crypto: cbc - Remove VLA usage

In the quest to remove all stack VLA usage from the kernel[1], this
uses the upper bounds on blocksize. Since this is always a cipher
blocksize, use the existing cipher max blocksize.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/include/crypto/cbc.h b/include/crypto/cbc.h
index f5b8bfc..3bf28be 100644 (file)
--- a/include/crypto/cbc.h
+++ b/include/crypto/cbc.h
@@ -113,7 +113,7 @@ static inline int crypto_cbc_decrypt_inplace(
        unsigned int bsize = crypto_skcipher_blocksize(tfm);
        unsigned int nbytes = walk->nbytes;
        u8 *src = walk->src.virt.addr;
-       u8 last_iv[bsize];
+       u8 last_iv[MAX_CIPHER_BLOCKSIZE];
 
        /* Start of the last block. */
        src += nbytes - (nbytes & (bsize - 1)) - bsize;