From owner-svn-soc-all@FreeBSD.ORG Mon May 4 19:23:45 2015 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C273DC4B for ; Mon, 4 May 2015 19:23:45 +0000 (UTC) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ACA101A2C for ; Mon, 4 May 2015 19:23:45 +0000 (UTC) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.14.9/8.14.9) with ESMTP id t44JNjTE081534 for ; Mon, 4 May 2015 19:23:45 GMT (envelope-from def@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.14.9/8.14.9/Submit) id t44JNj36081512 for svn-soc-all@FreeBSD.org; Mon, 4 May 2015 19:23:45 GMT (envelope-from def@FreeBSD.org) Date: Mon, 4 May 2015 19:23:45 GMT Message-Id: <201505041923.t44JNj36081512@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to def@FreeBSD.org using -f From: def@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r285005 - soc2013/def/crashdump-head/sbin/cryptcore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 May 2015 19:23:45 -0000 Author: def Date: Mon May 4 19:23:44 2015 New Revision: 285005 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=285005 Log: Use sizeof instead of constants for buf and ciphertext. Modified: soc2013/def/crashdump-head/sbin/cryptcore/cryptcore.c Modified: soc2013/def/crashdump-head/sbin/cryptcore/cryptcore.c ============================================================================== --- soc2013/def/crashdump-head/sbin/cryptcore/cryptcore.c Mon May 4 18:49:25 2015 (r285004) +++ soc2013/def/crashdump-head/sbin/cryptcore/cryptcore.c Mon May 4 19:23:44 2015 (r285005) @@ -50,14 +50,14 @@ if (pubkey == NULL) pjdlog_exitx(1, "Unable to read data from %s.", pubkeyfile); pubkeysize = RSA_size(pubkey); - if (RSA_size(pubkey) > 8 * KERNELDUMP_CIPHERTEXT_SIZE) { - pjdlog_exitx(1, "The maximum RSA modulus size is %db.", - 8 * KERNELDUMP_CIPHERTEXT_SIZE); + if (pubkeysize > (int)sizeof(ciphertext)) { + pjdlog_exitx(1, "The maximum RSA modulus size is %lub.", + 8 * sizeof(ciphertext)); } arc4random_buf(buf, sizeof(buf)); - if (RSA_public_encrypt(KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE, buf, - ciphertext, pubkey, RSA_PKCS1_PADDING) != pubkeysize) { + if (RSA_public_encrypt(sizeof(buf), buf, ciphertext, pubkey, + RSA_PKCS1_PADDING) != pubkeysize) { pjdlog_exitx(1, "Unable to encrypt the one-time key."); } @@ -80,12 +80,12 @@ goto failed; } - bzero(buf, KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE); + bzero(buf, sizeof(buf)); RSA_free(pubkey); return; failed: - bzero(buf, KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE); + bzero(buf, sizeof(buf)); RSA_free(pubkey); exit(1); } @@ -117,11 +117,11 @@ fd = open(keyfile, O_RDONLY); if (fd == -1) pjdlog_exit(1, "Unable to open %s", keyfile); - size = (int)read(fd, ciphertext, KERNELDUMP_CIPHERTEXT_SIZE); + size = (int)read(fd, ciphertext, sizeof(ciphertext)); err = errno; close(fd); fd = -1; - if (size != KERNELDUMP_CIPHERTEXT_SIZE) { + if (size != sizeof(ciphertext)) { errno = err; pjdlog_exit(1, "Unable to read data from %s", keyfile); } @@ -137,15 +137,14 @@ * From this moment on keys have to be erased before exit. */ privkeysize = RSA_size(privkey); - if (RSA_size(privkey) > 8 * KERNELDUMP_CIPHERTEXT_SIZE) { - pjdlog_error("The maximum RSA modulus size is %db.", - 8 * KERNELDUMP_CIPHERTEXT_SIZE); + if (privkeysize > (int)sizeof(ciphertext)) { + pjdlog_error("The maximum RSA modulus size is %lub.", + 8 * sizeof(ciphertext)); goto failed; } - if (RSA_private_decrypt(KERNELDUMP_CIPHERTEXT_SIZE, ciphertext, buf, - privkey, RSA_PKCS1_PADDING) != - KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE) { + if (RSA_private_decrypt(sizeof(ciphertext), ciphertext, buf, privkey, + RSA_PKCS1_PADDING) != KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE) { pjdlog_error("Unable to decrypt key and IV."); goto failed; } @@ -167,21 +166,19 @@ EVP_CIPHER_CTX_set_padding(&ctx, 0); bufused = 0; - while ((bytes = read(fd, buf + bufused, - KERNELDUMP_BUFFER_SIZE - bufused)) > 0) { + while ((bytes = read(fd, buf + bufused, sizeof(buf) - bufused)) > 0) { bufused += bytes; - if (bufused != KERNELDUMP_BUFFER_SIZE) + if (bufused != sizeof(buf)) continue; if (EVP_DecryptUpdate(&ctx, buf, &size, buf, - KERNELDUMP_BUFFER_SIZE) == 0) { + sizeof(buf)) == 0) { pjdlog_error("Unable to decrypt core."); goto failed; } - PJDLOG_ASSERT(size == KERNELDUMP_BUFFER_SIZE); + PJDLOG_ASSERT(size == sizeof(buf)); - if (write(ofd, buf, KERNELDUMP_BUFFER_SIZE) != - KERNELDUMP_BUFFER_SIZE) { + if (write(ofd, buf, sizeof(buf)) != sizeof(buf)) { pjdlog_errno(LOG_ERR, "Unable to write data to %s", output); goto failed; @@ -189,7 +186,7 @@ bufused = 0; } - bzero(buf, KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE); + bzero(buf, sizeof(buf)); EVP_CIPHER_CTX_cleanup(&ctx); RSA_free(privkey); @@ -202,7 +199,7 @@ close(ofd); if (fd >= 0) close(fd); - bzero(buf, KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE); + bzero(buf, sizeof(buf)); EVP_CIPHER_CTX_cleanup(&ctx); RSA_free(privkey); exit(1);