diff options
| -rw-r--r-- | src/crypto/gcm.c | 26 | ||||
| -rw-r--r-- | src/include/ipxe/gcm.h | 7 |
2 files changed, 18 insertions, 15 deletions
diff --git a/src/crypto/gcm.c b/src/crypto/gcm.c index a32890d59..b93925d07 100644 --- a/src/crypto/gcm.c +++ b/src/crypto/gcm.c @@ -109,6 +109,9 @@ static union gcm_block gcm_cached_mult[256]; */ static uint16_t gcm_cached_reduce[256]; +/** Offset of a field within GCM context */ +#define gcm_offset( field ) offsetof ( struct gcm_context, field ) + /** * Reverse bits in a byte * @@ -470,17 +473,13 @@ int gcm_setkey ( struct gcm_context *context, const void *key, size_t keylen, */ void gcm_setiv ( struct gcm_context *context, const void *iv, size_t ivlen ) { - /* Sanity check: ensure that memset()s will clear expected state */ - build_assert ( &context->hash < &context->ctr ); - build_assert ( &context->len < &context->ctr ); - build_assert ( &context->ctr < &context->key ); - build_assert ( ( ( void * ) &context->raw_cipher ) > - ( ( void * ) &context->key ) ); - build_assert ( ( ( void * ) context->raw_ctx ) > - ( ( void * ) &context->key ) ); - /* Reset non-key state */ - memset ( context, 0, offsetof ( typeof ( *context ), key ) ); + memset ( context, 0, gcm_offset ( key ) ); + build_assert ( gcm_offset ( key ) > gcm_offset ( hash ) ); + build_assert ( gcm_offset ( key ) > gcm_offset ( len ) ); + build_assert ( gcm_offset ( key ) > gcm_offset ( ctr ) ); + build_assert ( gcm_offset ( key ) < gcm_offset ( raw_cipher ) ); + build_assert ( gcm_offset ( key ) < gcm_offset ( raw_ctx ) ); /* Reset counter */ context->ctr.ctr.value = cpu_to_be32 ( 1 ); @@ -499,7 +498,12 @@ void gcm_setiv ( struct gcm_context *context, const void *iv, size_t ivlen ) { assert ( context->len.len.add == 0 ); /* Reset non-key, non-counter state */ - memset ( context, 0, offsetof ( typeof ( *context ), ctr ) ); + memset ( context, 0, gcm_offset ( ctr ) ); + build_assert ( gcm_offset ( ctr ) > gcm_offset ( hash ) ); + build_assert ( gcm_offset ( ctr ) > gcm_offset ( len ) ); + build_assert ( gcm_offset ( ctr ) < gcm_offset ( key ) ); + build_assert ( gcm_offset ( ctr ) < gcm_offset ( raw_cipher ) ); + build_assert ( gcm_offset ( ctr ) < gcm_offset ( raw_ctx ) ); } DBGC2 ( context, "GCM %p Y[0]:\n", context ); diff --git a/src/include/ipxe/gcm.h b/src/include/ipxe/gcm.h index 4864445d2..2c785a977 100644 --- a/src/include/ipxe/gcm.h +++ b/src/include/ipxe/gcm.h @@ -89,10 +89,9 @@ static int _gcm_name ## _setkey ( void *ctx, const void *key, \ size_t keylen ) { \ struct _gcm_name ## _context *context = ctx; \ build_assert ( _blocksize == sizeof ( context->gcm.key ) ); \ - build_assert ( ( ( void * ) &context->gcm ) == \ - ( ( void * ) context ) ); \ - build_assert ( ( ( void * ) &context->raw ) == \ - ( ( void * ) context->gcm.raw_ctx ) ); \ + build_assert ( offsetof ( typeof ( *context ), gcm ) == 0 ); \ + build_assert ( offsetof ( typeof ( *context ), raw ) == \ + offsetof ( typeof ( *context ), gcm.raw_ctx ) ); \ return gcm_setkey ( &context->gcm, key, keylen, &_raw_cipher ); \ } \ static void _gcm_name ## _setiv ( void *ctx, const void *iv, \ |