From patchwork Fri Jul 27 22:36:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10547783 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 55A2513BB for ; Fri, 27 Jul 2018 22:37:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4355E2C0E2 for ; Fri, 27 Jul 2018 22:37:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 335932C0FB; Fri, 27 Jul 2018 22:37:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BB1962C0E2 for ; Fri, 27 Jul 2018 22:37:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388467AbeG1ABw (ORCPT ); Fri, 27 Jul 2018 20:01:52 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:43337 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730852AbeG1ABw (ORCPT ); Fri, 27 Jul 2018 20:01:52 -0400 Received: by mail-pg1-f194.google.com with SMTP id v13-v6so3987386pgr.10 for ; Fri, 27 Jul 2018 15:37:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=dJ1Kv1ZpbHqQ4HGD+sa/SlblkKtE5QHVeBmL/P2FP2U=; b=e2PF2RhjLJhBU9gs/IxllJ+A4TzlJWHD3EIkzewUzUBW6WMQA1nUWojdMRP/H6oq0R zlngprpoJemt1ejlRlMew5h3UWxH8CEDpKkrtv1qHROz0llfzd+rec9y4SLs+aIDWLgF J/IkhULbtufQBQeYbl55Oj2941/VQpM/E1a0eGMFQvFUI/p03y5aXjeixCwh71o5aiJO 32SrodW8H/yaCqh0TZHxLZD3nBq2k+WTvaqmxuxhnspWUizkIUjNpG/o33IYpjLZsdZb 6tLRkeOrNK4l5kobcT93ucYfuGswNJQ/dB1Fs+lXHDku+n1T49OTk8//X/jX4ZCR+VRJ iPCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=dJ1Kv1ZpbHqQ4HGD+sa/SlblkKtE5QHVeBmL/P2FP2U=; b=rY2JYd7gRLGM1thMXLP1zTUYRw9edaUDRoijE/pkox/0ljS+xw6cDrIM8fIfv1R/HE qxksUfocJrkavPzkJYm+z47JD3I2D/e9JlFjRxTo+aXFDx2dd3e8Zdhjcbr//JGvbNnQ CbOKZg/vE1Ei+GGSPIJkFJd2yNEMY4OvmX2cjhpPRcOoOO4/Lhmd2CToM8XVVuR/79TZ Mzv1tuW/I4CLaHSvWkgj+QOHNnlhryYtU2T2YSMMUm5lr1ZuQ6rnLjKfqtNYc95nOAVg AIX9bKRyxoAucP3n10XF/c6lJQeSUKPUK6wv8InP1CP0Eq+Bb7GZCKjWIbzNXQt1fS9q qY2w== X-Gm-Message-State: AOUpUlEtH/pS8QD+K3Ve+JrtRCtlvjb9NwUD1kIYzVgUkC8gs4ccn2xJ 8qUHFtauTAKLkzCq4w1NleDAGUe6 X-Google-Smtp-Source: AAOMgpcPJjHpTbz+WkgAZlNNt2cVKRGWRVyTrbSEXqRhKpx+0i/pcCHDkJGoz2hegTrGEbjq3b7Ljg== X-Received: by 2002:a63:1315:: with SMTP id i21-v6mr7693894pgl.147.1532731073074; Fri, 27 Jul 2018 15:37:53 -0700 (PDT) Received: from ebiggers-linuxstation.kir.corp.google.com ([2620:15c:17:3:dc28:5c82:b905:e8a8]) by smtp.gmail.com with ESMTPSA id v15-v6sm6445592pff.120.2018.07.27.15.37.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Jul 2018 15:37:52 -0700 (PDT) From: Eric Biggers To: linux-crypto@vger.kernel.org, Herbert Xu Cc: Stephan Mueller , Eric Biggers Subject: [PATCH v2 1/2] crypto: dh - fix calculating encoded key size Date: Fri, 27 Jul 2018 15:36:10 -0700 Message-Id: <20180727223611.208286-1-ebiggers3@gmail.com> X-Mailer: git-send-email 2.18.0.345.g5c9ce644c3-goog MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers It was forgotten to increase DH_KPP_SECRET_MIN_SIZE to include 'q_size', causing an out-of-bounds write of 4 bytes in crypto_dh_encode_key(), and an out-of-bounds read of 4 bytes in crypto_dh_decode_key(). Fix it, and fix the lengths of the test vectors to match this. Reported-by: syzbot+6d38d558c25b53b8f4ed@syzkaller.appspotmail.com Fixes: e3fe0ae12962 ("crypto: dh - add public key verification test") Signed-off-by: Eric Biggers --- crypto/dh_helper.c | 2 +- crypto/testmgr.h | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c index a7de3d9ce5ace..db9b2d9c58f04 100644 --- a/crypto/dh_helper.c +++ b/crypto/dh_helper.c @@ -14,7 +14,7 @@ #include #include -#define DH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + 3 * sizeof(int)) +#define DH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + 4 * sizeof(int)) static inline u8 *dh_pack_data(void *dst, const void *src, size_t size) { diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 759462d65f412..173111c70746e 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -641,14 +641,14 @@ static const struct kpp_testvec dh_tv_template[] = { .secret = #ifdef __LITTLE_ENDIAN "\x01\x00" /* type */ - "\x11\x02" /* len */ + "\x15\x02" /* len */ "\x00\x01\x00\x00" /* key_size */ "\x00\x01\x00\x00" /* p_size */ "\x00\x00\x00\x00" /* q_size */ "\x01\x00\x00\x00" /* g_size */ #else "\x00\x01" /* type */ - "\x02\x11" /* len */ + "\x02\x15" /* len */ "\x00\x00\x01\x00" /* key_size */ "\x00\x00\x01\x00" /* p_size */ "\x00\x00\x00\x00" /* q_size */ @@ -741,7 +741,7 @@ static const struct kpp_testvec dh_tv_template[] = { "\xd3\x34\x49\xad\x64\xa6\xb1\xc0\x59\x28\x75\x60\xa7\x8a\xb0\x11" "\x56\x89\x42\x74\x11\xf5\xf6\x5e\x6f\x16\x54\x6a\xb1\x76\x4d\x50" "\x8a\x68\xc1\x5b\x82\xb9\x0d\x00\x32\x50\xed\x88\x87\x48\x92\x17", - .secret_size = 529, + .secret_size = 533, .b_public_size = 256, .expected_a_public_size = 256, .expected_ss_size = 256, @@ -750,14 +750,14 @@ static const struct kpp_testvec dh_tv_template[] = { .secret = #ifdef __LITTLE_ENDIAN "\x01\x00" /* type */ - "\x11\x02" /* len */ + "\x15\x02" /* len */ "\x00\x01\x00\x00" /* key_size */ "\x00\x01\x00\x00" /* p_size */ "\x00\x00\x00\x00" /* q_size */ "\x01\x00\x00\x00" /* g_size */ #else "\x00\x01" /* type */ - "\x02\x11" /* len */ + "\x02\x15" /* len */ "\x00\x00\x01\x00" /* key_size */ "\x00\x00\x01\x00" /* p_size */ "\x00\x00\x00\x00" /* q_size */ @@ -850,7 +850,7 @@ static const struct kpp_testvec dh_tv_template[] = { "\x5e\x5a\x64\xbd\xf6\x85\x04\xe8\x28\x6a\xac\xef\xce\x19\x8e\x9a" "\xfe\x75\xc0\x27\x69\xe3\xb3\x7b\x21\xa7\xb1\x16\xa4\x85\x23\xee" "\xb0\x1b\x04\x6e\xbd\xab\x16\xde\xfd\x86\x6b\xa9\x95\xd7\x0b\xfd", - .secret_size = 529, + .secret_size = 533, .b_public_size = 256, .expected_a_public_size = 256, .expected_ss_size = 256, From patchwork Fri Jul 27 22:36:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10547785 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 62A1113BB for ; Fri, 27 Jul 2018 22:37:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 52C232C0E2 for ; Fri, 27 Jul 2018 22:37:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 471772C0FB; Fri, 27 Jul 2018 22:37:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E1ADA2C0E2 for ; Fri, 27 Jul 2018 22:37:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388497AbeG1ABz (ORCPT ); Fri, 27 Jul 2018 20:01:55 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:46789 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388527AbeG1ABz (ORCPT ); Fri, 27 Jul 2018 20:01:55 -0400 Received: by mail-pf1-f193.google.com with SMTP id u24-v6so2183166pfn.13 for ; Fri, 27 Jul 2018 15:37:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2DqahOOuGr2/Ipc4dV8oFPuTl3whkqfOr9abfV8bIKs=; b=QtbE9Wst5ym5qJfsnj+pwzfx104MPTB6RKA7suzKE1dwEGWu8RLmmipMTFeyWFtbxG DysuuTXpkVBPxoLEU/brvZVFEbfKYrjC1uNTbITJ204Z2mLaem6kV9atfUou9KyIcETZ J6sQV4DPMKz4QR6G/bl+ag/xAw+xkbZQqTtLtU2iWM8cRjqD5SR9F1A41sAYf0tBkCNJ DE+E1lNZWrmRkehmT7FqHUxLN4CHt4p5SUh8pvLjgOF8OAE/7gRXZC+Ur3DN5Clxdfg0 xmtTfAv24K8AhtmMqNSGJPEAxZbWEjMkdqpL3TGj9d7B8BeKO2extTmS+YZS67rBcj4P QtAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2DqahOOuGr2/Ipc4dV8oFPuTl3whkqfOr9abfV8bIKs=; b=UgZIP3zmtM0AevNq78q0erfAM0nj4ARiiF5Ta71Nyssrs0f5Z0DLB2caWyHq3+VBk7 Bjv3KfJmEqSyP7HXmc56ec3xhGby4lak7WtIlM4P8ME50a54ADu2nMefgJXhXAGMeLjx 7Y29BAz8Iez7mym2pRKsaZ0gi/GPw2NMpHOsJJ7f8/enlhiGKvXHzP1U9iGbY7oCzqRb cUzOZSqHs7t5hNHdPWjKt4ZTKwrM2tvKwaQ3sIcyRwg+Wo66rT8WgL5Klt7w9tCKCCq9 7uSKiMyDCYGrzMbJfQ3DVC5a+xnCdk+7WYOALpV+frDtNwyIxlaNkhFVnti3RaYv5xlp S57w== X-Gm-Message-State: AOUpUlGUj7QbU36SagZ/C3KSVGdMCdWBqHWNq/wbHdj/PCUK04Sb/4zT qAp+1+6QGsbmRBy0qaVN0lpSerwy X-Google-Smtp-Source: AAOMgpeRJAjPoK9KHvYxX98utXSwlfAY96WPieabJQLT6atUxRnnSPe8F66K5PjC8y4SV00HswkWGg== X-Received: by 2002:a63:1403:: with SMTP id u3-v6mr7653408pgl.13.1532731075934; Fri, 27 Jul 2018 15:37:55 -0700 (PDT) Received: from ebiggers-linuxstation.kir.corp.google.com ([2620:15c:17:3:dc28:5c82:b905:e8a8]) by smtp.gmail.com with ESMTPSA id v15-v6sm6445592pff.120.2018.07.27.15.37.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Jul 2018 15:37:55 -0700 (PDT) From: Eric Biggers To: linux-crypto@vger.kernel.org, Herbert Xu Cc: Stephan Mueller , Eric Biggers Subject: [PATCH v2 2/2] crypto: dh - make crypto_dh_encode_key() make robust Date: Fri, 27 Jul 2018 15:36:11 -0700 Message-Id: <20180727223611.208286-2-ebiggers3@gmail.com> X-Mailer: git-send-email 2.18.0.345.g5c9ce644c3-goog In-Reply-To: <20180727223611.208286-1-ebiggers3@gmail.com> References: <20180727223611.208286-1-ebiggers3@gmail.com> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Make it return -EINVAL if crypto_dh_key_len() is incorrect rather than overflowing the buffer. Signed-off-by: Eric Biggers --- crypto/dh_helper.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c index db9b2d9c58f04..edacda5f6a4d3 100644 --- a/crypto/dh_helper.c +++ b/crypto/dh_helper.c @@ -16,8 +16,10 @@ #define DH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + 4 * sizeof(int)) -static inline u8 *dh_pack_data(void *dst, const void *src, size_t size) +static inline u8 *dh_pack_data(u8 *dst, u8 *end, const void *src, size_t size) { + if (!dst || size > end - dst) + return NULL; memcpy(dst, src, size); return dst + size; } @@ -42,27 +44,27 @@ EXPORT_SYMBOL_GPL(crypto_dh_key_len); int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params) { u8 *ptr = buf; + u8 * const end = ptr + len; struct kpp_secret secret = { .type = CRYPTO_KPP_SECRET_TYPE_DH, .len = len }; - if (unlikely(!buf)) + if (unlikely(!len)) return -EINVAL; - if (len != crypto_dh_key_len(params)) + ptr = dh_pack_data(ptr, end, &secret, sizeof(secret)); + ptr = dh_pack_data(ptr, end, ¶ms->key_size, + sizeof(params->key_size)); + ptr = dh_pack_data(ptr, end, ¶ms->p_size, sizeof(params->p_size)); + ptr = dh_pack_data(ptr, end, ¶ms->q_size, sizeof(params->q_size)); + ptr = dh_pack_data(ptr, end, ¶ms->g_size, sizeof(params->g_size)); + ptr = dh_pack_data(ptr, end, params->key, params->key_size); + ptr = dh_pack_data(ptr, end, params->p, params->p_size); + ptr = dh_pack_data(ptr, end, params->q, params->q_size); + ptr = dh_pack_data(ptr, end, params->g, params->g_size); + if (ptr != end) return -EINVAL; - - ptr = dh_pack_data(ptr, &secret, sizeof(secret)); - ptr = dh_pack_data(ptr, ¶ms->key_size, sizeof(params->key_size)); - ptr = dh_pack_data(ptr, ¶ms->p_size, sizeof(params->p_size)); - ptr = dh_pack_data(ptr, ¶ms->q_size, sizeof(params->q_size)); - ptr = dh_pack_data(ptr, ¶ms->g_size, sizeof(params->g_size)); - ptr = dh_pack_data(ptr, params->key, params->key_size); - ptr = dh_pack_data(ptr, params->p, params->p_size); - ptr = dh_pack_data(ptr, params->q, params->q_size); - dh_pack_data(ptr, params->g, params->g_size); - return 0; } EXPORT_SYMBOL_GPL(crypto_dh_encode_key);