[CRYPTO] aes: Fixed array boundary violation
The AES setkey routine writes 64 bytes to the E_KEY area even though there are only 60 bytes there. It is in fact safe since E_KEY is immediately follwed by D_KEY which is initialised afterwards. However, doing this may trigger undefined behaviour and makes Coverity unhappy. So by combining E_KEY and D_KEY into one array we sidestep this issue altogether. This problem was reported by Adrian Bunk. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
06b42aa94b
commit
55e9dce37d
|
@ -77,12 +77,11 @@ static inline u8 byte(const u32 x, const unsigned n)
|
|||
struct aes_ctx
|
||||
{
|
||||
u32 key_length;
|
||||
u32 E[60];
|
||||
u32 D[60];
|
||||
u32 buf[120];
|
||||
};
|
||||
|
||||
#define E_KEY ctx->E
|
||||
#define D_KEY ctx->D
|
||||
#define E_KEY (&ctx->buf[0])
|
||||
#define D_KEY (&ctx->buf[60])
|
||||
|
||||
static u8 pow_tab[256] __initdata;
|
||||
static u8 log_tab[256] __initdata;
|
||||
|
|
|
@ -75,12 +75,11 @@ byte(const u32 x, const unsigned n)
|
|||
|
||||
struct aes_ctx {
|
||||
int key_length;
|
||||
u32 E[60];
|
||||
u32 D[60];
|
||||
u32 buf[120];
|
||||
};
|
||||
|
||||
#define E_KEY ctx->E
|
||||
#define D_KEY ctx->D
|
||||
#define E_KEY (&ctx->buf[0])
|
||||
#define D_KEY (&ctx->buf[60])
|
||||
|
||||
static u8 pow_tab[256] __initdata;
|
||||
static u8 log_tab[256] __initdata;
|
||||
|
|
Loading…
Reference in New Issue