diff options
author | Eric Biggers <ebiggers@google.com> | 2017-11-05 18:30:46 -0800 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2017-11-10 19:20:17 +0800 |
commit | 246c7e6f3567aba7edb45a90cc662382c4d0acca (patch) | |
tree | 5b905c57363feb73cb52b1e0fe8ca92760bd84a1 /crypto/rmd160.c | |
parent | 50f1c397040be62b563445de89dc1c563ce95c90 (diff) | |
download | linux-crypto-246c7e6f3567aba7edb45a90cc662382c4d0acca.tar.gz linux-crypto-246c7e6f3567aba7edb45a90cc662382c4d0acca.zip |
crypto: dh - Don't permit 'key' or 'g' size longer than 'p'
The "qat-dh" DH implementation assumes that 'key' and 'g' can be copied
into a buffer with size 'p_size'. However it was never checked that
that was actually the case, which most likely allowed users to cause a
buffer underflow via KEYCTL_DH_COMPUTE.
Fix this by updating crypto_dh_decode_key() to verify this precondition
for all DH implementations.
Fixes: c9839143ebbf ("crypto: qat - Add DH support")
Cc: <stable@vger.kernel.org> # v4.8+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions