-15 07:31:54
|
From: Jan-Simon Möller <dl...@gm...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller <dl...@gm...>
Signed-off-by: Behan Webster <be...@co...>
Cc: pag...@fr...
Cc: gma...@gm...
Cc: "David S. Miller" <da...@da...>
Cc: Herbert Xu <he...@go...>
---
drivers/md/dm-crypt.c | 34 ++++++++++++++--------------------
1 file changed, 14 insertions(+), 20 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index cd15e08..fc93b93 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -526,29 +526,26 @@ static int crypt_iv_lmk_one(struct crypt_config *cc, u8 *iv,
u8 *data)
{
struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
- struct {
- struct shash_desc desc;
- char ctx[crypto_shash_descsize(lmk->hash_tfm)];
- } sdesc;
+ SHASH_DESC_ON_STACK(desc, lmk->hash_tfm);
struct md5_state md5state;
__le32 buf[4];
int i, r;
- sdesc.desc.tfm = lmk->hash_tfm;
- sdesc.desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+ desc->tfm = lmk->hash_tfm;
+ desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
- r = crypto_shash_init(&sdesc.desc);
+ r = crypto_shash_init(desc);
if (r)
return r;
if (lmk->seed) {
- r = crypto_shash_update(&sdesc.desc, lmk->seed, LMK_SEED_SIZE);
+ r = crypto_shash_update(desc, lmk->seed, LMK_SEED_SIZE);
if (r)
return r;
}
/* Sector is always 512B, block size 16, add data of blocks 1-31 */
- r = crypto_shash_update(&sdesc.desc, data + 16, 16 * 31);
+ r = crypto_shash_update(desc, data + 16, 16 * 31);
if (r)
return r;
@@ -557,12 +554,12 @@ static int crypt_iv_lmk_one(struct crypt_config *cc, u8 *iv,
buf[1] = cpu_to_le32((((u64)dmreq->iv_sector >> 32) & 0x00FFFFFF) | 0x80000000);
buf[2] = cpu_to_le32(4024);
buf[3] = 0;
- r = crypto_shash_update(&sdesc.desc, (u8 *)buf, sizeof(buf));
+ r = crypto_shash_update(desc, (u8 *)buf, sizeof(buf));
if (r)
return r;
/* No MD5 padding here */
- r = crypto_shash_export(&sdesc.desc, &md5state);
+ r = crypto_shash_export(desc, &md5state);
if (r)
return r;
@@ -679,10 +676,7 @@ static int crypt_iv_tcw_whitening(struct crypt_config *cc,
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
u64 sector = cpu_to_le64((u64)dmreq->iv_sector);
u8 buf[TCW_WHITENING_SIZE];
- struct {
- struct shash_desc desc;
- char ctx[crypto_shash_descsize(tcw->crc32_tfm)];
- } sdesc;
+ SHASH_DESC_ON_STACK(desc, tcw->crc32_tfm);
int i, r;
/* xor whitening with sector number */
@@ -691,16 +685,16 @@ static int crypt_iv_tcw_whitening(struct crypt_config *cc,
crypto_xor(&buf[8], (u8 *)§or, 8);
/* calculate crc32 for every 32bit part and xor it */
- sdesc.desc.tfm = tcw->crc32_tfm;
- sdesc.desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+ desc->tfm = tcw->crc32_tfm;
+ desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
for (i = 0; i < 4; i++) {
- r = crypto_shash_init(&sdesc.desc);
+ r = crypto_shash_init(desc);
if (r)
goto out;
- r = crypto_shash_update(&sdesc.desc, &buf[i * 4], 4);
+ r = crypto_shash_update(desc, &buf[i * 4], 4);
if (r)
goto out;
- r = crypto_shash_final(&sdesc.desc, &buf[i * 4]);
+ r = crypto_shash_final(desc, &buf[i * 4]);
if (r)
goto out;
}
--
1.9.1
|
|
From: <be...@co...> - 2014-09-15 07:31:48
|
From: Behan Webster <be...@co...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Reviewed-by: Jan-Simon Möller <dl...@gm...>
---
drivers/crypto/qat/qat_common/qat_algs.c | 31 ++++++++++++++-----------------
1 file changed, 14 insertions(+), 17 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 59df488..9cabadd 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -152,10 +152,7 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
const uint8_t *auth_key,
unsigned int auth_keylen, uint8_t *auth_state)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(ctx->hash_tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, ctx->hash_tfm);
struct sha1_state sha1;
struct sha256_state sha256;
struct sha512_state sha512;
@@ -167,12 +164,12 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
__be64 *hash512_state_out;
int i, offset;
- desc.shash.tfm = ctx->hash_tfm;
- desc.shash.flags = 0x0;
+ shash->tfm = ctx->hash_tfm;
+ shash->flags = 0x0;
if (auth_keylen > block_size) {
char buff[SHA512_BLOCK_SIZE];
- int ret = crypto_shash_digest(&desc.shash, auth_key,
+ int ret = crypto_shash_digest(shash, auth_key,
auth_keylen, buff);
if (ret)
return ret;
@@ -195,10 +192,10 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
*opad_ptr ^= 0x5C;
}
- if (crypto_shash_init(&desc.shash))
+ if (crypto_shash_init(shash))
return -EFAULT;
- if (crypto_shash_update(&desc.shash, ipad, block_size))
+ if (crypto_shash_update(shash, ipad, block_size))
return -EFAULT;
hash_state_out = (__be32 *)hash->sha.state1;
@@ -206,19 +203,19 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
switch (ctx->qat_hash_alg) {
case ICP_QAT_HW_AUTH_ALGO_SHA1:
- if (crypto_shash_export(&desc.shash, &sha1))
+ if (crypto_shash_export(shash, &sha1))
return -EFAULT;
for (i = 0; i < digest_size >> 2; i++, hash_state_out++)
*hash_state_out = cpu_to_be32(*(sha1.state + i));
break;
case ICP_QAT_HW_AUTH_ALGO_SHA256:
- if (crypto_shash_export(&desc.shash, &sha256))
+ if (crypto_shash_export(shash, &sha256))
return -EFAULT;
for (i = 0; i < digest_size >> 2; i++, hash_state_out++)
*hash_state_out = cpu_to_be32(*(sha256.state + i));
break;
case ICP_QAT_HW_AUTH_ALGO_SHA512:
- if (crypto_shash_export(&desc.shash, &sha512))
+ if (crypto_shash_export(shash, &sha512))
return -EFAULT;
for (i = 0; i < digest_size >> 3; i++, hash512_state_out++)
*hash512_state_out = cpu_to_be64(*(sha512.state + i));
@@ -227,10 +224,10 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
return -EFAULT;
}
- if (crypto_shash_init(&desc.shash))
+ if (crypto_shash_init(shash))
return -EFAULT;
- if (crypto_shash_update(&desc.shash, opad, block_size))
+ if (crypto_shash_update(shash, opad, block_size))
return -EFAULT;
offset = round_up(qat_get_inter_state_size(ctx->qat_hash_alg), 8);
@@ -239,19 +236,19 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
switch (ctx->qat_hash_alg) {
case ICP_QAT_HW_AUTH_ALGO_SHA1:
- if (crypto_shash_export(&desc.shash, &sha1))
+ if (crypto_shash_export(shash, &sha1))
return -EFAULT;
for (i = 0; i < digest_size >> 2; i++, hash_state_out++)
*hash_state_out = cpu_to_be32(*(sha1.state + i));
break;
case ICP_QAT_HW_AUTH_ALGO_SHA256:
- if (crypto_shash_export(&desc.shash, &sha256))
+ if (crypto_shash_export(shash, &sha256))
return -EFAULT;
for (i = 0; i < digest_size >> 2; i++, hash_state_out++)
*hash_state_out = cpu_to_be32(*(sha256.state + i));
break;
case ICP_QAT_HW_AUTH_ALGO_SHA512:
- if (crypto_shash_export(&desc.shash, &sha512))
+ if (crypto_shash_export(shash, &sha512))
return -EFAULT;
for (i = 0; i < digest_size >> 3; i++, hash512_state_out++)
*hash512_state_out = cpu_to_be64(*(sha512.state + i));
--
1.9.1
|
|
From: <be...@co...> - 2014-09-15 07:31:48
|
From: Behan Webster <be...@co...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Reviewed-by: Jan-Simon Möller <dl...@gm...>
---
drivers/crypto/omap-sham.c | 28 +++++++++++-----------------
1 file changed, 11 insertions(+), 17 deletions(-)
diff --git a/drivers/crypto/omap-sham.c b/drivers/crypto/omap-sham.c
index 710d863..24ef489 100644
--- a/drivers/crypto/omap-sham.c
+++ b/drivers/crypto/omap-sham.c
@@ -949,17 +949,14 @@ static int omap_sham_finish_hmac(struct ahash_request *req)
struct omap_sham_hmac_ctx *bctx = tctx->base;
int bs = crypto_shash_blocksize(bctx->shash);
int ds = crypto_shash_digestsize(bctx->shash);
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(bctx->shash)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, bctx->shash);
- desc.shash.tfm = bctx->shash;
- desc.shash.flags = 0; /* not CRYPTO_TFM_REQ_MAY_SLEEP */
+ shash->tfm = bctx->shash;
+ shash->flags = 0; /* not CRYPTO_TFM_REQ_MAY_SLEEP */
- return crypto_shash_init(&desc.shash) ?:
- crypto_shash_update(&desc.shash, bctx->opad, bs) ?:
- crypto_shash_finup(&desc.shash, req->result, ds, req->result);
+ return crypto_shash_init(shash) ?:
+ crypto_shash_update(shash, bctx->opad, bs) ?:
+ crypto_shash_finup(shash, req->result, ds, req->result);
}
static int omap_sham_finish(struct ahash_request *req)
@@ -1118,18 +1115,15 @@ static int omap_sham_update(struct ahash_request *req)
return omap_sham_enqueue(req, OP_UPDATE);
}
-static int omap_sham_shash_digest(struct crypto_shash *shash, u32 flags,
+static int omap_sham_shash_digest(struct crypto_shash *tfm, u32 flags,
const u8 *data, unsigned int len, u8 *out)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(shash)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
- desc.shash.tfm = shash;
- desc.shash.flags = flags & CRYPTO_TFM_REQ_MAY_SLEEP;
+ shash->tfm = tfm;
+ shash->flags = flags & CRYPTO_TFM_REQ_MAY_SLEEP;
- return crypto_shash_digest(&desc.shash, data, len, out);
+ return crypto_shash_digest(shash, data, len, out);
}
static int omap_sham_final_shash(struct ahash_request *req)
--
1.9.1
|
|
From: <be...@co...> - 2014-09-15 07:31:43
|
From: Behan Webster <be...@co...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Reviewed-by: Jan-Simon Möller <dl...@gm...>
---
drivers/crypto/mv_cesa.c | 41 ++++++++++++++++++-----------------------
1 file changed, 18 insertions(+), 23 deletions(-)
diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c
index 29d0ee5..032c72c 100644
--- a/drivers/crypto/mv_cesa.c
+++ b/drivers/crypto/mv_cesa.c
@@ -402,26 +402,23 @@ static int mv_hash_final_fallback(struct ahash_request *req)
{
const struct mv_tfm_hash_ctx *tfm_ctx = crypto_tfm_ctx(req->base.tfm);
struct mv_req_hash_ctx *req_ctx = ahash_request_ctx(req);
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm_ctx->fallback)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm_ctx->fallback);
int rc;
- desc.shash.tfm = tfm_ctx->fallback;
- desc.shash.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+ shash->tfm = tfm_ctx->fallback;
+ shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
if (unlikely(req_ctx->first_hash)) {
- crypto_shash_init(&desc.shash);
- crypto_shash_update(&desc.shash, req_ctx->buffer,
+ crypto_shash_init(shash);
+ crypto_shash_update(shash, req_ctx->buffer,
req_ctx->extra_bytes);
} else {
/* only SHA1 for now....
*/
- rc = mv_hash_import_sha1_ctx(req_ctx, &desc.shash);
+ rc = mv_hash_import_sha1_ctx(req_ctx, shash);
if (rc)
goto out;
}
- rc = crypto_shash_final(&desc.shash, req->result);
+ rc = crypto_shash_final(shash, req->result);
out:
return rc;
}
@@ -794,23 +791,21 @@ static int mv_hash_setkey(struct crypto_ahash *tfm, const u8 * key,
ss = crypto_shash_statesize(ctx->base_hash);
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(ctx->base_hash)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, ctx->base_hash);
+
unsigned int i;
char ipad[ss];
char opad[ss];
- desc.shash.tfm = ctx->base_hash;
- desc.shash.flags = crypto_shash_get_flags(ctx->base_hash) &
+ shash->tfm = ctx->base_hash;
+ shash->flags = crypto_shash_get_flags(ctx->base_hash) &
CRYPTO_TFM_REQ_MAY_SLEEP;
if (keylen > bs) {
int err;
err =
- crypto_shash_digest(&desc.shash, key, keylen, ipad);
+ crypto_shash_digest(shash, key, keylen, ipad);
if (err)
return err;
@@ -826,12 +821,12 @@ static int mv_hash_setkey(struct crypto_ahash *tfm, const u8 * key,
opad[i] ^= 0x5c;
}
- rc = crypto_shash_init(&desc.shash) ? :
- crypto_shash_update(&desc.shash, ipad, bs) ? :
- crypto_shash_export(&desc.shash, ipad) ? :
- crypto_shash_init(&desc.shash) ? :
- crypto_shash_update(&desc.shash, opad, bs) ? :
- crypto_shash_export(&desc.shash, opad);
+ rc = crypto_shash_init(shash) ? :
+ crypto_shash_update(shash, ipad, bs) ? :
+ crypto_shash_export(shash, ipad) ? :
+ crypto_shash_init(shash) ? :
+ crypto_shash_update(shash, opad, bs) ? :
+ crypto_shash_export(shash, opad);
if (rc == 0)
mv_hash_init_ivs(ctx, ipad, opad);
--
1.9.1
|
|
From: <be...@co...> - 2014-09-15 07:31:42
|
From: Behan Webster <be...@co...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Reviewed-by: Jan-Simon Möller <dl...@gm...>
---
drivers/crypto/n2_core.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
index 7263c10..f8e3207 100644
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -445,10 +445,7 @@ static int n2_hmac_async_setkey(struct crypto_ahash *tfm, const u8 *key,
struct n2_hmac_ctx *ctx = crypto_ahash_ctx(tfm);
struct crypto_shash *child_shash = ctx->child_shash;
struct crypto_ahash *fallback_tfm;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(child_shash)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, child_shash);
int err, bs, ds;
fallback_tfm = ctx->base.fallback_tfm;
@@ -456,15 +453,15 @@ static int n2_hmac_async_setkey(struct crypto_ahash *tfm, const u8 *key,
if (err)
return err;
- desc.shash.tfm = child_shash;
- desc.shash.flags = crypto_ahash_get_flags(tfm) &
+ shash->tfm = child_shash;
+ shash->flags = crypto_ahash_get_flags(tfm) &
CRYPTO_TFM_REQ_MAY_SLEEP;
bs = crypto_shash_blocksize(child_shash);
ds = crypto_shash_digestsize(child_shash);
BUG_ON(ds > N2_HASH_KEY_MAX);
if (keylen > bs) {
- err = crypto_shash_digest(&desc.shash, key, keylen,
+ err = crypto_shash_digest(shash, key, keylen,
ctx->hash_key);
if (err)
return err;
--
1.9.1
|
|
From: <be...@co...> - 2014-09-15 07:31:35
|
From: Jan-Simon Möller <dl...@gm...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller <dl...@gm...>
Signed-off-by: Behan Webster <be...@co...>
---
drivers/crypto/ccp/ccp-crypto-sha.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c b/drivers/crypto/ccp/ccp-crypto-sha.c
index 873f234..9653157 100644
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -198,10 +198,9 @@ static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
{
struct ccp_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
struct crypto_shash *shash = ctx->u.sha.hmac_tfm;
- struct {
- struct shash_desc sdesc;
- char ctx[crypto_shash_descsize(shash)];
- } desc;
+
+ SHASH_DESC_ON_STACK(sdesc, shash);
+
unsigned int block_size = crypto_shash_blocksize(shash);
unsigned int digest_size = crypto_shash_digestsize(shash);
int i, ret;
@@ -216,11 +215,11 @@ static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
if (key_len > block_size) {
/* Must hash the input key */
- desc.sdesc.tfm = shash;
- desc.sdesc.flags = crypto_ahash_get_flags(tfm) &
+ sdesc->tfm = shash;
+ sdesc->flags = crypto_ahash_get_flags(tfm) &
CRYPTO_TFM_REQ_MAY_SLEEP;
- ret = crypto_shash_digest(&desc.sdesc, key, key_len,
+ ret = crypto_shash_digest(sdesc, key, key_len,
ctx->u.sha.key);
if (ret) {
crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
--
1.9.1
|
32 messages has been excluded from this view by a project administrator.
