summaryrefslogtreecommitdiff
path: root/net/bluetooth/ecdh_helper.c
diff options
context:
space:
mode:
authorSalvatore Benedetto <salvatore.benedetto@intel.com>2017-04-25 16:59:47 +0100
committerMarcel Holtmann <marcel@holtmann.org>2017-04-30 12:22:05 +0200
commit763d9a302ab18da0a0078c9788ed6566d0c974e3 (patch)
treeccc0213c60b3d08a9292493b27f6ad4a5cb25c1a /net/bluetooth/ecdh_helper.c
parent58771c1cb0023fdd744e76d6cad7716dc4f579ee (diff)
downloadlwn-763d9a302ab18da0a0078c9788ed6566d0c974e3.tar.gz
lwn-763d9a302ab18da0a0078c9788ed6566d0c974e3.zip
Bluetooth: allocate data for kpp on heap
Bluetooth would crash when computing ECDH keys with kpp if VMAP_STACK is enabled. Fix by allocating data passed to kpp on heap. Fixes: 58771c1c ("Bluetooth: convert smp and selftest to crypto kpp API") Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth/ecdh_helper.c')
-rw-r--r--net/bluetooth/ecdh_helper.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/net/bluetooth/ecdh_helper.c b/net/bluetooth/ecdh_helper.c
index b6d9aa155485..579684bfc322 100644
--- a/net/bluetooth/ecdh_helper.c
+++ b/net/bluetooth/ecdh_helper.c
@@ -59,16 +59,19 @@ bool compute_ecdh_secret(const u8 public_key[64], const u8 private_key[32],
struct ecdh p;
struct ecdh_completion result;
struct scatterlist src, dst;
- u8 tmp[64];
- u8 *buf;
+ u8 *tmp, *buf;
unsigned int buf_len;
int err = -ENOMEM;
+ tmp = kmalloc(64, GFP_KERNEL);
+ if (!tmp)
+ return false;
+
tfm = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0);
if (IS_ERR(tfm)) {
pr_err("alg: kpp: Failed to load tfm for kpp: %ld\n",
PTR_ERR(tfm));
- return false;
+ goto free_tmp;
}
req = kpp_request_alloc(tfm, GFP_KERNEL);
@@ -128,6 +131,8 @@ free_req:
kpp_request_free(req);
free_kpp:
crypto_free_kpp(tfm);
+free_tmp:
+ kfree(tmp);
return (err == 0);
}
@@ -138,18 +143,21 @@ bool generate_ecdh_keys(u8 public_key[64], u8 private_key[32])
struct ecdh p;
struct ecdh_completion result;
struct scatterlist dst;
- u8 tmp[64];
- u8 *buf;
+ u8 *tmp, *buf;
unsigned int buf_len;
int err = -ENOMEM;
const unsigned short max_tries = 16;
unsigned short tries = 0;
+ tmp = kmalloc(64, GFP_KERNEL);
+ if (!tmp)
+ return false;
+
tfm = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0);
if (IS_ERR(tfm)) {
pr_err("alg: kpp: Failed to load tfm for kpp: %ld\n",
PTR_ERR(tfm));
- return false;
+ goto free_tmp;
}
req = kpp_request_alloc(tfm, GFP_KERNEL);
@@ -219,5 +227,7 @@ free_req:
kpp_request_free(req);
free_kpp:
crypto_free_kpp(tfm);
+free_tmp:
+ kfree(tmp);
return (err == 0);
}