rxrpc: Fix -Wframe-larger-than= warnings from on-stack crypto

	int (*verify_packet)(struct rxrpc_call *, struct sk_buff *,

			     unsigned int, unsigned int, rxrpc_seq_t, u16);

	/* Free crypto request on a call */

	void (*free_call_crypto)(struct rxrpc_call *);

	/* Locate the data in a received packet that has been verified. */

	void (*locate_data)(struct rxrpc_call *, struct sk_buff *,

			    unsigned int *, unsigned int *);

	unsigned long		expect_term_by;	/* When we expect call termination by */

	u32			next_rx_timo;	/* Timeout for next Rx packet (jif) */

	u32			next_req_timo;	/* Timeout for next Rx request packet (jif) */

	struct skcipher_request	*cipher_req;	/* Packet cipher request buffer */

	struct timer_list	timer;		/* Combined event timer */

	struct work_struct	processor;	/* Event processor */

	rxrpc_notify_rx_t	notify_rx;	/* kernel service Rx notification function */

	_debug("RELEASE CALL %p (%d CONN %p)", call, call->debug_id, conn);

	if (conn)

	if (conn) {

		rxrpc_disconnect_call(call);

		conn->security->free_call_crypto(call);

	}

	for (i = 0; i < RXRPC_RXTX_BUFF_SIZE; i++) {

		rxrpc_free_skb(call->rxtx_buffer[i],

	return 0;

}

static void none_free_call_crypto(struct rxrpc_call *call)

{

}

static void none_locate_data(struct rxrpc_call *call, struct sk_buff *skb,

			     unsigned int *_offset, unsigned int *_len)

{

	.exit				= none_exit,

	.init_connection_security	= none_init_connection_security,

	.prime_packet_security		= none_prime_packet_security,

	.free_call_crypto		= none_free_call_crypto,

	.secure_packet			= none_secure_packet,

	.verify_packet			= none_verify_packet,

	.locate_data			= none_locate_data,

 * packets

 */

static struct crypto_sync_skcipher *rxkad_ci;

static struct skcipher_request *rxkad_ci_req;

static DEFINE_MUTEX(rxkad_ci_mutex);

/*

 */

static int rxkad_prime_packet_security(struct rxrpc_connection *conn)

{

	struct skcipher_request *req;

	struct rxrpc_key_token *token;

	SYNC_SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);

	struct scatterlist sg;

	struct rxrpc_crypt iv;

	__be32 *tmpbuf;

	if (!tmpbuf)

		return -ENOMEM;

	req = skcipher_request_alloc(&conn->cipher->base, GFP_NOFS);

	if (!req) {

		kfree(tmpbuf);

		return -ENOMEM;

	}

	token = conn->params.key->payload.data[0];

	memcpy(&iv, token->kad->session_key, sizeof(iv));

	skcipher_request_set_callback(req, 0, NULL, NULL);

	skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x);

	crypto_skcipher_encrypt(req);

	skcipher_request_zero(req);

	skcipher_request_free(req);

	memcpy(&conn->csum_iv, tmpbuf + 2, sizeof(conn->csum_iv));

	kfree(tmpbuf);

	return 0;

}

/*

 * Allocate and prepare the crypto request on a call.  For any particular call,

 * this is called serially for the packets, so no lock should be necessary.

 */

static struct skcipher_request *rxkad_get_call_crypto(struct rxrpc_call *call)

{

	struct crypto_skcipher *tfm = &call->conn->cipher->base;

	struct skcipher_request	*cipher_req = call->cipher_req;

	if (!cipher_req) {

		cipher_req = skcipher_request_alloc(tfm, GFP_NOFS);

		if (!cipher_req)

			return NULL;

		call->cipher_req = cipher_req;

	}

	return cipher_req;

}

/*

 * Clean up the crypto on a call.

 */

static void rxkad_free_call_crypto(struct rxrpc_call *call)

{

	if (call->cipher_req)

		skcipher_request_free(call->cipher_req);

	call->cipher_req = NULL;

}

/*

 * partially encrypt a packet (level 1 security)

 */

			       void *sechdr)

{

	struct rxrpc_skb_priv *sp;

	SYNC_SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);

	struct skcipher_request	*req;

	struct rxrpc_crypt iv;

	struct scatterlist sg;

	u32 x, y;

	if (ret < 0)

		return ret;

	req = rxkad_get_call_crypto(call);

	if (!req)

		return -ENOMEM;

	/* continue encrypting from where we left off */

	memcpy(&iv, call->conn->csum_iv.x, sizeof(iv));

			       unsigned int offset, unsigned int len,

			       rxrpc_seq_t seq, u16 expected_cksum)

{

	SYNC_SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);

	struct skcipher_request	*req;

	struct rxrpc_crypt iv;

	struct scatterlist sg;

	bool aborted;

	if (!call->conn->cipher)

		return 0;

	req = rxkad_get_call_crypto(call);

	if (!req)

		return -ENOMEM;

	/* continue encrypting from where we left off */

	memcpy(&iv, call->conn->csum_iv.x, sizeof(iv));

/*

 * encrypt the response packet

 */

static void rxkad_encrypt_response(struct rxrpc_connection *conn,

static int rxkad_encrypt_response(struct rxrpc_connection *conn,

				  struct rxkad_response *resp,

				  const struct rxkad_key *s2)

{

	SYNC_SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);

	struct skcipher_request *req;

	struct rxrpc_crypt iv;

	struct scatterlist sg[1];

	req = skcipher_request_alloc(&conn->cipher->base, GFP_NOFS);

	if (!req)

		return -ENOMEM;

	/* continue encrypting from where we left off */

	memcpy(&iv, s2->session_key, sizeof(iv));

	skcipher_request_set_callback(req, 0, NULL, NULL);

	skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);

	crypto_skcipher_encrypt(req);

	skcipher_request_zero(req);

	skcipher_request_free(req);

	return 0;

}

/*

	/* calculate the response checksum and then do the encryption */

	rxkad_calc_response_checksum(resp);

	rxkad_encrypt_response(conn, resp, token->kad);

	ret = rxkad_encrypt_response(conn, resp, token->kad);

	if (ret == 0)

		ret = rxkad_send_response(conn, &sp->hdr, resp, token->kad);

	kfree(resp);

	return ret;

				   struct rxkad_response *resp,

				   const struct rxrpc_crypt *session_key)

{

	SYNC_SKCIPHER_REQUEST_ON_STACK(req, rxkad_ci);

	struct skcipher_request *req = rxkad_ci_req;

	struct scatterlist sg[1];

	struct rxrpc_crypt iv;

	_enter(",,%08x%08x",

	       ntohl(session_key->n[0]), ntohl(session_key->n[1]));

	ASSERT(rxkad_ci != NULL);

	mutex_lock(&rxkad_ci_mutex);

	if (crypto_sync_skcipher_setkey(rxkad_ci, session_key->x,

					sizeof(*session_key)) < 0)

 */

static int rxkad_init(void)

{

	struct crypto_sync_skcipher *tfm;

	struct skcipher_request *req;

	/* pin the cipher we need so that the crypto layer doesn't invoke

	 * keventd to go get it */

	rxkad_ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);

	return PTR_ERR_OR_ZERO(rxkad_ci);

	tfm = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);

	if (IS_ERR(tfm))

		return PTR_ERR(tfm);

	req = skcipher_request_alloc(&tfm->base, GFP_KERNEL);

	if (!req)

		goto nomem_tfm;

	rxkad_ci_req = req;

	rxkad_ci = tfm;

	return 0;

nomem_tfm:

	crypto_free_sync_skcipher(tfm);

	return -ENOMEM;

}

/*

 */

static void rxkad_exit(void)

{

	if (rxkad_ci)

	crypto_free_sync_skcipher(rxkad_ci);

	skcipher_request_free(rxkad_ci_req);

}

/*

	.prime_packet_security		= rxkad_prime_packet_security,

	.secure_packet			= rxkad_secure_packet,

	.verify_packet			= rxkad_verify_packet,

	.free_call_crypto		= rxkad_free_call_crypto,

	.locate_data			= rxkad_locate_data,

	.issue_challenge		= rxkad_issue_challenge,

	.respond_to_challenge		= rxkad_respond_to_challenge,