diff options
| author | Lukas Wunner <lukas@wunner.de> | 2025-02-02 20:00:52 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-07-17 18:37:24 +0200 |
| commit | f2133b849ff273abddb6da622daddd8f6f6fa448 (patch) | |
| tree | 27dee2d64ef081eb6c2e573cb031d4ff87c551cf /crypto | |
| parent | 59923d508bd28163b7f318faf470af5477566687 (diff) | |
| download | linux-f2133b849ff273abddb6da622daddd8f6f6fa448.tar.gz linux-f2133b849ff273abddb6da622daddd8f6f6fa448.tar.bz2 linux-f2133b849ff273abddb6da622daddd8f6f6fa448.zip | |
crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
commit b16510a530d1e6ab9683f04f8fb34f2e0f538275 upstream.
Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa
implementation's ->key_size() callback returns an unusually large value.
Herbert instead suggests (for a division by 8):
X / 8 + !!(X & 7)
Based on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and
use it in lieu of DIV_ROUND_UP() for ->key_size() return values.
Additionally, use the macro in ecc_digits_from_bytes(), whose "nbytes"
parameter is a ->key_size() return value in some instances, or a
user-specified ASN.1 length in the case of ecdsa_get_signature_rs().
Link: https://lore.kernel.org/r/Z3iElsILmoSu6FuC@gondor.apana.org.au/
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/ecc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/ecc.c b/crypto/ecc.c index 50ad2d4ed672..6cf9a945fc6c 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -71,7 +71,7 @@ EXPORT_SYMBOL(ecc_get_curve); void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes, u64 *out, unsigned int ndigits) { - int diff = ndigits - DIV_ROUND_UP(nbytes, sizeof(u64)); + int diff = ndigits - DIV_ROUND_UP_POW2(nbytes, sizeof(u64)); unsigned int o = nbytes & 7; __be64 msd = 0; |