From: Dan Carpenter <dan.carpenter@oracle.com>
To: mhalcrow@us.ibm.com
Cc: ecryptfs@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: re: [PATCH] eCryptfs: Clean up crypto initialization
Date: Mon, 25 Jan 2016 17:23:11 +0300 [thread overview]
Message-ID: <20160125142311.GA15355@mwanda> (raw)
Hello Michael Halcrow,
The patch e5d9cbde6ce0: "[PATCH] eCryptfs: Clean up crypto
initialization" from Oct 30, 2006, leads to the following static
checker warning:
fs/ecryptfs/crypto.c:1625 ecryptfs_process_key_cipher()
error: get_random_bytes() 'dummy_key' too small (64 vs 4294967295)
fs/ecryptfs/crypto.c
1593 static int
1594 ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
1595 char *cipher_name, size_t *key_size)
1596 {
1597 char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
1598 char *full_alg_name = NULL;
1599 int rc;
1600
1601 *key_tfm = NULL;
1602 if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
1603 rc = -EINVAL;
1604 printk(KERN_ERR "Requested key size is [%zd] bytes; maximum "
1605 "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
1606 goto out;
1607 }
1608 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name,
1609 "ecb");
1610 if (rc)
1611 goto out;
1612 *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
1613 if (IS_ERR(*key_tfm)) {
1614 rc = PTR_ERR(*key_tfm);
1615 printk(KERN_ERR "Unable to allocate crypto cipher with name "
1616 "[%s]; rc = [%d]\n", full_alg_name, rc);
1617 goto out;
1618 }
1619 crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1620 if (*key_size == 0) {
1621 struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm);
1622
1623 *key_size = alg->max_keysize;
My concern here is that arc4 has a max_keysize of ARC4_MAX_KEY_SIZE (256).
1624 }
1625 get_random_bytes(dummy_key, *key_size);
Potentially leading to memory corruption here. This is static analysis
work so I may be wrong.
1626 rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size);
1627 if (rc) {
1628 printk(KERN_ERR "Error attempting to set key of size [%zd] for "
1629 "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name,
1630 rc);
1631 rc = -EINVAL;
1632 goto out;
1633 }
1634 out:
1635 kfree(full_alg_name);
1636 return rc;
1637 }
regards,
dan carpenter
next reply other threads:[~2016-01-25 14:23 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-25 14:23 Dan Carpenter [this message]
2016-01-26 23:09 ` [PATCH] eCryptfs: Clean up crypto initialization Tyler Hicks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160125142311.GA15355@mwanda \
--to=dan.carpenter@oracle.com \
--cc=ecryptfs@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=mhalcrow@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).