lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun,  3 Oct 2021 20:14:06 +0200
From:   Nicolai Stange <nstange@...e.de>
To:     Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>
Cc:     linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
        Stephan Müller <smueller@...onox.de>,
        Torsten Duwe <duwe@...e.de>, Nicolai Stange <nstange@...e.de>
Subject: [PATCH 1/8] crypto: af_alg - reject requests for untested algorithms

Currently it's possible for userspace to specify any combination of
->salg_feat and ->salg_mask with respect to CRYTPO_ALG_TESTED via the
af_alg interface.

As these are passed onwards to crypto_larval_lookup() unmodified as
'mask' and 'type' parameters eventually, this can lead to the creation of
obscure lookup larvals like e.g. (mask & CRYTPO_ALG_TESTED) but not
(type & CRYTPO_ALG_TESTED) or the other way around.

Userspace should have no business in asking for untested algorithms. Make
af_alg's alg_bind() reject nonsensical combinations of ->salg_feat and
->salg_mask with respect to CRYTPO_ALG_TESTED with -EINVAL.

Note that CRYTPO_ALG_TESTED not being set in either of mask and type is
considered equivalent to that flag being set in both and these two
combinations are the only ones supported as of now.

Signed-off-by: Nicolai Stange <nstange@...e.de>
---
 crypto/af_alg.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 8bd288d2b089..83e68f3f71db 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -166,6 +166,15 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 	if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed))
 		return -EINVAL;
 
+	/*
+	 * Don't allow requests for untested algorithms, i.e. those
+	 * where the selftests are still in progress or have failed.
+	 * CRYPTO_ALG_TESTED must be set either in none or both of
+	 * type and mask (which is equivalent).
+	 */
+	if ((sa->salg_feat ^ sa->salg_mask) & CRYPTO_ALG_TESTED)
+		return -EINVAL;
+
 	sa->salg_type[sizeof(sa->salg_type) - 1] = 0;
 	sa->salg_name[addr_len - sizeof(*sa) - 1] = 0;
 
-- 
2.26.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ