* grub-core/disk/AFSplitter.c: Remove variable length arrays.
* grub-core/disk/cryptodisk.c: Likewise. * grub-core/disk/geli.c: Likewise. * grub-core/disk/luks.c: Likewise.
This commit is contained in:
Vladimir Serbinenko
parent
15decd26cc
commit
c35fcdc0b7
5 changed files with 61 additions and 23 deletions
|
|
@ -146,7 +146,10 @@ geli_rekey (struct grub_cryptodisk *dev, grub_uint64_t zoneno)
|
|||
grub_uint64_t zone;
|
||||
} __attribute__ ((packed)) tohash
|
||||
= { {'e', 'k', 'e', 'y'}, grub_cpu_to_le64 (zoneno) };
|
||||
GRUB_PROPERLY_ALIGNED_ARRAY (key, dev->hash->mdlen);
|
||||
GRUB_PROPERLY_ALIGNED_ARRAY (key, GRUB_CRYPTO_MAX_MDLEN);
|
||||
|
||||
if (dev->hash->mdlen > GRUB_CRYPTO_MAX_MDLEN)
|
||||
return GPG_ERR_INV_ARG;
|
||||
|
||||
grub_dprintf ("geli", "rekeying %" PRIuGRUB_UINT64_T " keysize=%d\n",
|
||||
zoneno, dev->rekey_derived_size);
|
||||
|
|
@ -163,11 +166,13 @@ static inline gcry_err_code_t
|
|||
make_uuid (const struct grub_geli_phdr *header,
|
||||
char *uuid)
|
||||
{
|
||||
grub_uint8_t uuidbin[GRUB_MD_SHA256->mdlen];
|
||||
grub_uint8_t uuidbin[GRUB_CRYPTODISK_MAX_UUID_LENGTH];
|
||||
gcry_err_code_t err;
|
||||
grub_uint8_t *iptr;
|
||||
char *optr;
|
||||
|
||||
if (2 * GRUB_MD_SHA256->mdlen + 1 > GRUB_CRYPTODISK_MAX_UUID_LENGTH)
|
||||
return GPG_ERR_TOO_LARGE;
|
||||
err = grub_crypto_hmac_buffer (GRUB_MD_SHA256,
|
||||
header->salt, sizeof (header->salt),
|
||||
"uuid", sizeof ("uuid") - 1, uuidbin);
|
||||
|
|
@ -175,7 +180,7 @@ make_uuid (const struct grub_geli_phdr *header,
|
|||
return err;
|
||||
|
||||
optr = uuid;
|
||||
for (iptr = uuidbin; iptr < &uuidbin[ARRAY_SIZE (uuidbin)]; iptr++)
|
||||
for (iptr = uuidbin; iptr < &uuidbin[GRUB_MD_SHA256->mdlen]; iptr++)
|
||||
{
|
||||
grub_snprintf (optr, 3, "%02x", *iptr);
|
||||
optr += 2;
|
||||
|
|
@ -242,10 +247,13 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
|
|||
const struct gcry_cipher_spec *ciph;
|
||||
const char *ciphername = NULL;
|
||||
gcry_err_code_t gcry_err;
|
||||
char uuid[GRUB_MD_SHA256->mdlen * 2 + 1];
|
||||
char uuid[GRUB_CRYPTODISK_MAX_UUID_LENGTH];
|
||||
grub_disk_addr_t sector;
|
||||
grub_err_t err;
|
||||
|
||||
if (2 * GRUB_MD_SHA256->mdlen + 1 > GRUB_CRYPTODISK_MAX_UUID_LENGTH)
|
||||
return NULL;
|
||||
|
||||
sector = grub_disk_get_size (disk);
|
||||
if (sector == GRUB_DISK_SIZE_UNKNOWN || sector == 0)
|
||||
return NULL;
|
||||
|
|
@ -379,10 +387,10 @@ static grub_err_t
|
|||
recover_key (grub_disk_t source, grub_cryptodisk_t dev)
|
||||
{
|
||||
grub_size_t keysize;
|
||||
grub_uint8_t digest[dev->hash->mdlen];
|
||||
grub_uint8_t geomkey[dev->hash->mdlen];
|
||||
grub_uint8_t verify_key[dev->hash->mdlen];
|
||||
grub_uint8_t zero[dev->cipher->cipher->blocksize];
|
||||
grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN];
|
||||
grub_uint8_t geomkey[GRUB_CRYPTO_MAX_MDLEN];
|
||||
grub_uint8_t verify_key[GRUB_CRYPTO_MAX_MDLEN];
|
||||
grub_uint8_t zero[GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE];
|
||||
char passphrase[MAX_PASSPHRASE] = "";
|
||||
unsigned i;
|
||||
gcry_err_code_t gcry_err;
|
||||
|
|
@ -391,6 +399,12 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev)
|
|||
grub_disk_addr_t sector;
|
||||
grub_err_t err;
|
||||
|
||||
if (dev->cipher->cipher->blocksize > GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE)
|
||||
return grub_error (GRUB_ERR_BUG, "cipher block is too long");
|
||||
|
||||
if (dev->hash->mdlen > GRUB_CRYPTO_MAX_MDLEN)
|
||||
return grub_error (GRUB_ERR_BUG, "mdlen is too long");
|
||||
|
||||
sector = grub_disk_get_size (source);
|
||||
if (sector == GRUB_DISK_SIZE_UNKNOWN || sector == 0)
|
||||
return grub_error (GRUB_ERR_BUG, "not a geli");
|
||||
|
|
@ -452,12 +466,12 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev)
|
|||
}
|
||||
|
||||
gcry_err = grub_crypto_hmac_buffer (dev->hash, geomkey,
|
||||
sizeof (geomkey), "\1", 1, digest);
|
||||
dev->hash->mdlen, "\1", 1, digest);
|
||||
if (gcry_err)
|
||||
return grub_crypto_gcry_error (gcry_err);
|
||||
|
||||
gcry_err = grub_crypto_hmac_buffer (dev->hash, geomkey,
|
||||
sizeof (geomkey), "\0", 1, verify_key);
|
||||
dev->hash->mdlen, "\0", 1, verify_key);
|
||||
if (gcry_err)
|
||||
return grub_crypto_gcry_error (gcry_err);
|
||||
|
||||
|
|
@ -467,7 +481,7 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev)
|
|||
for (i = 0; i < ARRAY_SIZE (header.keys); i++)
|
||||
{
|
||||
struct grub_geli_key candidate_key;
|
||||
grub_uint8_t key_hmac[dev->hash->mdlen];
|
||||
grub_uint8_t key_hmac[GRUB_CRYPTO_MAX_MDLEN];
|
||||
|
||||
/* Check if keyslot is enabled. */
|
||||
if (! (header.keys_used & (1 << i)))
|
||||
|
|
@ -488,7 +502,7 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev)
|
|||
return grub_crypto_gcry_error (gcry_err);
|
||||
|
||||
gcry_err = grub_crypto_hmac_buffer (dev->hash, verify_key,
|
||||
sizeof (verify_key),
|
||||
dev->hash->mdlen,
|
||||
&candidate_key,
|
||||
(sizeof (candidate_key)
|
||||
- sizeof (candidate_key.hmac)),
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue