lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240426225553.3038070-1-stefanb@linux.ibm.com>
Date: Fri, 26 Apr 2024 18:55:53 -0400
From: Stefan Berger <stefanb@...ux.ibm.com>
To: keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
        herbert@...dor.apana.org.au, davem@...emloft.net
Cc: linux-kernel@...r.kernel.org, lukas@...ner.de, jarkko@...nel.org,
        Stefan Berger <stefanb@...ux.ibm.com>
Subject: [PATCH] crypto: ecc - Protect ecc_digits_from_bytes from reading too many bytes

Protect ecc_digits_from_bytes from reading too many bytes from the input
byte array in case an insufficient number of bytes is provided to fill the
output digit array of ndigits. Therefore, initialize the most significant
digits with 0 to avoid trying to read too many bytes later on.

If too many bytes are provided on the input byte array the extra bytes
are ignored since the input variable 'ndigits' limits the number of digits
that will be filled.

Fixes: d67c96fb97b5 ("crypto: ecdsa - Convert byte arrays with key coordinates to digits")
Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
---
 include/crypto/internal/ecc.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/include/crypto/internal/ecc.h b/include/crypto/internal/ecc.h
index 7ca1f463d1ec..56215f14ff96 100644
--- a/include/crypto/internal/ecc.h
+++ b/include/crypto/internal/ecc.h
@@ -67,9 +67,16 @@ static inline void ecc_swap_digits(const void *in, u64 *out, unsigned int ndigit
 static inline void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
 					 u64 *out, unsigned int ndigits)
 {
+	int diff = ndigits - DIV_ROUND_UP(nbytes, sizeof(u64));
 	unsigned int o = nbytes & 7;
 	__be64 msd = 0;
 
+	/* diff > 0: not enough input bytes: set most significant digits to 0 */
+	while (diff > 0) {
+		out[--ndigits] = 0;
+		diff--;
+	}
+
 	if (o) {
 		memcpy((u8 *)&msd + sizeof(msd) - o, in, o);
 		out[--ndigits] = be64_to_cpu(msd);
-- 
2.43.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ