crypto: arm64/aes-neonbs - Move key expansion off the stack

author Cheng-Yang Chou <yphbchou0911@gmail.com>

Fri, 6 Mar 2026 06:42:54 +0000 (14:42 +0800)

committer Eric Biggers <ebiggers@kernel.org>

Mon, 9 Mar 2026 20:46:11 +0000 (13:46 -0700)
author Cheng-Yang Chou <yphbchou0911@gmail.com>
Fri, 6 Mar 2026 06:42:54 +0000 (14:42 +0800)
committer Eric Biggers <ebiggers@kernel.org>
Mon, 9 Mar 2026 20:46:11 +0000 (13:46 -0700)
diff --git a/arch/arm64/crypto/aes-neonbs-glue.c b/arch/arm64/crypto/aes-neonbs-glue.c

index cb87c8fc66b3b056ff4dde39d974c786253f4713..00530b29101023b56d472c73886ec3d0d86c501e 100644 (file)
--- a/arch/arm64/crypto/aes-neonbs-glue.c
+++ b/arch/arm64/crypto/aes-neonbs-glue.c
@@ -76,19 +76,24 @@ static int aesbs_setkey(struct crypto_skcipher *tfm, const u8 *in_key,
                         unsigned int key_len)
  {
         struct aesbs_ctx *ctx = crypto_skcipher_ctx(tfm);
-       struct crypto_aes_ctx rk;
+       struct crypto_aes_ctx *rk;
         int err;
  
-       err = aes_expandkey(&rk, in_key, key_len);
+       rk = kmalloc(sizeof(*rk), GFP_KERNEL);
+       if (!rk)
+               return -ENOMEM;
+
+       err = aes_expandkey(rk, in_key, key_len);
         if (err)
-               return err;
+               goto out;
  
         ctx->rounds = 6 + key_len / 4;
  
         scoped_ksimd()
-               aesbs_convert_key(ctx->rk, rk.key_enc, ctx->rounds);
-
-       return 0;
+               aesbs_convert_key(ctx->rk, rk->key_enc, ctx->rounds);
+out:
+       kfree_sensitive(rk);
+       return err;
  }
  
  static int __ecb_crypt(struct skcipher_request *req,
@@ -133,22 +138,26 @@ static int aesbs_cbc_ctr_setkey(struct crypto_skcipher *tfm, const u8 *in_key,
                             unsigned int key_len)
  {
         struct aesbs_cbc_ctr_ctx *ctx = crypto_skcipher_ctx(tfm);
-       struct crypto_aes_ctx rk;
+       struct crypto_aes_ctx *rk;
         int err;
  
-       err = aes_expandkey(&rk, in_key, key_len);
+       rk = kmalloc(sizeof(*rk), GFP_KERNEL);
+       if (!rk)
+               return -ENOMEM;
+
+       err = aes_expandkey(rk, in_key, key_len);
         if (err)
-               return err;
+               goto out;
  
         ctx->key.rounds = 6 + key_len / 4;
  
-       memcpy(ctx->enc, rk.key_enc, sizeof(ctx->enc));
+       memcpy(ctx->enc, rk->key_enc, sizeof(ctx->enc));
  
         scoped_ksimd()
-               aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds);
-       memzero_explicit(&rk, sizeof(rk));
-
-       return 0;
+               aesbs_convert_key(ctx->key.rk, rk->key_enc, ctx->key.rounds);
+out:
+       kfree_sensitive(rk);
+       return err;
  }
  
  static int cbc_encrypt(struct skcipher_request *req)
author	Cheng-Yang Chou <yphbchou0911@gmail.com>
	Fri, 6 Mar 2026 06:42:54 +0000 (14:42 +0800)
committer	Eric Biggers <ebiggers@kernel.org>
	Mon, 9 Mar 2026 20:46:11 +0000 (13:46 -0700)