crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
This commit is contained in:
parent
261dbebcde
commit
cd87fb7a86
|
@ -417,6 +417,7 @@ linux (4.9.30-1) UNRELEASED; urgency=medium
|
|||
* sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (CVE-2017-9075)
|
||||
* ipv6/dccp: do not inherit ipv6_mc_list from parent (CVE-2017-9076
|
||||
CVE-2017-9077)
|
||||
* crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Mon, 08 May 2017 21:11:08 +0200
|
||||
|
||||
|
|
78
debian/patches/bugfix/all/crypto-skcipher-Add-missing-api-setkey-checks.patch
vendored
Normal file
78
debian/patches/bugfix/all/crypto-skcipher-Add-missing-api-setkey-checks.patch
vendored
Normal file
|
@ -0,0 +1,78 @@
|
|||
From: Herbert Xu <herbert@gondor.apana.org.au>
|
||||
Date: Wed, 10 May 2017 03:48:23 +0800
|
||||
Subject: crypto: skcipher - Add missing API setkey checks
|
||||
Origin: https://git.kernel.org/linus/9933e113c2e87a9f46a40fde8dafbf801dca1ab9
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9211
|
||||
|
||||
The API setkey checks for key sizes and alignment went AWOL during the
|
||||
skcipher conversion. This patch restores them.
|
||||
|
||||
Cc: <stable@vger.kernel.org>
|
||||
Fixes: 4e6c3df4d729 ("crypto: skcipher - Add low-level skcipher...")
|
||||
Reported-by: Baozeng <sploving1@gmail.com>
|
||||
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
||||
---
|
||||
crypto/skcipher.c | 40 +++++++++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 39 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
|
||||
index 014af74..4faa0fd 100644
|
||||
--- a/crypto/skcipher.c
|
||||
+++ b/crypto/skcipher.c
|
||||
@@ -764,6 +764,44 @@ static int crypto_init_skcipher_ops_ablkcipher(struct crypto_tfm *tfm)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int skcipher_setkey_unaligned(struct crypto_skcipher *tfm,
|
||||
+ const u8 *key, unsigned int keylen)
|
||||
+{
|
||||
+ unsigned long alignmask = crypto_skcipher_alignmask(tfm);
|
||||
+ struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
|
||||
+ u8 *buffer, *alignbuffer;
|
||||
+ unsigned long absize;
|
||||
+ int ret;
|
||||
+
|
||||
+ absize = keylen + alignmask;
|
||||
+ buffer = kmalloc(absize, GFP_ATOMIC);
|
||||
+ if (!buffer)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
|
||||
+ memcpy(alignbuffer, key, keylen);
|
||||
+ ret = cipher->setkey(tfm, alignbuffer, keylen);
|
||||
+ kzfree(buffer);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
||||
+ unsigned int keylen)
|
||||
+{
|
||||
+ struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
|
||||
+ unsigned long alignmask = crypto_skcipher_alignmask(tfm);
|
||||
+
|
||||
+ if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) {
|
||||
+ crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+
|
||||
+ if ((unsigned long)key & alignmask)
|
||||
+ return skcipher_setkey_unaligned(tfm, key, keylen);
|
||||
+
|
||||
+ return cipher->setkey(tfm, key, keylen);
|
||||
+}
|
||||
+
|
||||
static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm)
|
||||
{
|
||||
struct crypto_skcipher *skcipher = __crypto_skcipher_cast(tfm);
|
||||
@@ -784,7 +822,7 @@ static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm)
|
||||
tfm->__crt_alg->cra_type == &crypto_givcipher_type)
|
||||
return crypto_init_skcipher_ops_ablkcipher(tfm);
|
||||
|
||||
- skcipher->setkey = alg->setkey;
|
||||
+ skcipher->setkey = skcipher_setkey;
|
||||
skcipher->encrypt = alg->encrypt;
|
||||
skcipher->decrypt = alg->decrypt;
|
||||
skcipher->ivsize = alg->ivsize;
|
||||
--
|
||||
2.1.4
|
||||
|
|
@ -109,6 +109,7 @@ bugfix/all/dccp-tcp-do-not-inherit-mc_list-from-parent.patch
|
|||
bugfix/all/ipv6-prevent-overrun-when-parsing-v6-header-options.patch
|
||||
bugfix/all/sctp-do-not-inherit-ipv6_-mc-ac-fl-_list-from-parent.patch
|
||||
bugfix/all/ipv6-dccp-do-not-inherit-ipv6_mc_list-from-parent.patch
|
||||
bugfix/all/crypto-skcipher-Add-missing-api-setkey-checks.patch
|
||||
|
||||
# Fix exported symbol versions
|
||||
bugfix/ia64/revert-ia64-move-exports-to-definitions.patch
|
||||
|
|
Loading…
Reference in New Issue