Re: [PATCH v4 11/12] security, crypto: LLVMLinux: Remove VLAIS from ima_crypto.c
On 23/09/14 07:42, beh...@converseincode.com wrote:
> From: Behan Webster
>
> Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
> compliant equivalent. This patch allocates the appropriate amount of memory
> using a char array using the SHASH_DESC_ON_STACK macro.
>
> The new code can be compiled with both gcc and clang.
>
> Signed-off-by: Behan Webster
> Reviewed-by: Mark Charlebois
> Reviewed-by: Jan-Simon Möller
> Acked-by: Herbert Xu
> Cc: t...@linutronix.de
Looks good. Thanks.
Acked-by: Dmitry Kasatkin
> ---
> security/integrity/ima/ima_crypto.c | 47
> +++--
> 1 file changed, 19 insertions(+), 28 deletions(-)
>
> diff --git a/security/integrity/ima/ima_crypto.c
> b/security/integrity/ima/ima_crypto.c
> index 0bd7328..e35f5d9 100644
> --- a/security/integrity/ima/ima_crypto.c
> +++ b/security/integrity/ima/ima_crypto.c
> @@ -380,17 +380,14 @@ static int ima_calc_file_hash_tfm(struct file *file,
> loff_t i_size, offset = 0;
> char *rbuf;
> int rc, read = 0;
> - struct {
> - struct shash_desc shash;
> - char ctx[crypto_shash_descsize(tfm)];
> - } desc;
> + SHASH_DESC_ON_STACK(shash, tfm);
>
> - desc.shash.tfm = tfm;
> - desc.shash.flags = 0;
> + shash->tfm = tfm;
> + shash->flags = 0;
>
> hash->length = crypto_shash_digestsize(tfm);
>
> - rc = crypto_shash_init();
> + rc = crypto_shash_init(shash);
> if (rc != 0)
> return rc;
>
> @@ -420,7 +417,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
> break;
> offset += rbuf_len;
>
> - rc = crypto_shash_update(, rbuf, rbuf_len);
> + rc = crypto_shash_update(shash, rbuf, rbuf_len);
> if (rc)
> break;
> }
> @@ -429,7 +426,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
> kfree(rbuf);
> out:
> if (!rc)
> - rc = crypto_shash_final(, hash->digest);
> + rc = crypto_shash_final(shash, hash->digest);
> return rc;
> }
>
> @@ -487,18 +484,15 @@ static int ima_calc_field_array_hash_tfm(struct
> ima_field_data *field_data,
>struct ima_digest_data *hash,
>struct crypto_shash *tfm)
> {
> - struct {
> - struct shash_desc shash;
> - char ctx[crypto_shash_descsize(tfm)];
> - } desc;
> + SHASH_DESC_ON_STACK(shash, tfm);
> int rc, i;
>
> - desc.shash.tfm = tfm;
> - desc.shash.flags = 0;
> + shash->tfm = tfm;
> + shash->flags = 0;
>
> hash->length = crypto_shash_digestsize(tfm);
>
> - rc = crypto_shash_init();
> + rc = crypto_shash_init(shash);
> if (rc != 0)
> return rc;
>
> @@ -508,7 +502,7 @@ static int ima_calc_field_array_hash_tfm(struct
> ima_field_data *field_data,
> u32 datalen = field_data[i].len;
>
> if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
> - rc = crypto_shash_update(,
> + rc = crypto_shash_update(shash,
> (const u8 *) _data[i].len,
> sizeof(field_data[i].len));
> if (rc)
> @@ -518,13 +512,13 @@ static int ima_calc_field_array_hash_tfm(struct
> ima_field_data *field_data,
> data_to_hash = buffer;
> datalen = IMA_EVENT_NAME_LEN_MAX + 1;
> }
> - rc = crypto_shash_update(, data_to_hash, datalen);
> + rc = crypto_shash_update(shash, data_to_hash, datalen);
> if (rc)
> break;
> }
>
> if (!rc)
> - rc = crypto_shash_final(, hash->digest);
> + rc = crypto_shash_final(shash, hash->digest);
>
> return rc;
> }
> @@ -565,15 +559,12 @@ static int __init ima_calc_boot_aggregate_tfm(char
> *digest,
> {
> u8 pcr_i[TPM_DIGEST_SIZE];
> int rc, i;
> - struct {
> - struct shash_desc shash;
> - char ctx[crypto_shash_descsize(tfm)];
> - } desc;
> + SHASH_DESC_ON_STACK(shash, tfm);
>
> - desc.shash.tfm = tfm;
> - desc.shash.flags = 0;
> + shash->tfm = tfm;
> + shash->flags = 0;
>
> - rc = crypto_shash_init();
> + rc = crypto_shash_init(shash);
> if (rc != 0)
> return rc;
>
> @@ -581,10 +572,10 @@ static int __init ima_calc_boot_aggregate_tfm(char
> *digest,
> for (i = TPM_PCR0; i < TPM_PCR8; i++) {
> ima_pcrread(i, pcr_i);
> /* now accumulate with current aggregate */
> - rc = crypto_shash_update(, pcr_i, TPM_DIGEST_SIZE);
> + rc = crypto_shash_update(shash, pcr_i, TPM_DIGEST_SIZE);
> }
> if (!rc)
> - crypto_shash_final(, digest);
> +
Re: [PATCH v4 11/12] security, crypto: LLVMLinux: Remove VLAIS from ima_crypto.c
On 23/09/14 07:42, beh...@converseincode.com wrote:
From: Behan Webster beh...@converseincode.com
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster beh...@converseincode.com
Reviewed-by: Mark Charlebois charl...@gmail.com
Reviewed-by: Jan-Simon Möller dl...@gmx.de
Acked-by: Herbert Xu herb...@gondor.apana.org.au
Cc: t...@linutronix.de
Looks good. Thanks.
Acked-by: Dmitry Kasatkin d.kasat...@samsung.com
---
security/integrity/ima/ima_crypto.c | 47
+++--
1 file changed, 19 insertions(+), 28 deletions(-)
diff --git a/security/integrity/ima/ima_crypto.c
b/security/integrity/ima/ima_crypto.c
index 0bd7328..e35f5d9 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -380,17 +380,14 @@ static int ima_calc_file_hash_tfm(struct file *file,
loff_t i_size, offset = 0;
char *rbuf;
int rc, read = 0;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash-tfm = tfm;
+ shash-flags = 0;
hash-length = crypto_shash_digestsize(tfm);
- rc = crypto_shash_init(desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -420,7 +417,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
break;
offset += rbuf_len;
- rc = crypto_shash_update(desc.shash, rbuf, rbuf_len);
+ rc = crypto_shash_update(shash, rbuf, rbuf_len);
if (rc)
break;
}
@@ -429,7 +426,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
kfree(rbuf);
out:
if (!rc)
- rc = crypto_shash_final(desc.shash, hash-digest);
+ rc = crypto_shash_final(shash, hash-digest);
return rc;
}
@@ -487,18 +484,15 @@ static int ima_calc_field_array_hash_tfm(struct
ima_field_data *field_data,
struct ima_digest_data *hash,
struct crypto_shash *tfm)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
int rc, i;
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash-tfm = tfm;
+ shash-flags = 0;
hash-length = crypto_shash_digestsize(tfm);
- rc = crypto_shash_init(desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -508,7 +502,7 @@ static int ima_calc_field_array_hash_tfm(struct
ima_field_data *field_data,
u32 datalen = field_data[i].len;
if (strcmp(td-name, IMA_TEMPLATE_IMA_NAME) != 0) {
- rc = crypto_shash_update(desc.shash,
+ rc = crypto_shash_update(shash,
(const u8 *) field_data[i].len,
sizeof(field_data[i].len));
if (rc)
@@ -518,13 +512,13 @@ static int ima_calc_field_array_hash_tfm(struct
ima_field_data *field_data,
data_to_hash = buffer;
datalen = IMA_EVENT_NAME_LEN_MAX + 1;
}
- rc = crypto_shash_update(desc.shash, data_to_hash, datalen);
+ rc = crypto_shash_update(shash, data_to_hash, datalen);
if (rc)
break;
}
if (!rc)
- rc = crypto_shash_final(desc.shash, hash-digest);
+ rc = crypto_shash_final(shash, hash-digest);
return rc;
}
@@ -565,15 +559,12 @@ static int __init ima_calc_boot_aggregate_tfm(char
*digest,
{
u8 pcr_i[TPM_DIGEST_SIZE];
int rc, i;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash-tfm = tfm;
+ shash-flags = 0;
- rc = crypto_shash_init(desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -581,10 +572,10 @@ static int __init ima_calc_boot_aggregate_tfm(char
*digest,
for (i = TPM_PCR0; i TPM_PCR8; i++) {
ima_pcrread(i, pcr_i);
/* now accumulate with current aggregate */
- rc = crypto_shash_update(desc.shash, pcr_i, TPM_DIGEST_SIZE);
+ rc = crypto_shash_update(shash, pcr_i, TPM_DIGEST_SIZE);
}
[PATCH v4 11/12] security, crypto: LLVMLinux: Remove VLAIS from ima_crypto.c
From: Behan Webster
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster
Reviewed-by: Mark Charlebois
Reviewed-by: Jan-Simon Möller
Acked-by: Herbert Xu
Cc: t...@linutronix.de
---
security/integrity/ima/ima_crypto.c | 47 +++--
1 file changed, 19 insertions(+), 28 deletions(-)
diff --git a/security/integrity/ima/ima_crypto.c
b/security/integrity/ima/ima_crypto.c
index 0bd7328..e35f5d9 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -380,17 +380,14 @@ static int ima_calc_file_hash_tfm(struct file *file,
loff_t i_size, offset = 0;
char *rbuf;
int rc, read = 0;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash->tfm = tfm;
+ shash->flags = 0;
hash->length = crypto_shash_digestsize(tfm);
- rc = crypto_shash_init();
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -420,7 +417,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
break;
offset += rbuf_len;
- rc = crypto_shash_update(, rbuf, rbuf_len);
+ rc = crypto_shash_update(shash, rbuf, rbuf_len);
if (rc)
break;
}
@@ -429,7 +426,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
kfree(rbuf);
out:
if (!rc)
- rc = crypto_shash_final(, hash->digest);
+ rc = crypto_shash_final(shash, hash->digest);
return rc;
}
@@ -487,18 +484,15 @@ static int ima_calc_field_array_hash_tfm(struct
ima_field_data *field_data,
struct ima_digest_data *hash,
struct crypto_shash *tfm)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
int rc, i;
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash->tfm = tfm;
+ shash->flags = 0;
hash->length = crypto_shash_digestsize(tfm);
- rc = crypto_shash_init();
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -508,7 +502,7 @@ static int ima_calc_field_array_hash_tfm(struct
ima_field_data *field_data,
u32 datalen = field_data[i].len;
if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
- rc = crypto_shash_update(,
+ rc = crypto_shash_update(shash,
(const u8 *) _data[i].len,
sizeof(field_data[i].len));
if (rc)
@@ -518,13 +512,13 @@ static int ima_calc_field_array_hash_tfm(struct
ima_field_data *field_data,
data_to_hash = buffer;
datalen = IMA_EVENT_NAME_LEN_MAX + 1;
}
- rc = crypto_shash_update(, data_to_hash, datalen);
+ rc = crypto_shash_update(shash, data_to_hash, datalen);
if (rc)
break;
}
if (!rc)
- rc = crypto_shash_final(, hash->digest);
+ rc = crypto_shash_final(shash, hash->digest);
return rc;
}
@@ -565,15 +559,12 @@ static int __init ima_calc_boot_aggregate_tfm(char
*digest,
{
u8 pcr_i[TPM_DIGEST_SIZE];
int rc, i;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash->tfm = tfm;
+ shash->flags = 0;
- rc = crypto_shash_init();
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -581,10 +572,10 @@ static int __init ima_calc_boot_aggregate_tfm(char
*digest,
for (i = TPM_PCR0; i < TPM_PCR8; i++) {
ima_pcrread(i, pcr_i);
/* now accumulate with current aggregate */
- rc = crypto_shash_update(, pcr_i, TPM_DIGEST_SIZE);
+ rc = crypto_shash_update(shash, pcr_i, TPM_DIGEST_SIZE);
}
if (!rc)
- crypto_shash_final(, digest);
+ crypto_shash_final(shash, digest);
return rc;
}
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
[PATCH v4 11/12] security, crypto: LLVMLinux: Remove VLAIS from ima_crypto.c
From: Behan Webster beh...@converseincode.com
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster beh...@converseincode.com
Reviewed-by: Mark Charlebois charl...@gmail.com
Reviewed-by: Jan-Simon Möller dl...@gmx.de
Acked-by: Herbert Xu herb...@gondor.apana.org.au
Cc: t...@linutronix.de
---
security/integrity/ima/ima_crypto.c | 47 +++--
1 file changed, 19 insertions(+), 28 deletions(-)
diff --git a/security/integrity/ima/ima_crypto.c
b/security/integrity/ima/ima_crypto.c
index 0bd7328..e35f5d9 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -380,17 +380,14 @@ static int ima_calc_file_hash_tfm(struct file *file,
loff_t i_size, offset = 0;
char *rbuf;
int rc, read = 0;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash-tfm = tfm;
+ shash-flags = 0;
hash-length = crypto_shash_digestsize(tfm);
- rc = crypto_shash_init(desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -420,7 +417,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
break;
offset += rbuf_len;
- rc = crypto_shash_update(desc.shash, rbuf, rbuf_len);
+ rc = crypto_shash_update(shash, rbuf, rbuf_len);
if (rc)
break;
}
@@ -429,7 +426,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
kfree(rbuf);
out:
if (!rc)
- rc = crypto_shash_final(desc.shash, hash-digest);
+ rc = crypto_shash_final(shash, hash-digest);
return rc;
}
@@ -487,18 +484,15 @@ static int ima_calc_field_array_hash_tfm(struct
ima_field_data *field_data,
struct ima_digest_data *hash,
struct crypto_shash *tfm)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
int rc, i;
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash-tfm = tfm;
+ shash-flags = 0;
hash-length = crypto_shash_digestsize(tfm);
- rc = crypto_shash_init(desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -508,7 +502,7 @@ static int ima_calc_field_array_hash_tfm(struct
ima_field_data *field_data,
u32 datalen = field_data[i].len;
if (strcmp(td-name, IMA_TEMPLATE_IMA_NAME) != 0) {
- rc = crypto_shash_update(desc.shash,
+ rc = crypto_shash_update(shash,
(const u8 *) field_data[i].len,
sizeof(field_data[i].len));
if (rc)
@@ -518,13 +512,13 @@ static int ima_calc_field_array_hash_tfm(struct
ima_field_data *field_data,
data_to_hash = buffer;
datalen = IMA_EVENT_NAME_LEN_MAX + 1;
}
- rc = crypto_shash_update(desc.shash, data_to_hash, datalen);
+ rc = crypto_shash_update(shash, data_to_hash, datalen);
if (rc)
break;
}
if (!rc)
- rc = crypto_shash_final(desc.shash, hash-digest);
+ rc = crypto_shash_final(shash, hash-digest);
return rc;
}
@@ -565,15 +559,12 @@ static int __init ima_calc_boot_aggregate_tfm(char
*digest,
{
u8 pcr_i[TPM_DIGEST_SIZE];
int rc, i;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash-tfm = tfm;
+ shash-flags = 0;
- rc = crypto_shash_init(desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -581,10 +572,10 @@ static int __init ima_calc_boot_aggregate_tfm(char
*digest,
for (i = TPM_PCR0; i TPM_PCR8; i++) {
ima_pcrread(i, pcr_i);
/* now accumulate with current aggregate */
- rc = crypto_shash_update(desc.shash, pcr_i, TPM_DIGEST_SIZE);
+ rc = crypto_shash_update(shash, pcr_i, TPM_DIGEST_SIZE);
}
if (!rc)
- crypto_shash_final(desc.shash, digest);
+
