summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid McCullough <david_mccullough@au.securecomputing.com>2006-03-15 13:08:51 +0300
committerHerbert Xu <herbert@gondor.apana.org.au>2006-03-21 12:14:10 +0300
commit55e9dce37ddf3ab358ba1d1e9eef4ee4bd8174a6 (patch)
treee850e9052d4db68905cb6c444e269ed7c719301e
parent06b42aa94b65806b4f8c5fc893ef97a2f491fb32 (diff)
downloadlinux-55e9dce37ddf3ab358ba1d1e9eef4ee4bd8174a6.tar.xz
[CRYPTO] aes: Fixed array boundary violation
The AES setkey routine writes 64 bytes to the E_KEY area even though there are only 60 bytes there. It is in fact safe since E_KEY is immediately follwed by D_KEY which is initialised afterwards. However, doing this may trigger undefined behaviour and makes Coverity unhappy. So by combining E_KEY and D_KEY into one array we sidestep this issue altogether. This problem was reported by Adrian Bunk. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--arch/x86_64/crypto/aes.c7
-rw-r--r--crypto/aes.c7
2 files changed, 6 insertions, 8 deletions
diff --git a/arch/x86_64/crypto/aes.c b/arch/x86_64/crypto/aes.c
index fb1b961a2e2f..6f77e7700d32 100644
--- a/arch/x86_64/crypto/aes.c
+++ b/arch/x86_64/crypto/aes.c
@@ -77,12 +77,11 @@ static inline u8 byte(const u32 x, const unsigned n)
struct aes_ctx
{
u32 key_length;
- u32 E[60];
- u32 D[60];
+ u32 buf[120];
};
-#define E_KEY ctx->E
-#define D_KEY ctx->D
+#define E_KEY (&ctx->buf[0])
+#define D_KEY (&ctx->buf[60])
static u8 pow_tab[256] __initdata;
static u8 log_tab[256] __initdata;
diff --git a/crypto/aes.c b/crypto/aes.c
index 0a6a5c143686..a5017292e066 100644
--- a/crypto/aes.c
+++ b/crypto/aes.c
@@ -75,12 +75,11 @@ byte(const u32 x, const unsigned n)
struct aes_ctx {
int key_length;
- u32 E[60];
- u32 D[60];
+ u32 buf[120];
};
-#define E_KEY ctx->E
-#define D_KEY ctx->D
+#define E_KEY (&ctx->buf[0])
+#define D_KEY (&ctx->buf[60])
static u8 pow_tab[256] __initdata;
static u8 log_tab[256] __initdata;