Eric Biggers wrote:
> From: Eric Biggers
>
> In rsa_get_n(), if the buffer contained all 0's and "FIPS mode" is
> enabled, we would read one byte past the end of the buffer while
> scanning the leading zeroes. Fix it by checking 'n_sz' before '!*ptr'.
>
> This bug was reachable by adding a spe
On Tue, Nov 28, 2017 at 10:54:32AM +, David Howells wrote:
> Hi Herbert,
>
> Are you going to take this?
Yes it's in my queue.
Thanks,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Eric Biggers wrote:
> In rsa_get_n(), if the buffer contained all 0's and "FIPS mode" is
> enabled, we would read one byte past the end of the buffer while
> scanning the leading zeroes. Fix it by checking 'n_sz' before '!*ptr'.
Reviewed-by: David Howells
Hi Herbert,
Are you going to take this?
David
On Sun, 26 Nov 2017, Eric Biggers wrote:
> Fixes: 5a7de97309f5 ("crypto: rsa - return raw integers for the ASN.1 parser")
> Cc: # v4.8+
> Cc: Tudor Ambarus
> Signed-off-by: Eric Biggers
> ---
> crypto/rsa_helper.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/crypto
From: Eric Biggers
In rsa_get_n(), if the buffer contained all 0's and "FIPS mode" is
enabled, we would read one byte past the end of the buffer while
scanning the leading zeroes. Fix it by checking 'n_sz' before '!*ptr'.
This bug was reachable by adding a specially crafted key of type
"asymmet
