Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp1257564lqa; Mon, 29 Apr 2024 03:14:26 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUvHCOwUNAZIK8Z5uru9eJEKvtk2wlk5CXYHF6AdINDmj9gysUZF9tlbh+z6Eq85xs9OrOQFJFBRk8NIE0xcdNthPLwf6ibYbCJ9zQVhw== X-Google-Smtp-Source: AGHT+IGq+8OcvQXt4wInmHXzEF0nSDzgj94xE5u4bt9bFtI2HiYbGRS34Q8uoyrjOy92Vo/fKsIW X-Received: by 2002:a05:620a:4901:b0:790:5e5c:c666 with SMTP id vy1-20020a05620a490100b007905e5cc666mr11668224qkn.24.1714385666419; Mon, 29 Apr 2024 03:14:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714385666; cv=pass; d=google.com; s=arc-20160816; b=EPgUd+43G5sSR0ZFifvnGgU1daxZ3Km7cHvi+kRxArvBS5T3pV+r9t81DwwEhQhBiE UAgahqZOwqkkhiJVutz4iKkzN7kMPy3oi8CN3rfCC4MeMKc9ojlCMlkUhQa8WjpOCqsc mNSulMACVwuHTtBGbOO92yEqlbVAsjCCC/eAXGYbQm8+8GbU5nDbEBgNlsKOzGUdInkQ NX3BK8ScyxjxKn5q59vwwD6SZP7pgBplqP3pxNyh7y10uNSeNpqQVZuqCbCi/UDpcFPS uOKS8/1kgrQiAOzOZOLbzGeQMue7ZYrxtgrTC9BJhuAv7uCjEayOVoydQxyCAhTbnQBt GePA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=zhgN/g+kzP06QsuyOGxflQHltDL+DE2LRAzvVP8bytQ=; fh=xE5YTI5Vz/T/0KQI6LA2cRkUjkNzEWkwhURxXq5XgFI=; b=HG/uvZb72+LLIW/WMEw4vgmn7CnvX2RzzRUSI2WGDHLgWfgbvMxpvbjLePwKb2uam4 wiX4pIfyzZ7ewmr7Qx+HnvPjrJ2SDaeLfLH0a3mCtx8ybXS0hBwu3wVg1X0iCreU4OOR DXDTsjgGhPHBLbRLj4lqmzTXECeHkKa3Hvx9TFsyKPDpieuYlNLyxqDr6GhfitxeMZDu 8ZJs4WiXo564GGTeesPwZG5uPsn9hUnsipEY/hNnalBswaDBOeRm3UBO4xSpX5RTQeFO 9N2KZhNR2qT6Nxj7PZ7Otv+zTw7BTkAkUki2M74OMIkTjiC5bTNGpdlmHSYLjfeApF0J 09DQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BUHpADFw; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-3923-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3923-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id v25-20020ae9e319000000b00790fb541c84si979111qkf.709.2024.04.29.03.14.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 03:14:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-3923-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BUHpADFw; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-3923-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3923-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 2A41F1C21931 for ; Mon, 29 Apr 2024 10:14:26 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0871B2C6B9; Mon, 29 Apr 2024 10:14:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BUHpADFw" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B27132C197; Mon, 29 Apr 2024 10:14:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714385659; cv=none; b=pc8o94+64USCIzrCnPM1bK1EcRzzDY9/+jFJohTT1+4ZCnv3rTsno5B6AOm5Y7AfdAXGJKkT9qLe9KoNfSRS64DhMzY38GvotFLkvoTXSB1ddvGUlkFnTO38nu97T+XdjO+3orCIaf3+V4FIwgFctmriTYs/i/35gIG08A3nvSM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714385659; c=relaxed/simple; bh=YcDX2gtA1upRunky4YulPdClIRM9LlKPd3x7OkzMfrc=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=aTep8Jo5nHSop18vsxB7+hWwH67YlaaDjK1/0uPi9hwTt5ymyNnDKdFuBPZ8IQa+kLgRWuv2qzeUZBzLHBKhdvdI3FAw15GMGeLijXJdzlcFMpUiy+2tRkgL8HPHGK116FNjhjbUipszVqbNzqBiaJ3wx6WBzkeKOFuk6viWnZQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BUHpADFw; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id C5C93C113CD; Mon, 29 Apr 2024 10:14:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714385659; bh=YcDX2gtA1upRunky4YulPdClIRM9LlKPd3x7OkzMfrc=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=BUHpADFwbm37BECuSgJ+sS7UhKGvqpIB4JgwTLJmNh1prZ7p3goMV9HoLqidnrgwc jNQgI3tT2XzZ+dibQV9MKRfMthyQXnkljhHo+qJSLAK3hox5K0dyLzQbKukfbkpTZh vmnrGwV37VTaMqDDjHzFNXPRogQEhEFocQTebjGNj26oHbTT2sKfs2iJfOCThp8aCe nDrKhejaB3ldvvdO4WXMNn4cQxpQ9mjbMo8CqopVbPwOtkCn3SWUUjlqXJnBjrZ8Lc N98cdFSpTABLVEgvck12EMS1Xt2rr5tSDkgiAwZl+Pc/Di/bOeBd3s51XiNbXm4SJF DSSHR1Ody8NBQ== Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Mon, 29 Apr 2024 13:14:15 +0300 Message-Id: Cc: "Stefan Berger" , , , , , Subject: Re: [PATCH] crypto: ecc - Protect ecc_digits_from_bytes from reading too many bytes From: "Jarkko Sakkinen" To: "Lukas Wunner" X-Mailer: aerc 0.17.0 References: <20240426225553.3038070-1-stefanb@linux.ibm.com> In-Reply-To: On Mon Apr 29, 2024 at 6:30 AM EEST, Lukas Wunner wrote: > On Mon, Apr 29, 2024 at 01:12:00AM +0300, Jarkko Sakkinen wrote: > > On Sat Apr 27, 2024 at 1:55 AM EEST, Stefan Berger wrote: > > > Protect ecc_digits_from_bytes from reading too many bytes from the in= put > > > byte array in case an insufficient number of bytes is provided to fil= l the > > > output digit array of ndigits. Therefore, initialize the most signifi= cant > > > digits with 0 to avoid trying to read too many bytes later on. > > > > > > If too many bytes are provided on the input byte array the extra byte= s > > > are ignored since the input variable 'ndigits' limits the number of d= igits > > > that will be filled. > > > > > > Fixes: d67c96fb97b5 ("crypto: ecdsa - Convert byte arrays with key co= ordinates to digits") > > > Signed-off-by: Stefan Berger > > > --- > > > include/crypto/internal/ecc.h | 7 +++++++ > > > 1 file changed, 7 insertions(+) > > > > > > diff --git a/include/crypto/internal/ecc.h b/include/crypto/internal/= ecc.h > > > index 7ca1f463d1ec..56215f14ff96 100644 > > > --- a/include/crypto/internal/ecc.h > > > +++ b/include/crypto/internal/ecc.h > > > @@ -67,9 +67,16 @@ static inline void ecc_swap_digits(const void *in,= u64 *out, unsigned int ndigit > > > static inline void ecc_digits_from_bytes(const u8 *in, unsigned int = nbytes, > > > u64 *out, unsigned int ndigits) > > > { > > > + int diff =3D ndigits - DIV_ROUND_UP(nbytes, sizeof(u64)); > > > unsigned int o =3D nbytes & 7; > > > __be64 msd =3D 0; > > > =20 > > > + /* diff > 0: not enough input bytes: set most significant digits to= 0 */ > > > + while (diff > 0) { > > > + out[--ndigits] =3D 0; > > > + diff--; > > > + } > >=20 > > Could be just trivial for-loop: > >=20 > > for (i =3D 0; i < diff; i++) > > out[--ndigits] =3D 0; > >=20 > > Or also simpler while-loop could work: > >=20 > > while (diff-- > 0) > > out[--ndigits] =3D 0; > > Or just use memset(), which uses optimized instructions on many arches. Yeah, sure, that would be even better, or even memzero_explicit()? BR, Jarkko