Add the __counted_by compiler attribute to the flexible array member
salt to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.
Use struct_size_t() instead of manually calculating the struct's size.
Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxxx>
---
crypto/chacha20poly1305.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c
index 9e4651330852..b37f59a8280a 100644
--- a/crypto/chacha20poly1305.c
+++ b/crypto/chacha20poly1305.c
@@ -27,7 +27,7 @@ struct chachapoly_ctx {
struct crypto_ahash *poly;
/* key bytes we use for the ChaCha20 IV */
unsigned int saltlen;
- u8 salt[];
+ u8 salt[] __counted_by(saltlen);
};
struct poly_req {
@@ -611,8 +611,8 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb,
poly->base.cra_priority) / 2;
inst->alg.base.cra_blocksize = 1;
inst->alg.base.cra_alignmask = chacha->base.cra_alignmask;
- inst->alg.base.cra_ctxsize = sizeof(struct chachapoly_ctx) +
- ctx->saltlen;
+ inst->alg.base.cra_ctxsize = struct_size_t(struct chachapoly_ctx, salt,
+ ctx->saltlen);
inst->alg.ivsize = ivsize;
inst->alg.chunksize = chacha->chunksize;
inst->alg.maxauthsize = POLY1305_DIGEST_SIZE;
--
2.45.2
