From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH] Revert "crypto/ecc: Remove stack VLA usage"
Date: Mon, 26 Mar 2018 16:03:08 -0700 [thread overview]
Message-ID: <20180326230308.GA27259@beast> (raw)
This reverts commit 14de52112ee70ca289fa77bf2d9cbc79fd2c811f.
The solution was incomplete and inefficient. This will be fixed
correctly in the next patch.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
crypto/ecc.c | 23 ++++++-----------------
1 file changed, 6 insertions(+), 17 deletions(-)
diff --git a/crypto/ecc.c b/crypto/ecc.c
index 9c066b5ac12d..18f32f2a5e1c 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1025,7 +1025,9 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
{
int ret = 0;
struct ecc_point *product, *pk;
- u64 *priv, *rand_z;
+ u64 priv[ndigits];
+ u64 rand_z[ndigits];
+ unsigned int nbytes;
const struct ecc_curve *curve = ecc_get_curve(curve_id);
if (!private_key || !public_key || !curve) {
@@ -1033,22 +1035,14 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
goto out;
}
- priv = kmalloc_array(ndigits, sizeof(*priv), GFP_KERNEL);
- if (!priv) {
- ret = -ENOMEM;
- goto out;
- }
+ nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
- rand_z = kmalloc_array(ndigits, sizeof(*rand_z), GFP_KERNEL);
- if (!rand_z) {
- ret = -ENOMEM;
- goto kfree_out;
- }
+ get_random_bytes(rand_z, nbytes);
pk = ecc_alloc_point(ndigits);
if (!pk) {
ret = -ENOMEM;
- goto kfree_out;
+ goto out;
}
product = ecc_alloc_point(ndigits);
@@ -1057,8 +1051,6 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
goto err_alloc_product;
}
- get_random_bytes(rand_z, ndigits << ECC_DIGITS_TO_BYTES_SHIFT);
-
ecc_swap_digits(public_key, pk->x, ndigits);
ecc_swap_digits(&public_key[ndigits], pk->y, ndigits);
ecc_swap_digits(private_key, priv, ndigits);
@@ -1073,9 +1065,6 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
ecc_free_point(product);
err_alloc_product:
ecc_free_point(pk);
-kfree_out:
- kzfree(priv);
- kzfree(rand_z);
out:
return ret;
}
--
2.7.4
--
Kees Cook
Pixel Security
next reply other threads:[~2018-03-26 23:03 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-26 23:03 Kees Cook [this message]
2018-03-30 16:39 ` [PATCH] Revert "crypto/ecc: Remove stack VLA usage" Herbert Xu
2018-03-30 16:49 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180326230308.GA27259@beast \
--to=keescook@chromium.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox