[bug report] crypto: chtls - Program the TLS session Key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Atul Gupta,

The patch d25f2f71f653: "crypto: chtls - Program the TLS session Key"
from Mar 31, 2018, leads to the following static checker warning:

	drivers/crypto/chelsio/chtls/chtls_hw.c:239 chtls_key_info()
	error: '__memcpy()' 'key' too small (2 vs 32)

drivers/crypto/chelsio/chtls/chtls_hw.c
   212  static int chtls_key_info(struct chtls_sock *csk,
   213                            struct _key_ctx *kctx,
   214                            u32 keylen, u32 optname)
   215  {
   216          unsigned char key[CHCR_KEYCTX_CIPHER_KEY_SIZE_256];
                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is 2 bytes long.  It was probably supposed to be
AES_KEYSIZE_256 (32 bytes).

   217          struct tls12_crypto_info_aes_gcm_128 *gcm_ctx;
   218          unsigned char ghash_h[AEAD_H_SIZE];
   219          struct crypto_cipher *cipher;
   220          int ck_size, key_ctx_size;
   221          int ret;
   222  
   223          gcm_ctx = (struct tls12_crypto_info_aes_gcm_128 *)
   224                    &csk->tlshws.crypto_info;
   225  
   226          key_ctx_size = sizeof(struct _key_ctx) +
   227                         roundup(keylen, 16) + AEAD_H_SIZE;
   228  
   229          if (keylen == AES_KEYSIZE_128) {
   230                  ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_128;
   231          } else if (keylen == AES_KEYSIZE_192) {
   232                  ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_192;
   233          } else if (keylen == AES_KEYSIZE_256) {
                           ^^^^^^^^^^^^^^^^^^^^^^^^^
keylen is 32.

   234                  ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_256;
   235          } else {
   236                  pr_err("GCM: Invalid key length %d\n", keylen);
   237                  return -EINVAL;
   238          }
   239          memcpy(key, gcm_ctx->key, keylen);
                       ^^^^^^^^^^^^^^^^^^^^^^^^^
Memory corruption.  Smatch also complains that gcm_ctx->key is 16 bytes
instead of 32.

    drivers/crypto/chelsio/chtls/chtls_hw.c:239 chtls_key_info()
    error: '__memcpy()' 'gcm_ctx->key' too small (16 vs 32)

   240  

See also:

drivers/crypto/chelsio/chtls/chtls_hw.c:250 chtls_key_info() error: 'crypto_cipher_setkey()' 'key' too small (2 vs 32)
drivers/crypto/chelsio/chtls/chtls_hw.c:274 chtls_key_info() error: '__memcpy()' 'gcm_ctx->key' too small (16 vs 32)
drivers/crypto/chelsio/chtls/chtls_hw.c:277 chtls_key_info() error: '__memset()' 'gcm_ctx->key' too small (16 vs 32)

regards,
dan carpenter



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux