From patchwork Wed Nov  1 22:25:17 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 10037691
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	9ADAB6032D for <patchwork-linux-crypto@patchwork.kernel.org>;
	Wed,  1 Nov 2017 22:28:51 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8A58928C28
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Wed,  1 Nov 2017 22:28:51 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 7EEF328C2B; Wed,  1 Nov 2017 22:28:51 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3117828C28
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Wed,  1 Nov 2017 22:28:51 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933626AbdKAW2g (ORCPT
	<rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
	Wed, 1 Nov 2017 18:28:36 -0400
Received: from mail-io0-f196.google.com ([209.85.223.196]:43901 "EHLO
	mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S933496AbdKAW2b (ORCPT
	<rfc822;linux-crypto@vger.kernel.org>);
	Wed, 1 Nov 2017 18:28:31 -0400
Received: by mail-io0-f196.google.com with SMTP id 134so9580349ioo.0;
	Wed, 01 Nov 2017 15:28:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=R8bQIZa1wiSTs8lszahpJjvD6IMTkUXZirrY9UlsO84=;
	b=dUFYMab1rYgEmyZxnSvKk1XzScDscjO6XxE0BSCplu2LWu39avmF4oGdwBADXXxwuH
	ZHF8nPdqNLuUmAw8A61d14PadRQvUhQBVy9SToroQNHP7Lpmiv2SchYyCiBlKKI0KMyl
	O1AjcDx7u8LAWEUoItJpB4pQCDUKqZQYY8ePPpLf9hZPoOZmazHOE6IA5sRCrm4u5JcQ
	ja68Uz7wsVIEXkrW8HMP7XsMH5j1DVwZjMGQBsjNPi2PYq/i/Alw/YZEVymO1w1scSHC
	FqlDMSsL3UmY2849khUEI1UE3QDA3jJC8X4PBbrRKBf+T/bsyOca9Uq472O5IpZcOoI9
	nDwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=R8bQIZa1wiSTs8lszahpJjvD6IMTkUXZirrY9UlsO84=;
	b=ELpV0/arF5NVqnaFW9PIZ9H8UJoO1id6677tsue/S980TZ4haJvanYnJ35rT9f204B
	einzBgpPWwhn7KI7TMEqwRw1H4xpIpv4hP+rSzCPW4EuuJKOP/UtVl+e5iDT0s+lWCut
	9Fhxp0zi9rNBQqFeG1/Z3SP6sq5jOqoNIzVqCmqVUW5MsbeZLKsrq7myT99nhiPORPgu
	N9aGg6XpDZUccS4voSrIG3WOWto7nFQJd/fXpehs/5by1g3U5iyJWGhaibg2WRXYvwaR
	95u5WGLK45XRXE1MY0RuBRhmuoPrCV4/DsFQ+dbs73gKhIxVdu4ZXUXwFbrRJZP5pg79
	R4yw==
X-Gm-Message-State: AMCzsaXdziTUNYuCsEo04kD7mVYnYZVdUuVTmP1ncRKIrETJ85Ls8ZUT
	zEcpYdzVP75KPD9IVIHwmLCCLMrM
X-Google-Smtp-Source: 
 ABhQp+TMPnStiiCOaxzfoxoVMuQc+0QzGfPQt8czWuWtuL0xsRT7GigFJL5R7AjZ6TGWslnnkIjd+A==
X-Received: by 10.107.30.73 with SMTP id e70mr1838166ioe.130.1509575310046;
	Wed, 01 Nov 2017 15:28:30 -0700 (PDT)
Received: from ebiggers-linuxstation.kir.corp.google.com ([100.66.175.88])
	by smtp.gmail.com with ESMTPSA id
	z201sm753387iod.6.2017.11.01.15.28.29
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 01 Nov 2017 15:28:29 -0700 (PDT)
From: Eric Biggers <ebiggers3@gmail.com>
To: linux-crypto@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>
Cc: keyrings@vger.kernel.org,
	Tudor-Dan Ambarus <tudor.ambarus@microchip.com>,
	Mat Martineau <mathew.j.martineau@linux.intel.com>,
	Salvatore Benedetto <salvatore.benedetto@intel.com>,
	Stephan Mueller <smueller@chronox.de>,
	Eric Biggers <ebiggers@google.com>, stable@vger.kernel.org
Subject: [PATCH 4/4] crypto: dh - don't permit 'key' or 'g' size longer than
	'p'
Date: Wed,  1 Nov 2017 15:25:17 -0700
Message-Id: <20171101222517.41602-5-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.15.0.403.gc27cc4dac6-goog
In-Reply-To: <20171101222517.41602-1-ebiggers3@gmail.com>
References: <20171101222517.41602-1-ebiggers3@gmail.com>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Eric Biggers <ebiggers@google.com>

The "qat-dh" DH implementation assumes that 'key' and 'g' can be copied
into a buffer with size 'p_size'.  However it was never checked that
that was actually the case, which allowed users to cause a buffer
underflow via KEYCTL_DH_COMPUTE.

Fix this by updating crypto_dh_decode_key() to verify this precondition
for all DH implementations.

Fixes: c9839143ebbf ("crypto: qat - Add DH support")
Cc: <stable@vger.kernel.org> # v4.8+
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/dh_helper.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c
index 708ae20d2d3c..7f00c771fe8d 100644
--- a/crypto/dh_helper.c
+++ b/crypto/dh_helper.c
@@ -83,6 +83,14 @@ int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
 	if (secret.len != crypto_dh_key_len(params))
 		return -EINVAL;
 
+	/*
+	 * Don't permit the buffer for 'key' or 'g' to be larger than 'p', since
+	 * some drivers assume otherwise.
+	 */
+	if (params->key_size > params->p_size ||
+	    params->g_size > params->p_size)
+		return -EINVAL;
+
 	/* Don't allocate memory. Set pointers to data within
 	 * the given buffer
 	 */