Hello Taehee Yoo,
The patch e4e712bbbd6d: "crypto: aria - Implement ARIA symmetric
cipher algorithm" from Jul 4, 2022, leads to the following Smatch
static checker warning:
crypto/aria.c:69 aria_set_encrypt_key() error: buffer overflow 'ck' 4 <= 4
crypto/aria.c:70 aria_set_encrypt_key() error: buffer overflow 'ck' 4 <= 5
crypto/aria.c:71 aria_set_encrypt_key() error: buffer overflow 'ck' 4 <= 6
crypto/aria.c:72 aria_set_encrypt_key() error: buffer overflow 'ck' 4 <= 7
crypto/aria.c:86 aria_set_encrypt_key() error: buffer overflow 'ck' 4 <= 8
crypto/aria.c:87 aria_set_encrypt_key() error: buffer overflow 'ck' 4 <= 9
crypto/aria.c:88 aria_set_encrypt_key() error: buffer overflow 'ck' 4 <= 10
crypto/aria.c:89 aria_set_encrypt_key() error: buffer overflow 'ck' 4 <= 11
crypto/aria.c
19 static void aria_set_encrypt_key(struct aria_ctx *ctx, const u8 *in_key,
20 unsigned int key_len)
21 {
22 const __be32 *key = (const __be32 *)in_key;
23 u32 w0[4], w1[4], w2[4], w3[4];
24 u32 reg0, reg1, reg2, reg3;
25 const u32 *ck;
26 int rkidx = 0;
27
28 ck = &key_rc[(key_len - 16) / 8][0];
key_rc is declared like this:
static const u32 key_rc[5][4] = {
29
30 w0[0] = be32_to_cpu(key[0]);
31 w0[1] = be32_to_cpu(key[1]);
32 w0[2] = be32_to_cpu(key[2]);
33 w0[3] = be32_to_cpu(key[3]);
34
35 reg0 = w0[0] ^ ck[0];
36 reg1 = w0[1] ^ ck[1];
37 reg2 = w0[2] ^ ck[2];
38 reg3 = w0[3] ^ ck[3];
39
40 aria_subst_diff_odd(®0, ®1, ®2, ®3);
41
42 if (key_len > 16) {
43 w1[0] = be32_to_cpu(key[4]);
44 w1[1] = be32_to_cpu(key[5]);
45 if (key_len > 24) {
46 w1[2] = be32_to_cpu(key[6]);
47 w1[3] = be32_to_cpu(key[7]);
48 } else {
49 w1[2] = 0;
50 w1[3] = 0;
51 }
52 } else {
53 w1[0] = 0;
54 w1[1] = 0;
55 w1[2] = 0;
56 w1[3] = 0;
57 }
58
59 w1[0] ^= reg0;
60 w1[1] ^= reg1;
61 w1[2] ^= reg2;
62 w1[3] ^= reg3;
63
64 reg0 = w1[0];
65 reg1 = w1[1];
66 reg2 = w1[2];
67 reg3 = w1[3];
68
--> 69 reg0 ^= ck[4];
So 4 and above is out of bounds.
70 reg1 ^= ck[5];
71 reg2 ^= ck[6];
72 reg3 ^= ck[7];
73
74 aria_subst_diff_even(®0, ®1, ®2, ®3);
75
76 reg0 ^= w0[0];
77 reg1 ^= w0[1];
78 reg2 ^= w0[2];
79 reg3 ^= w0[3];
80
81 w2[0] = reg0;
82 w2[1] = reg1;
83 w2[2] = reg2;
84 w2[3] = reg3;
85
86 reg0 ^= ck[8];
87 reg1 ^= ck[9];
88 reg2 ^= ck[10];
89 reg3 ^= ck[11];
90
91 aria_subst_diff_odd(®0, ®1, ®2, ®3);
92
93 w3[0] = reg0 ^ w1[0];
94 w3[1] = reg1 ^ w1[1];
95 w3[2] = reg2 ^ w1[2];
96 w3[3] = reg3 ^ w1[3];
97
98 aria_gsrk(ctx->enc_key[rkidx], w0, w1, 19);
99 rkidx++;
100 aria_gsrk(ctx->enc_key[rkidx], w1, w2, 19);
101 rkidx++;
102 aria_gsrk(ctx->enc_key[rkidx], w2, w3, 19);
103 rkidx++;
104 aria_gsrk(ctx->enc_key[rkidx], w3, w0, 19);
105
106 rkidx++;
107 aria_gsrk(ctx->enc_key[rkidx], w0, w1, 31);
108 rkidx++;
109 aria_gsrk(ctx->enc_key[rkidx], w1, w2, 31);
110 rkidx++;
111 aria_gsrk(ctx->enc_key[rkidx], w2, w3, 31);
112 rkidx++;
113 aria_gsrk(ctx->enc_key[rkidx], w3, w0, 31);
114
115 rkidx++;
116 aria_gsrk(ctx->enc_key[rkidx], w0, w1, 67);
117 rkidx++;
118 aria_gsrk(ctx->enc_key[rkidx], w1, w2, 67);
119 rkidx++;
120 aria_gsrk(ctx->enc_key[rkidx], w2, w3, 67);
121 rkidx++;
122 aria_gsrk(ctx->enc_key[rkidx], w3, w0, 67);
123
124 rkidx++;
125 aria_gsrk(ctx->enc_key[rkidx], w0, w1, 97);
126 if (key_len > 16) {
127 rkidx++;
128 aria_gsrk(ctx->enc_key[rkidx], w1, w2, 97);
129 rkidx++;
130 aria_gsrk(ctx->enc_key[rkidx], w2, w3, 97);
131
132 if (key_len > 24) {
133 rkidx++;
134 aria_gsrk(ctx->enc_key[rkidx], w3, w0, 97);
135
136 rkidx++;
137 aria_gsrk(ctx->enc_key[rkidx], w0, w1, 109);
138 }
139 }
140 }
regards,
dan carpenter
