Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 12 Oct 2020 15:53:06 +0000
From: kiyin(尹亮) <kiyin@...cent.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
CC: Anthony Liguori <aliguori@...zon.com>, Solar Designer <solar@...nwall.com>
Subject: Linux kernel: crypto: bcm - Verify GCM/CCM key length in setkey

There are four security bugs in Broadcom SPU driver. The patch was public in https://www.spinics.net/lists/linux-crypto/msg50839.html. CVE ID request is in progress.

Here is the patch detail:



The setkey function for GCM/CCM algorithms didn't verify the key

length before copying the key and subtracting the salt length.



This patch delays the copying of the key til after the verification

has been done.  It also adds checks on the key length to ensure

that it's at least as long as the salt.



Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver")

Cc: <stable@...xxxxxxxxxxxx>

Reported-by: kiyin(尹亮) <kiyin@...xxxxxxxx>

Signed-off-by: Herbert Xu <herbert@...xxxxxxxxxxxxxxxx>



diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c

index 5d38b87b9d77..50d169e61b41 100644

--- a/drivers/crypto/bcm/cipher.c

+++ b/drivers/crypto/bcm/cipher.c

@@ -2867,7 +2867,6 @@ static int aead_gcm_ccm_setkey(struct crypto_aead *cipher,



        ctx->enckeylen = keylen;

        ctx->authkeylen = 0;

-       memcpy(ctx->enckey, key, ctx->enckeylen);



        switch (ctx->enckeylen) {

        case AES_KEYSIZE_128:

@@ -2883,6 +2882,8 @@ static int aead_gcm_ccm_setkey(struct crypto_aead *cipher,

               goto badkey;

        }



+       memcpy(ctx->enckey, key, ctx->enckeylen);

+

        flow_log("  enckeylen:%u authkeylen:%u\n", ctx->enckeylen,

                ctx->authkeylen);

        flow_dump("  enc: ", ctx->enckey, ctx->enckeylen);

@@ -2937,6 +2938,10 @@ static int aead_gcm_esp_setkey(struct crypto_aead *cipher,

        struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);



        flow_log("%s\n", __func__);

+

+       if (keylen < GCM_ESP_SALT_SIZE)

+               return -EINVAL;

+

        ctx->salt_len = GCM_ESP_SALT_SIZE;

        ctx->salt_offset = GCM_ESP_SALT_OFFSET;

        memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);

@@ -2965,6 +2970,10 @@ static int rfc4543_gcm_esp_setkey(struct crypto_aead *cipher,

        struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);



        flow_log("%s\n", __func__);

+

+       if (keylen < GCM_ESP_SALT_SIZE)

+              return -EINVAL;

+

        ctx->salt_len = GCM_ESP_SALT_SIZE;

        ctx->salt_offset = GCM_ESP_SALT_OFFSET;

        memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);

@@ -2994,6 +3003,10 @@ static int aead_ccm_esp_setkey(struct crypto_aead *cipher,

        struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);



        flow_log("%s\n", __func__);

+

+       if (keylen < CCM_ESP_SALT_SIZE)

+              return -EINVAL;

+

        ctx->salt_len = CCM_ESP_SALT_SIZE;

        ctx->salt_offset = CCM_ESP_SALT_OFFSET;

        memcpy(ctx->salt, key + keylen - CCM_ESP_SALT_SIZE, CCM_ESP_SALT_SIZE);

--

Email: Herbert Xu <herbert@...xxxxxxxxxxxxxxxx>

Home Page: http://gondor.apana.org.au/~herbert/

PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.