[linux] 01/02: crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Thu Jun 1 07:08:45 UTC 2017 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch sid
in repository linux.

commit cd87fb7a86f1098194adbe71d70faceec905a52a
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Thu Jun 1 08:28:54 2017 +0200

    crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
---
 debian/changelog                                   |  1 +
 ...to-skcipher-Add-missing-api-setkey-checks.patch | 78 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 80 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 501a3c4..cc7b9bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -417,6 +417,7 @@ linux (4.9.30-1) UNRELEASED; urgency=medium
   * sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (CVE-2017-9075)
   * ipv6/dccp: do not inherit ipv6_mc_list from parent (CVE-2017-9076
     CVE-2017-9077)
+  * crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Mon, 08 May 2017 21:11:08 +0200
 
diff --git a/debian/patches/bugfix/all/crypto-skcipher-Add-missing-api-setkey-checks.patch b/debian/patches/bugfix/all/crypto-skcipher-Add-missing-api-setkey-checks.patch
new file mode 100644
index 0000000..348bb5f
--- /dev/null
+++ b/debian/patches/bugfix/all/crypto-skcipher-Add-missing-api-setkey-checks.patch
@@ -0,0 +1,78 @@
+From: Herbert Xu <herbert at gondor.apana.org.au>
+Date: Wed, 10 May 2017 03:48:23 +0800
+Subject: crypto: skcipher - Add missing API setkey checks
+Origin: https://git.kernel.org/linus/9933e113c2e87a9f46a40fde8dafbf801dca1ab9
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9211
+
+The API setkey checks for key sizes and alignment went AWOL during the
+skcipher conversion.  This patch restores them.
+
+Cc: <stable at vger.kernel.org>
+Fixes: 4e6c3df4d729 ("crypto: skcipher - Add low-level skcipher...")
+Reported-by: Baozeng <sploving1 at gmail.com>
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+---
+ crypto/skcipher.c | 40 +++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 39 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/skcipher.c b/crypto/skcipher.c
+index 014af74..4faa0fd 100644
+--- a/crypto/skcipher.c
++++ b/crypto/skcipher.c
+@@ -764,6 +764,44 @@ static int crypto_init_skcipher_ops_ablkcipher(struct crypto_tfm *tfm)
+ 	return 0;
+ }
+ 
++static int skcipher_setkey_unaligned(struct crypto_skcipher *tfm,
++				     const u8 *key, unsigned int keylen)
++{
++	unsigned long alignmask = crypto_skcipher_alignmask(tfm);
++	struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
++	u8 *buffer, *alignbuffer;
++	unsigned long absize;
++	int ret;
++
++	absize = keylen + alignmask;
++	buffer = kmalloc(absize, GFP_ATOMIC);
++	if (!buffer)
++		return -ENOMEM;
++
++	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
++	memcpy(alignbuffer, key, keylen);
++	ret = cipher->setkey(tfm, alignbuffer, keylen);
++	kzfree(buffer);
++	return ret;
++}
++
++static int skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
++			   unsigned int keylen)
++{
++	struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
++	unsigned long alignmask = crypto_skcipher_alignmask(tfm);
++
++	if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) {
++		crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
++		return -EINVAL;
++	}
++
++	if ((unsigned long)key & alignmask)
++		return skcipher_setkey_unaligned(tfm, key, keylen);
++
++	return cipher->setkey(tfm, key, keylen);
++}
++
+ static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm)
+ {
+ 	struct crypto_skcipher *skcipher = __crypto_skcipher_cast(tfm);
+@@ -784,7 +822,7 @@ static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm)
+ 	    tfm->__crt_alg->cra_type == &crypto_givcipher_type)
+ 		return crypto_init_skcipher_ops_ablkcipher(tfm);
+ 
+-	skcipher->setkey = alg->setkey;
++	skcipher->setkey = skcipher_setkey;
+ 	skcipher->encrypt = alg->encrypt;
+ 	skcipher->decrypt = alg->decrypt;
+ 	skcipher->ivsize = alg->ivsize;
+-- 
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 0ea503a..3a3e27b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -109,6 +109,7 @@ bugfix/all/dccp-tcp-do-not-inherit-mc_list-from-parent.patch
 bugfix/all/ipv6-prevent-overrun-when-parsing-v6-header-options.patch
 bugfix/all/sctp-do-not-inherit-ipv6_-mc-ac-fl-_list-from-parent.patch
 bugfix/all/ipv6-dccp-do-not-inherit-ipv6_mc_list-from-parent.patch
+bugfix/all/crypto-skcipher-Add-missing-api-setkey-checks.patch
 
 # Fix exported symbol versions
 bugfix/ia64/revert-ia64-move-exports-to-definitions.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list