diff options
| author | David McCullough <david_mccullough@au.securecomputing.com> | 2006-03-15 05:08:51 -0500 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2006-03-21 04:14:10 -0500 |
| commit | 55e9dce37ddf3ab358ba1d1e9eef4ee4bd8174a6 (patch) | |
| tree | e850e9052d4db68905cb6c444e269ed7c719301e /arch | |
| parent | 06b42aa94b65806b4f8c5fc893ef97a2f491fb32 (diff) | |
[CRYPTO] aes: Fixed array boundary violation
The AES setkey routine writes 64 bytes to the E_KEY area even though
there are only 60 bytes there. It is in fact safe since E_KEY is
immediately follwed by D_KEY which is initialised afterwards. However,
doing this may trigger undefined behaviour and makes Coverity unhappy.
So by combining E_KEY and D_KEY into one array we sidestep this issue
altogether.
This problem was reported by Adrian Bunk.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/x86_64/crypto/aes.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/arch/x86_64/crypto/aes.c b/arch/x86_64/crypto/aes.c index fb1b961a2e2f..6f77e7700d32 100644 --- a/arch/x86_64/crypto/aes.c +++ b/arch/x86_64/crypto/aes.c | |||
| @@ -77,12 +77,11 @@ static inline u8 byte(const u32 x, const unsigned n) | |||
| 77 | struct aes_ctx | 77 | struct aes_ctx |
| 78 | { | 78 | { |
| 79 | u32 key_length; | 79 | u32 key_length; |
| 80 | u32 E[60]; | 80 | u32 buf[120]; |
| 81 | u32 D[60]; | ||
| 82 | }; | 81 | }; |
| 83 | 82 | ||
| 84 | #define E_KEY ctx->E | 83 | #define E_KEY (&ctx->buf[0]) |
| 85 | #define D_KEY ctx->D | 84 | #define D_KEY (&ctx->buf[60]) |
| 86 | 85 | ||
| 87 | static u8 pow_tab[256] __initdata; | 86 | static u8 pow_tab[256] __initdata; |
| 88 | static u8 log_tab[256] __initdata; | 87 | static u8 log_tab[256] __initdata; |