diff options
| author | Mathias Krause <mathias.krause@secunet.com> | 2013-10-15 07:49:32 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2013-10-16 08:56:26 -0400 |
| commit | 56902781cd037f4d6380cb037b5f50076bb82549 (patch) | |
| tree | 644505a855424b0fa61dae07a5675e765ee88283 /drivers/crypto/ixp4xx_crypto.c | |
| parent | fddc2c43c48d62f70553785d1220505f33aebe0e (diff) | |
crypto: ixp4xx - Simplify and harden key parsing
Use the common helper function crypto_authenc_extractkeys() for key
parsing. Also ensure the keys do fit into the corresponding buffers.
Otherwise memory corruption might occur.
Cc: Christian Hohnstaedt <chohnstaedt@innominate.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Mathias Krause <mathias.krause@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers/crypto/ixp4xx_crypto.c')
| -rw-r--r-- | drivers/crypto/ixp4xx_crypto.c | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c index 21180d6cad6e..153f73c12d3e 100644 --- a/drivers/crypto/ixp4xx_crypto.c +++ b/drivers/crypto/ixp4xx_crypto.c | |||
| @@ -1159,32 +1159,24 @@ static int aead_setkey(struct crypto_aead *tfm, const u8 *key, | |||
| 1159 | unsigned int keylen) | 1159 | unsigned int keylen) |
| 1160 | { | 1160 | { |
| 1161 | struct ixp_ctx *ctx = crypto_aead_ctx(tfm); | 1161 | struct ixp_ctx *ctx = crypto_aead_ctx(tfm); |
| 1162 | struct rtattr *rta = (struct rtattr *)key; | 1162 | struct crypto_authenc_keys keys; |
| 1163 | struct crypto_authenc_key_param *param; | ||
| 1164 | 1163 | ||
| 1165 | if (!RTA_OK(rta, keylen)) | 1164 | if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) |
| 1166 | goto badkey; | ||
| 1167 | if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) | ||
| 1168 | goto badkey; | ||
| 1169 | if (RTA_PAYLOAD(rta) < sizeof(*param)) | ||
| 1170 | goto badkey; | 1165 | goto badkey; |
| 1171 | 1166 | ||
| 1172 | param = RTA_DATA(rta); | 1167 | if (keys.authkeylen > sizeof(ctx->authkey)) |
| 1173 | ctx->enckey_len = be32_to_cpu(param->enckeylen); | 1168 | goto badkey; |
| 1174 | |||
| 1175 | key += RTA_ALIGN(rta->rta_len); | ||
| 1176 | keylen -= RTA_ALIGN(rta->rta_len); | ||
| 1177 | 1169 | ||
| 1178 | if (keylen < ctx->enckey_len) | 1170 | if (keys.enckeylen > sizeof(ctx->enckey)) |
| 1179 | goto badkey; | 1171 | goto badkey; |
| 1180 | 1172 | ||
| 1181 | ctx->authkey_len = keylen - ctx->enckey_len; | 1173 | memcpy(ctx->authkey, keys.authkey, keys.authkeylen); |
| 1182 | memcpy(ctx->enckey, key + ctx->authkey_len, ctx->enckey_len); | 1174 | memcpy(ctx->enckey, keys.enckey, keys.enckeylen); |
| 1183 | memcpy(ctx->authkey, key, ctx->authkey_len); | 1175 | ctx->authkey_len = keys.authkeylen; |
| 1176 | ctx->enckey_len = keys.enckeylen; | ||
| 1184 | 1177 | ||
| 1185 | return aead_setup(tfm, crypto_aead_authsize(tfm)); | 1178 | return aead_setup(tfm, crypto_aead_authsize(tfm)); |
| 1186 | badkey: | 1179 | badkey: |
| 1187 | ctx->enckey_len = 0; | ||
| 1188 | crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); | 1180 | crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); |
| 1189 | return -EINVAL; | 1181 | return -EINVAL; |
| 1190 | } | 1182 | } |