|
Petr Tesarik |
540857 |
From: =?UTF-8?q?Stephan=20M=C3=BCller?= <smueller@chronox.de>
|
|
Petr Tesarik |
540857 |
Date: Mon, 20 Jul 2020 19:07:48 +0200
|
|
Petr Tesarik |
540857 |
Subject: crypto: ecdh - check validity of Z before export
|
|
Petr Tesarik |
540857 |
Git-commit: e7d2b41e5c773c1e00f0f30519b9790ba7e4a58c
|
|
Petr Tesarik |
540857 |
Patch-mainline: v5.9-rc1
|
|
Petr Tesarik |
540857 |
References: bsc#1175718
|
|
Petr Tesarik |
540857 |
|
|
Petr Tesarik |
540857 |
SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of the
|
|
Petr Tesarik |
540857 |
calculated shared secret is verified before the data is returned to the
|
|
Petr Tesarik |
540857 |
caller. Thus, the export function and the validity check functions are
|
|
Petr Tesarik |
540857 |
reversed. In addition, the sensitive variables of priv and rand_z are
|
|
Petr Tesarik |
540857 |
zeroized.
|
|
Petr Tesarik |
540857 |
|
|
Petr Tesarik |
540857 |
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
|
Petr Tesarik |
540857 |
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Petr Tesarik |
540857 |
Acked-by: Neil Horman <nhorman@redhat.com>
|
|
Petr Tesarik |
540857 |
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Petr Tesarik |
540857 |
Acked-by: Petr Tesarik <ptesarik@suse.com>
|
|
Petr Tesarik |
540857 |
---
|
|
Petr Tesarik |
540857 |
crypto/ecc.c | 11 ++++++++---
|
|
Petr Tesarik |
540857 |
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
Petr Tesarik |
540857 |
|
|
Petr Tesarik |
540857 |
--- a/crypto/ecc.c
|
|
Petr Tesarik |
540857 |
+++ b/crypto/ecc.c
|
|
Petr Tesarik |
540857 |
@@ -1495,11 +1495,16 @@ int crypto_ecdh_shared_secret(unsigned i
|
|
Petr Tesarik |
540857 |
|
|
Petr Tesarik |
540857 |
ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);
|
|
Petr Tesarik |
540857 |
|
|
Petr Tesarik |
540857 |
- ecc_swap_digits(product->x, secret, ndigits);
|
|
Petr Tesarik |
540857 |
-
|
|
Petr Tesarik |
540857 |
- if (ecc_point_is_zero(product))
|
|
Petr Tesarik |
540857 |
+ if (ecc_point_is_zero(product)) {
|
|
Petr Tesarik |
540857 |
ret = -EFAULT;
|
|
Petr Tesarik |
540857 |
+ goto err_validity;
|
|
Petr Tesarik |
540857 |
+ }
|
|
Petr Tesarik |
540857 |
+
|
|
Petr Tesarik |
540857 |
+ ecc_swap_digits(product->x, secret, ndigits);
|
|
Petr Tesarik |
540857 |
|
|
Petr Tesarik |
540857 |
+err_validity:
|
|
Petr Tesarik |
540857 |
+ memzero_explicit(priv, sizeof(priv));
|
|
Petr Tesarik |
540857 |
+ memzero_explicit(rand_z, sizeof(rand_z));
|
|
Petr Tesarik |
540857 |
ecc_free_point(product);
|
|
Petr Tesarik |
540857 |
err_alloc_product:
|
|
Petr Tesarik |
540857 |
ecc_free_point(pk);
|