In crypto_aes_expand_key() loop8(i) writes up to ctx->key_enc[8*i+15], at most 63. ctx->key_enc has length (15*16)/4 == 60, so the last 16 bytes of key_enc will overflow into ctx->key_dec. Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx> --- Found with Parfait, http://research.sun.com/projects/parfait/ This concerns crypto/aes_generic.c, function crypto_aes_expand_key(), macro loop8() on line 1249. 1244: ctx->key_enc[4] = le32_to_cpu(key[4]); 1245: ctx->key_enc[5] = le32_to_cpu(key[5]); 1246: ctx->key_enc[6] = le32_to_cpu(key[6]); 1247: t = ctx->key_enc[7] = le32_to_cpu(key[7]); 1248: for (i = 0; i < 7; ++i) 1249: loop8(i); 1250: break; 1251: } 1252: 1253: ctx->key_dec[0] = ctx->key_enc[key_len + 24]; 1254: ctx->key_dec[1] = ctx->key_enc[key_len + 25]; please review. diff --git a/include/crypto/aes.h b/include/crypto/aes.h index 7524ba3..dd8c628 100644 --- a/include/crypto/aes.h +++ b/include/crypto/aes.h @@ -14,7 +14,7 @@ #define AES_KEYSIZE_192 24 #define AES_KEYSIZE_256 32 #define AES_BLOCK_SIZE 16 -#define AES_MAX_KEYLENGTH (15 * 16) +#define AES_MAX_KEYLENGTH (16 * 16) #define AES_MAX_KEYLENGTH_U32 (AES_MAX_KEYLENGTH / sizeof(u32)) /* -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
