kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/crypto-ecdh-check-validity-of-z-before-export

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   a291df1060d059dec7398fafd04574060e099842
  2.   patches.suse
  3.   crypto-ecdh-check-validity-of-z-before-export
Blob History Raw
Petr Tesarik 540857 
From: =?UTF-8?q?Stephan=20M=C3=BCller?= <smueller@chronox.de>
Petr Tesarik 540857 
Date: Mon, 20 Jul 2020 19:07:48 +0200
Petr Tesarik 540857 
Subject: crypto: ecdh - check validity of Z before export
Petr Tesarik 540857 
Git-commit: e7d2b41e5c773c1e00f0f30519b9790ba7e4a58c
Petr Tesarik 540857 
Patch-mainline: v5.9-rc1
Petr Tesarik 540857 
References: bsc#1175718
Petr Tesarik 540857
Petr Tesarik 540857 
SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of the
Petr Tesarik 540857 
calculated shared secret is verified before the data is returned to the
Petr Tesarik 540857 
caller. Thus, the export function and the validity check functions are
Petr Tesarik 540857 
reversed. In addition, the sensitive variables of priv and rand_z are
Petr Tesarik 540857 
zeroized.
Petr Tesarik 540857
Petr Tesarik 540857 
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Petr Tesarik 540857 
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Petr Tesarik 540857 
Acked-by: Neil Horman <nhorman@redhat.com>
Petr Tesarik 540857 
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Petr Tesarik 540857 
Acked-by: Petr Tesarik <ptesarik@suse.com>
Petr Tesarik 540857 
---
Petr Tesarik 540857 
 crypto/ecc.c |   11 ++++++++---
Petr Tesarik 540857 
 1 file changed, 8 insertions(+), 3 deletions(-)
Petr Tesarik 540857
Petr Tesarik 540857 
--- a/crypto/ecc.c
Petr Tesarik 540857 
+++ b/crypto/ecc.c
Petr Tesarik 540857 
@@ -1495,11 +1495,16 @@ int crypto_ecdh_shared_secret(unsigned i
Petr Tesarik 540857
Petr Tesarik 540857 
 	ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);
Petr Tesarik 540857
Petr Tesarik 540857 
-	ecc_swap_digits(product->x, secret, ndigits);
Petr Tesarik 540857 
-
Petr Tesarik 540857 
-	if (ecc_point_is_zero(product))
Petr Tesarik 540857 
+	if (ecc_point_is_zero(product)) {
Petr Tesarik 540857 
 		ret = -EFAULT;
Petr Tesarik 540857 
+		goto err_validity;
Petr Tesarik 540857 
+	}
Petr Tesarik 540857 
+
Petr Tesarik 540857 
+	ecc_swap_digits(product->x, secret, ndigits);
Petr Tesarik 540857
Petr Tesarik 540857 
+err_validity:
Petr Tesarik 540857 
+	memzero_explicit(priv, sizeof(priv));
Petr Tesarik 540857 
+	memzero_explicit(rand_z, sizeof(rand_z));
Petr Tesarik 540857 
 	ecc_free_point(product);
Petr Tesarik 540857 
 err_alloc_product:
Petr Tesarik 540857 
 	ecc_free_point(pk);
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.