Hello Atul Gupta,
The patch d25f2f71f653: "crypto: chtls - Program the TLS session Key"
from Mar 31, 2018, leads to the following static checker warning:
drivers/crypto/chelsio/chtls/chtls_hw.c:239 chtls_key_info()
error: '__memcpy()' 'key' too small (2 vs 32)
drivers/crypto/chelsio/chtls/chtls_hw.c
212 static int chtls_key_info(struct chtls_sock *csk,
213 struct _key_ctx *kctx,
214 u32 keylen, u32 optname)
215 {
216 unsigned char key[CHCR_KEYCTX_CIPHER_KEY_SIZE_256];
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is 2 bytes long. It was probably supposed to be
AES_KEYSIZE_256 (32 bytes).
217 struct tls12_crypto_info_aes_gcm_128 *gcm_ctx;
218 unsigned char ghash_h[AEAD_H_SIZE];
219 struct crypto_cipher *cipher;
220 int ck_size, key_ctx_size;
221 int ret;
222
223 gcm_ctx = (struct tls12_crypto_info_aes_gcm_128 *)
224 &csk->tlshws.crypto_info;
225
226 key_ctx_size = sizeof(struct _key_ctx) +
227 roundup(keylen, 16) + AEAD_H_SIZE;
228
229 if (keylen == AES_KEYSIZE_128) {
230 ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_128;
231 } else if (keylen == AES_KEYSIZE_192) {
232 ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_192;
233 } else if (keylen == AES_KEYSIZE_256) {
^^^^^^^^^^^^^^^^^^^^^^^^^
keylen is 32.
234 ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_256;
235 } else {
236 pr_err("GCM: Invalid key length %d\n", keylen);
237 return -EINVAL;
238 }
239 memcpy(key, gcm_ctx->key, keylen);
^^^^^^^^^^^^^^^^^^^^^^^^^
Memory corruption. Smatch also complains that gcm_ctx->key is 16 bytes
instead of 32.
drivers/crypto/chelsio/chtls/chtls_hw.c:239 chtls_key_info()
error: '__memcpy()' 'gcm_ctx->key' too small (16 vs 32)
240
See also:
drivers/crypto/chelsio/chtls/chtls_hw.c:250 chtls_key_info() error:
'crypto_cipher_setkey()' 'key' too small (2 vs 32)
drivers/crypto/chelsio/chtls/chtls_hw.c:274 chtls_key_info() error:
'__memcpy()' 'gcm_ctx->key' too small (16 vs 32)
drivers/crypto/chelsio/chtls/chtls_hw.c:277 chtls_key_info() error:
'__memset()' 'gcm_ctx->key' too small (16 vs 32)
regards,
dan carpenter
