| From foo@baz Wed Sep 26 11:28:02 CEST 2018 |
| From: Sabrina Dubroca <sd@queasysnail.net> |
| Date: Wed, 12 Sep 2018 17:44:41 +0200 |
| Subject: tls: don't copy the key out of tls12_crypto_info_aes_gcm_128 |
| |
| From: Sabrina Dubroca <sd@queasysnail.net> |
| |
| [ Upstream commit 7cba09c6d5bc73ebbd25a353742d9ddb7a713b95 ] |
| |
| There's no need to copy the key to an on-stack buffer before calling |
| crypto_aead_setkey(). |
| |
| Fixes: 3c4d7559159b ("tls: kernel TLS support") |
| Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/tls/tls_sw.c | 5 +---- |
| 1 file changed, 1 insertion(+), 4 deletions(-) |
| |
| --- a/net/tls/tls_sw.c |
| +++ b/net/tls/tls_sw.c |
| @@ -661,7 +661,6 @@ static void tls_sw_free_resources(struct |
| |
| int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) |
| { |
| - char keyval[TLS_CIPHER_AES_GCM_128_KEY_SIZE]; |
| struct tls_crypto_info *crypto_info; |
| struct tls12_crypto_info_aes_gcm_128 *gcm_128_info; |
| struct tls_sw_context *sw_ctx; |
| @@ -753,9 +752,7 @@ int tls_set_sw_offload(struct sock *sk, |
| |
| ctx->push_pending_record = tls_sw_push_pending_record; |
| |
| - memcpy(keyval, gcm_128_info->key, TLS_CIPHER_AES_GCM_128_KEY_SIZE); |
| - |
| - rc = crypto_aead_setkey(sw_ctx->aead_send, keyval, |
| + rc = crypto_aead_setkey(sw_ctx->aead_send, gcm_128_info->key, |
| TLS_CIPHER_AES_GCM_128_KEY_SIZE); |
| if (rc) |
| goto free_aead; |