mirror of
https://github.com/adulau/aha.git
synced 2024-12-27 03:06:10 +00:00
crypto: aes - Undefined behaviour in crypto_aes_expand_key
It's undefined behaviour in C to write outside the bounds of an array. The key expansion routine takes a shortcut of creating 8 words at a time, but this creates 4 additional words which don't fit in the array. As everyone is hopefully now aware, GCC is at liberty to make any assumptions and optimisations it likes in situations where it can detect that UB has occured, up to and including nasal demons, and as the indices being accessed in the array are trivially calculable, it's rash to invite gcc to do take any liberties at all. Signed-off-by: Phil Carmody <ext-phil.2.carmody@nokia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
0044f3eda9
commit
7b4ffcf953
1 changed files with 7 additions and 2 deletions
|
@ -1174,7 +1174,7 @@ EXPORT_SYMBOL_GPL(crypto_il_tab);
|
|||
ctx->key_enc[6 * i + 11] = t; \
|
||||
} while (0)
|
||||
|
||||
#define loop8(i) do { \
|
||||
#define loop8tophalf(i) do { \
|
||||
t = ror32(t, 8); \
|
||||
t = ls_box(t) ^ rco_tab[i]; \
|
||||
t ^= ctx->key_enc[8 * i]; \
|
||||
|
@ -1185,6 +1185,10 @@ EXPORT_SYMBOL_GPL(crypto_il_tab);
|
|||
ctx->key_enc[8 * i + 10] = t; \
|
||||
t ^= ctx->key_enc[8 * i + 3]; \
|
||||
ctx->key_enc[8 * i + 11] = t; \
|
||||
} while (0)
|
||||
|
||||
#define loop8(i) do { \
|
||||
loop8tophalf(i); \
|
||||
t = ctx->key_enc[8 * i + 4] ^ ls_box(t); \
|
||||
ctx->key_enc[8 * i + 12] = t; \
|
||||
t ^= ctx->key_enc[8 * i + 5]; \
|
||||
|
@ -1245,8 +1249,9 @@ int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
|
|||
ctx->key_enc[5] = le32_to_cpu(key[5]);
|
||||
ctx->key_enc[6] = le32_to_cpu(key[6]);
|
||||
t = ctx->key_enc[7] = le32_to_cpu(key[7]);
|
||||
for (i = 0; i < 7; ++i)
|
||||
for (i = 0; i < 6; ++i)
|
||||
loop8(i);
|
||||
loop8tophalf(i);
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue