[PATCH 0/4] crypto: dh - input validation fixes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Eric Biggers <ebiggers@xxxxxxxxxx>

This series fixes several corner cases in the Diffie-Hellman key
exchange implementations:

- With CONFIG_DEBUG_SG=y and the software DH implementation, setting 'p'
  to 0 caused a BUG_ON().
- Both the software and QAT DH implementations had a double-free bug in
  the case where 'g' could not be allocated.
- With the QAT DH implementation, setting 'g' or 'key' larger than 'p'
  caused a buffer underflow.

Note that in kernels configured with CONFIG_KEY_DH_OPERATIONS=y, these
bugs are reachable by unprivileged users via KEYCTL_DH_COMPUTE.

Eric Biggers (4):
  crypto: dh - fix double free of ctx->p
  crypto: dh - don't permit 'p' to be 0
  crypto: qat - fix double free of ctx->p
  crypto: dh - don't permit 'key' or 'g' size longer than 'p'

 crypto/dh.c                                   | 18 +++++++++---------
 crypto/dh_helper.c                            | 16 ++++++++++++++++
 drivers/crypto/qat/qat_common/qat_asym_algs.c | 15 ++++++++-------
 3 files changed, 33 insertions(+), 16 deletions(-)

-- 
2.15.0.403.gc27cc4dac6-goog




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux