kernel/linux.git/crypto/ecc.c, branch v6.6.131Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.1312025-07-17T16:35:22+00:00crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()2025-07-17T16:35:22+00:00Lukas Wunnerlukas@wunner.de2025-02-02T19:00:52+00:00urn:sha1:f02f0218be412cff1c844addf58e002071be298b
commit b16510a530d1e6ab9683f04f8fb34f2e0f538275 upstream.
Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa
implementation's ->key_size() callback returns an unusually large value.
Herbert instead suggests (for a division by 8):
X / 8 + !!(X & 7)
Based on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and
use it in lieu of DIV_ROUND_UP() for ->key_size() return values.
Additionally, use the macro in ecc_digits_from_bytes(), whose "nbytes"
parameter is a ->key_size() return value in some instances, or a
user-specified ASN.1 length in the case of ecdsa_get_signature_rs().
Link: https://lore.kernel.org/r/Z3iElsILmoSu6FuC@gondor.apana.org.au/
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes2025-01-09T12:31:52+00:00Stefan Bergerstefanb@linux.ibm.com2024-05-10T01:59:21+00:00urn:sha1:55779f26eab9af12474a447001bd17070f055712
[ Upstream commit c6ab5c915da460c0397960af3c308386c3f3247b ]
Prevent ecc_digits_from_bytes from reading too many bytes from the input
byte array in case an insufficient number of bytes is provided to fill the
output digit array of ndigits. Therefore, initialize the most significant
digits with 0 to avoid trying to read too many bytes later on. Convert the
function into a regular function since it is getting too big for an inline
function.
If too many bytes are provided on the input byte array the extra bytes
are ignored since the input variable 'ndigits' limits the number of digits
that will be filled.
Fixes: d67c96fb97b5 ("crypto: ecdsa - Convert byte arrays with key coordinates to digits")
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: ecc - Silence sparse warning2023-02-14T05:39:33+00:00Herbert Xuherbert@gondor.apana.org.au2023-02-06T04:53:38+00:00urn:sha1:5072b1c211107fca80b75f0ac0ca6f90e3385837
Rewrite the bitwise operations to silence the sparse warnings:
CHECK ../crypto/ecc.c
../crypto/ecc.c:1387:39: warning: dubious: !x | y
../crypto/ecc.c:1397:47: warning: dubious: !x | y
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ecc - Export additional helper functions2021-10-29T13:04:03+00:00Daniele Alessandrellidaniele.alessandrelli@intel.com2021-10-20T10:35:36+00:00urn:sha1:eaffe377e168d25c52091cf31f5a7a6511897857
Export the following additional ECC helper functions:
- ecc_alloc_point()
- ecc_free_point()
- vli_num_bits()
- ecc_point_is_zero()
This is done to allow future ECC device drivers to re-use existing code,
thus simplifying their implementation.
Functions are exported using EXPORT_SYMBOL() (instead of
EXPORT_SYMBOL_GPL()) to be consistent with the functions already
exported by crypto/ecc.c.
Exported functions are documented in include/crypto/internal/ecc.h.
Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ecc - Move ecc.h to include/crypto/internal2021-10-29T13:04:03+00:00Daniele Alessandrellidaniele.alessandrelli@intel.com2021-10-20T10:35:35+00:00urn:sha1:a745d3ace3fd65ada44d61dafa64a2a69679ac35
Move ecc.h header file to 'include/crypto/internal' so that it can be
easily imported from everywhere in the kernel tree.
This change is done to allow crypto device drivers to re-use the symbols
exported by 'crypto/ecc.c', thus avoiding code duplication.
Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ecc - Correct an error in the comments2021-03-26T09:15:56+00:00Meng Yuyumeng18@huawei.com2021-03-19T09:13:34+00:00urn:sha1:0193b32f565e14ef07ced5d6bf8986490ec8e0f1
Remove repeated word 'bit' in comments.
Signed-off-by: Meng Yu <yumeng18@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Merge branch 'ecc'2021-03-26T08:55:55+00:00Herbert Xuherbert@gondor.apana.org.au2021-03-26T08:55:55+00:00urn:sha1:3877869d13a043a2dbab0d034e5eac3b21f4994d
This pulls in the NIST P384/256/192 x509 changes.
crypto: ecc - Add math to support fast NIST P3842021-03-26T08:41:58+00:00Saulo Alessandresaulo.alessandre@tse.jus.br2021-03-16T21:07:34+00:00urn:sha1:149ca1611d92411b812756475cf471a081dcadad
Add the math needed for NIST P384 and adapt certain functions'
parameters so that the ecc_curve is passed to vli_mmod_fast. This
allows to identify the curve by its name prefix and the appropriate
function for fast mmod calculation can be used.
Summary of changes:
* crypto/ecc.c
- add vli_mmod_fast_384
- change some routines to pass ecc_curve forward until vli_mmod_fast
* crypto/ecc.h
- add ECC_CURVE_NIST_P384_DIGITS
- change ECC_MAX_DIGITS to P384 size
Signed-off-by: Saulo Alessandre <saulo.alessandre@tse.jus.br>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ecc - Add NIST P384 curve parameters2021-03-26T08:41:58+00:00Saulo Alessandresaulo.alessandre@tse.jus.br2021-03-16T21:07:33+00:00urn:sha1:703c748d5f2c4f6d2b494405130d61b8275189cf
Add the parameters for the NIST P384 curve and define a new curve ID
for it. Make the curve available in ecc_get_curve.
Summary of changes:
* crypto/ecc_curve_defs.h
- add nist_p384 params
* include/crypto/ecdh.h
- add ECC_CURVE_NIST_P384
* crypto/ecc.c
- change ecc_get_curve to accept nist_p384
Signed-off-by: Saulo Alessandre <saulo.alessandre@tse.jus.br>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ecdsa - Add support for ECDSA signature verification2021-03-26T08:41:58+00:00Stefan Bergerstefanb@linux.ibm.com2021-03-16T21:07:32+00:00urn:sha1:4e6602916bc692ee31ac5b8bd8195fb078556844
Add support for parsing the parameters of a NIST P256 or NIST P192 key.
Enable signature verification using these keys. The new module is
enabled with CONFIG_ECDSA:
Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
is A NIST cryptographic standard algorithm. Only signature verification
is implemented.
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>