diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-01-08 12:05:11 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-01-08 12:05:11 -0800 |
| commit | ea1c87c156d94dd78b4f5267ec40c403b2da7e14 (patch) | |
| tree | 84a8227bbcc316a022f3d58d09ac1a165b0c76e2 | |
| parent | ef0ba05538299f1391cbe097de36895bb36ecfe6 (diff) | |
| parent | 0aa171e9b267ce7c52d3a3df7bc9c1fc0203dec5 (diff) | |
| download | linux-ea1c87c156d94dd78b4f5267ec40c403b2da7e14.tar.bz2 | |
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu:
"This fixes a functional bug in arm/chacha-neon as well as a potential
buffer overflow in ecdh"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
crypto: arm/chacha-neon - add missing counter increment
| -rw-r--r-- | arch/arm/crypto/chacha-glue.c | 1 | ||||
| -rw-r--r-- | crypto/ecdh.c | 3 |
2 files changed, 3 insertions, 1 deletions
diff --git a/arch/arm/crypto/chacha-glue.c b/arch/arm/crypto/chacha-glue.c index 7b5cf8430c6d..cdde8fd01f8f 100644 --- a/arch/arm/crypto/chacha-glue.c +++ b/arch/arm/crypto/chacha-glue.c @@ -60,6 +60,7 @@ static void chacha_doneon(u32 *state, u8 *dst, const u8 *src, chacha_block_xor_neon(state, d, s, nrounds); if (d != dst) memcpy(dst, buf, bytes); + state[12]++; } } diff --git a/crypto/ecdh.c b/crypto/ecdh.c index d56b8603dec9..96f80c8f8e30 100644 --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -39,7 +39,8 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, struct ecdh params; unsigned int ndigits; - if (crypto_ecdh_decode_key(buf, len, ¶ms) < 0) + if (crypto_ecdh_decode_key(buf, len, ¶ms) < 0 || + params.key_size > sizeof(ctx->private_key)) return -EINVAL; ndigits = ecdh_supported_curve(params.curve_id); |