| Message ID | 20240401121623.110263-1-r.smirnov@omp.ru (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: ecc: remove checks in crypto_ecdh_shared_secret() and ecc_make_pub_key() | expand |
On Mon, Apr 01, 2024 at 03:16:23PM +0300, Roman Smirnov wrote: > With the current state of the code, ecc_get_curve() cannot return > NULL in crypto_ecdh_shared_secret() and ecc_make_pub_key(). This is > conditioned by the fact that they are only called from ecdh_compute_value(), > which implements the kpp_alg::{generate_public_key,compute_shared_secret}() > methods. Also ecdh implements the kpp_alg::init() method, which is called > before the other methods and sets ecdh_ctx::curve_id to a valid value. > > Signed-off-by: Roman Smirnov <r.smirnov@omp.ru> > Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru> > --- > crypto/ecc.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Patch applied. Thanks.
diff --git a/crypto/ecc.c b/crypto/ecc.c index f53fb4d6af99..5028f7b9d7c7 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -1515,7 +1515,7 @@ int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits, u64 priv[ECC_MAX_DIGITS]; const struct ecc_curve *curve = ecc_get_curve(curve_id); - if (!private_key || !curve || ndigits > ARRAY_SIZE(priv)) { + if (!private_key || ndigits > ARRAY_SIZE(priv)) { ret = -EINVAL; goto out; } @@ -1617,7 +1617,7 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, unsigned int nbytes; const struct ecc_curve *curve = ecc_get_curve(curve_id); - if (!private_key || !public_key || !curve || + if (!private_key || !public_key || ndigits > ARRAY_SIZE(priv) || ndigits > ARRAY_SIZE(rand_z)) { ret = -EINVAL; goto out;
With the current state of the code, ecc_get_curve() cannot return NULL in crypto_ecdh_shared_secret() and ecc_make_pub_key(). This is conditioned by the fact that they are only called from ecdh_compute_value(), which implements the kpp_alg::{generate_public_key,compute_shared_secret}() methods. Also ecdh implements the kpp_alg::init() method, which is called before the other methods and sets ecdh_ctx::curve_id to a valid value. Signed-off-by: Roman Smirnov <r.smirnov@omp.ru> Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru> --- crypto/ecc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)