lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20210812113639.GD561@gondor.apana.org.au>
Date:   Thu, 12 Aug 2021 19:36:39 +0800
From:   Herbert Xu <herbert@...dor.apana.org.au>
To:     Hongbo Li <herbert.tencent@...il.com>
Cc:     linux-crypto@...r.kernel.org, ebiggers@...nel.org,
        herberthbli@...cent.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] lib/mpi: use kcalloc in mpi_resize

On Thu, Aug 05, 2021 at 04:53:32PM +0800, Hongbo Li wrote:
> From: Hongbo Li <herberthbli@...cent.com>
> 
> We should set the additional space to 0 in mpi_resize().
> So use kcalloc() instead of kmalloc_array().
> 
> In lib/mpi/ec.c:
> /****************
>  * Resize the array of A to NLIMBS. the additional space is cleared
>  * (set to 0) [done by m_realloc()]
>  */
> int mpi_resize(MPI a, unsigned nlimbs)
> 
> Like the comment of kernel's mpi_resize() said, the additional space
> need to be set to 0, but when a->d is not NULL, it does not set.
> 
> The kernel's mpi lib is from libgcrypt, the mpi resize in libgcrypt
> is _gcry_mpi_resize() which set the additional space to 0.
> 
> This bug may cause mpi api which use mpi_resize() get wrong result
> under the condition of using the additional space without initiation.
> If this condition is not met, the bug would not be triggered.
> Currently in kernel, rsa, sm2 and dh use mpi lib, and they works well,
> so the bug is not triggered in these cases.
> 
> add_points_edwards() use the additional space directly, so it will
> get a wrong result.
> 
> Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)")
> Signed-off-by: Hongbo Li <herberthbli@...cent.com>
> ---
>  lib/mpi/mpiutil.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ