diff options
author | Stefan Agner <stefan.agner@toradex.com> | 2017-12-13 21:31:49 +0100 |
---|---|---|
committer | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2017-12-21 15:14:59 +0100 |
commit | 688f897ddd96968cf59a2d67afe2a394a0bf8ab3 (patch) | |
tree | e303dd2f94a5c670a318008c891674e116558e6b /crypto/dh_helper.c | |
parent | a898b45a9c18bd9d723f82576a5b32a102808a09 (diff) | |
parent | fb2d2dee504a963efdcb76517b5cdf25444cf535 (diff) |
Merge remote-tracking branch 'linux-fslc/4.9-1.0.x-imx' into toradex_4.9-1.0.x-imx-next
Diffstat (limited to 'crypto/dh_helper.c')
-rw-r--r-- | crypto/dh_helper.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c index 02db76b20d00..14539904416e 100644 --- a/crypto/dh_helper.c +++ b/crypto/dh_helper.c @@ -83,6 +83,14 @@ int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params) if (secret.len != crypto_dh_key_len(params)) return -EINVAL; + /* + * Don't permit the buffer for 'key' or 'g' to be larger than 'p', since + * some drivers assume otherwise. + */ + if (params->key_size > params->p_size || + params->g_size > params->p_size) + return -EINVAL; + /* Don't allocate memory. Set pointers to data within * the given buffer */ @@ -90,6 +98,14 @@ int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params) params->p = (void *)(ptr + params->key_size); params->g = (void *)(ptr + params->key_size + params->p_size); + /* + * Don't permit 'p' to be 0. It's not a prime number, and it's subject + * to corner cases such as 'mod 0' being undefined or + * crypto_kpp_maxsize() returning 0. + */ + if (memchr_inv(params->p, 0, params->p_size) == NULL) + return -EINVAL; + return 0; } EXPORT_SYMBOL_GPL(crypto_dh_decode_key); |