From 2c92d7b6a15962eff987d67729147433c857650d Mon Sep 17 00:00:00 2001 From: Greg Kaiser Date: Wed, 14 Feb 2018 11:26:08 -0800 Subject: [PATCH] Revert "cryptfs: Make decrypted key buffers large enough" This reverts commit 4a35ef0a53d1f8041adc8bf49585e700bb7af803. --- cryptfs.cpp | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/cryptfs.cpp b/cryptfs.cpp index f500a15..1d21124 100644 --- a/cryptfs.cpp +++ b/cryptfs.cpp @@ -98,11 +98,6 @@ extern "C" { #define CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE (1) -// EVP_DecryptUpdate() requires not just our key length, but up to -// block length - 1 additional bytes for its work. We provide a buffer -// size that will work for all possible ciphers. -#define DECRYPTED_MASTER_KEY_BUF_SIZE (KEY_LEN_BYTES + EVP_MAX_BLOCK_LENGTH - 1) - static int put_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr); static unsigned char saved_master_key[KEY_LEN_BYTES]; @@ -1600,7 +1595,8 @@ static int do_crypto_complete(const char *mount_point) static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char *passwd, const char *mount_point, const char *label) { - unsigned char decrypted_master_key[DECRYPTED_MASTER_KEY_BUF_SIZE]; + /* Allocate enough space for a 256 bit key, but we may use less */ + unsigned char decrypted_master_key[32]; char crypto_blkdev[MAXPATHLEN]; char real_blkdev[MAXPATHLEN]; char tmp_mount_point[64]; @@ -1857,7 +1853,8 @@ int cryptfs_check_passwd(const char *passwd) int cryptfs_verify_passwd(const char *passwd) { struct crypt_mnt_ftr crypt_ftr; - unsigned char decrypted_master_key[DECRYPTED_MASTER_KEY_BUF_SIZE]; + /* Allocate enough space for a 256 bit key, but we may use less */ + unsigned char decrypted_master_key[32]; char encrypted_state[PROPERTY_VALUE_MAX]; int rc; @@ -2007,7 +2004,7 @@ static int vold_unmountAll(void) { int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) { char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN]; - unsigned char decrypted_master_key[DECRYPTED_MASTER_KEY_BUF_SIZE]; + unsigned char decrypted_master_key[KEY_LEN_BYTES]; int rc=-1, i; struct crypt_mnt_ftr crypt_ftr; struct crypt_persist_data *pdata;