include · a63785d3294e9d7704db04500400fd8bb4b59a69 · Upstream / linux-stable

crypto: hmac - require that the underlying hash algorithm is unkeyed

Eric Biggers authored 7 years ago

commit af3ff804 upstream.

Because the HMAC template didn't check that its underlying hash
algorithm is unkeyed, trying to use "hmac(hmac(sha3-512-generic))"
through AF_ALG or through KEYCTL_DH_COMPUTE resulted in the inner HMAC
being used without having been keyed, resulting in sha3_update() being
called without sha3_init(), causing a stack buffer overflow.

This is a very old bug, but it seems to have only started causing real
problems when SHA-3 support was added (requires CONFIG_CRYPTO_SHA3)
because the innermost hash's state is ->import()ed from a zeroed buffer,
and it just so happens that other hash algorithms are fine with that,
but SHA-3 is not.  However, there could be arch or hardware-dependent
hash algorithms also affected; I couldn't test everything.

Fix the bug by introducing a function crypto_shash_alg_has_setkey()
which tests whether a shash algorithm is keyed.  Then update the HMAC
templat...

a63785d3

Name	Last commit	Last update
..
acpi	ACPICA: Tables: Fix an issue that FACS initialization is performed twice	9 years ago
asm-generic	fcntl: Don't use ambiguous SIG_POLL si_codes	7 years ago
crypto	crypto: hmac - require that the underlying hash algorithm is unkeyed	7 years ago
drm	drm: Fix an unwanted master inheritance v2	9 years ago
keys	encrypted-keys: add key format support	13 years ago
linux	KEYS: prevent creating a different user's keyrings	7 years ago
math-emu	math-emu: correct test for downshifting fraction in _FP_FROM_INT()	14 years ago
media	tuner: Fix numberspace conflict between xc4000 and pti 5nf05 tuners	13 years ago
misc	[media] altera-stapl: it is time to move out from staging	13 years ago
mtd	mtd: kill old field for `struct mtd_info_user'	13 years ago
net	Bluetooth: hidp: verify l2cap sockets	7 years ago
pcmcia	Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6	13 years ago
rdma	IB/core: Add inline function to validate port	7 years ago
rxrpc	atomic: use <linux/atomic.h>	13 years ago
scsi	scsi: sd: Implement blacklist option for WRITE SAME w/ UNMAP	7 years ago
sound	ALSA: seq: Avoid invalid lockdep class warning	7 years ago
target	target: Fix lookup of dynamic NodeACLs during cached demo-mode operation	12 years ago
trace	KVM: Fix stack-out-of-bounds read in write_mmio	7 years ago
video	OMAPDSS: HDMI: PHY burnout fix	13 years ago
xen	xen: Add RING_COPY_REQUEST()	9 years ago
Kbuild	[SCSI] FC Pass Thru support	16 years ago

GitLab

Menu

Download source code

Download this directory