linux/security/keys
Eric Biggers 3619dec510 dh key: fix rounding up KDF output length
Commit 383203eff7 ("dh key: get rid of stack allocated array") changed
kdf_ctr() to assume that the length of key material to derive is a
multiple of the digest size.  The length was supposed to be rounded up
accordingly.  However, the round_up() macro was used which only gives
the correct result on power-of-2 arguments, whereas not all hash
algorithms have power-of-2 digest sizes.  In some cases this resulted in
a write past the end of the 'outbuf' buffer.

Fix it by switching to roundup(), which works for non-power-of-2 inputs.

Reported-by: syzbot+486f97f892efeb2075a3@syzkaller.appspotmail.com
Reported-by: syzbot+29d17b7898b41ee120a5@syzkaller.appspotmail.com
Reported-by: syzbot+8a608baf8751184ec727@syzkaller.appspotmail.com
Reported-by: syzbot+d04e58bd384f1fe0b112@syzkaller.appspotmail.com
Fixes: 383203eff7 ("dh key: get rid of stack allocated array")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: James Morris <james.morris@microsoft.com>
2018-06-26 09:43:05 -07:00
..
encrypted-keys
big_key.c big key: get rid of stack array allocation 2018-05-11 13:07:45 -07:00
compat_dh.c
compat.c
dh.c dh key: fix rounding up KDF output length 2018-06-26 09:43:05 -07:00
gc.c
internal.h
Kconfig
key.c
keyctl.c
keyring.c
Makefile
permission.c
persistent.c
proc.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
process_keys.c
request_key_auth.c
request_key.c
sysctl.c
trusted.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
trusted.h
user_defined.c