ACK: [SRU][X/master][pull-req] CVE-2018-5383: Bluetooth info leak

Connor Kuehl connor.kuehl at canonical.com
Mon Jul 22 18:20:51 UTC 2019 

On 7/17/19 7:21 AM, Paolo Pisati wrote:
> Bluetooth firmware or operating system software drivers may not sufficiently
> validate elliptic curve parameters used to generate public keys during a
> Diffie-Hellman key exchange, which may allow a remote attacker to obtain the
> encryption key used by the device.
> 
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5383.html
> 
> According to Intel, linux-4.4.y is affected, but backporting the upstream fix
> was not feasible (net/bluetooth/ecc.c, that is shipped in 4.4, has a different
> provenance than crypto/ecc.c, that is the recent upstream implementation).
> Linux 4.12+ completely removed net/blueooth/ecc.c and replaced it with the
> crypto module ecdh (the one that received the cve fix upstream), and this is a
> backport of that crypto module (plus all the necessary commits to make the
> backport apply cleanly), and the actual cve fix.
> 
> The result is a clean cherry-pick from upstream (with some mechanical
> modification), tested on a Xenial amd64 box, succesfully connecting it via
> bluetooth to several devices (audio, hid, mobile) and exhanging different data
> streams (audio, files, etc).
> 
> The following changes since commit 3693aaff5f5b24a250ecb936f320d0a5849bf62b:
> 
>   UBUNTU: Ubuntu-4.4.0-143.169 (2019-02-06 10:39:59 +0000)
> 
> are available in the git repository at:
> 
>   git://git.launchpad.net/~p-pisati/ubuntu/+source/linux 7a716e4ece23d2d9f86aa58d45500df7429fd2b3
> 
> for you to fetch changes up to 7a716e4ece23d2d9f86aa58d45500df7429fd2b3:
> 
>   crypto: ecdh - add public key verification test (2019-07-17 13:52:51 +0000)
> 
> ----------------------------------------------------------------
> Paolo Pisati (1):
>       UBUNTU: [Config] CRYPTO_ECDH=m
> 
> Pierre (1):
>       crypto: ecc - Fix NULL pointer deref. on no default_rng
> 
> Salvatore Benedetto (4):
>       crypto: kpp - Key-agreement Protocol Primitives API (KPP)
>       crypto: dh - Add DH software implementation
>       crypto: ecdh - Add ECDH software support
>       Bluetooth: convert smp and selftest to crypto kpp API
> 
> Stephan Mueller (2):
>       crypto: doc - add KPP documentation
>       crypto: ecdh - add public key verification test
> 
> Stephen Rothwell (1):
>       crypto: ecdh - make ecdh_shared_secret unique
> 
> Tudor-Dan Ambarus (5):
>       crypto: kpp, (ec)dh - fix typos
>       crypto: ecc - remove unused function arguments
>       crypto: ecc - remove unnecessary casts
>       crypto: ecc - rename ecdh_make_pub_key()
>       crypto: ecdh - add privkey generation support
> 
>  Documentation/crypto/api-kpp.rst          |   92 +++
>  crypto/Kconfig                            |   24 +
>  crypto/Makefile                           |   10 +
>  crypto/crypto_user.c                      |   20 +
>  crypto/dh.c                               |  189 +++++
>  crypto/dh_helper.c                        |   95 +++
>  crypto/ecc.c                              | 1104 +++++++++++++++++++++++++++++
>  crypto/ecc.h                              |   92 +++
>  crypto/ecc_curve_defs.h                   |   71 ++
>  crypto/ecdh.c                             |  153 ++++
>  crypto/ecdh_helper.c                      |   86 +++
>  crypto/kpp.c                              |  123 ++++
>  crypto/testmgr.c                          |  154 ++++
>  crypto/testmgr.h                          |  323 +++++++++
>  debian.master/config/config.common.ubuntu |    3 +
>  include/crypto/dh.h                       |   87 +++
>  include/crypto/ecdh.h                     |   88 +++
>  include/crypto/internal/kpp.h             |   64 ++
>  include/crypto/kpp.h                      |  339 +++++++++
>  include/linux/crypto.h                    |    1 +
>  include/uapi/linux/cryptouser.h           |    5 +
>  net/bluetooth/Kconfig                     |    1 +
>  net/bluetooth/Makefile                    |    2 +-
>  net/bluetooth/ecc.c                       |  816 ---------------------
>  net/bluetooth/ecc.h                       |   54 --
>  net/bluetooth/ecdh_helper.c               |  223 ++++++
>  net/bluetooth/ecdh_helper.h               |   27 +
>  net/bluetooth/selftest.c                  |    6 +-
>  net/bluetooth/smp.c                       |    8 +-
>  29 files changed, 3382 insertions(+), 878 deletions(-)
>  create mode 100644 Documentation/crypto/api-kpp.rst
>  create mode 100644 crypto/dh.c
>  create mode 100644 crypto/dh_helper.c
>  create mode 100644 crypto/ecc.c
>  create mode 100644 crypto/ecc.h
>  create mode 100644 crypto/ecc_curve_defs.h
>  create mode 100644 crypto/ecdh.c
>  create mode 100644 crypto/ecdh_helper.c
>  create mode 100644 crypto/kpp.c
>  create mode 100644 include/crypto/dh.h
>  create mode 100644 include/crypto/ecdh.h
>  create mode 100644 include/crypto/internal/kpp.h
>  create mode 100644 include/crypto/kpp.h
>  delete mode 100644 net/bluetooth/ecc.c
>  delete mode 100644 net/bluetooth/ecc.h
>  create mode 100644 net/bluetooth/ecdh_helper.c
>  create mode 100644 net/bluetooth/ecdh_helper.h
> 

Acked-by: Connor Kuehl <connor.kuehl at canonical.com>

More information about the kernel-team mailing list