mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-06 08:46:46 +00:00
Asymmetric keys fix for v6.4-rc5
Here is a small fix to make an unconditional copy of the buffer passed to crypto operations, to take into account the case of the stack not in the linear mapping area. It has been tested and verified to fix the bug. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEET37nTLf1dvVbFDawFAq+TsLIwHwFAmR5+m0ACgkQFAq+TsLI wHxEfQv+MJgxUJQT4PLVWjhI2Qi/ARmCaLf7MvJwJz7tjiw+Ph/L1rFDozMpWJD/ aKL0Mo4vEY1m6ibLk694ordpdESBvsY/O2YPmZ1NeGepN0m13R9gRHJ6K/PHAgDP ZkNf98QWY+oE5OcTrfeWmRQTR54Us46Gajmh9jAnzA5kODeDDyIImIPn3ihfcY9L m/PdgP9EhPerVSG6mWqIeJQL+5fuLHixeu0wcdS+11AB9nCARv0Gheo81lQc/W7d NAa4KxHOv9IsOkCTNRX/CsKfGmHKQjy8TMAmcEwoMlxjCHHxwUEb7tHM92IOjVNY EWLlbeCZfzlFQp8RkYGUGmYrial/O7vQyg22UpLNXZsHsf/38L8NyqPRDY7XYM52 oXrMZMTNHd0I6X9sp71V592G983JVqd62VYNpNQxScD35aqSuhreFOM8p0EVsoYD b5npXM0MWwbEZ4T+AHFhNObhp0R+ytZnpC1RTI0gajfdMRP4ZhGfv37ZErNI4yW+ pzyhHUyJ =DveW -----END PGP SIGNATURE----- Merge tag 'asym-keys-fix-for-linus-v6.4-rc5' of https://github.com/robertosassu/linux Pull asymmetric keys fix from Roberto Sassu: "Here is a small fix to make an unconditional copy of the buffer passed to crypto operations, to take into account the case of the stack not in the linear mapping area. It has been tested and verified to fix the bug" Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David Howells <dhowells@redhat.com> * tag 'asym-keys-fix-for-linus-v6.4-rc5' of https://github.com/robertosassu/linux: KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
This commit is contained in:
commit
f8dba31b0a
1 changed files with 21 additions and 17 deletions
|
@ -380,9 +380,10 @@ int public_key_verify_signature(const struct public_key *pkey,
|
|||
struct crypto_wait cwait;
|
||||
struct crypto_akcipher *tfm;
|
||||
struct akcipher_request *req;
|
||||
struct scatterlist src_sg[2];
|
||||
struct scatterlist src_sg;
|
||||
char alg_name[CRYPTO_MAX_ALG_NAME];
|
||||
char *key, *ptr;
|
||||
char *buf, *ptr;
|
||||
size_t buf_len;
|
||||
int ret;
|
||||
|
||||
pr_devel("==>%s()\n", __func__);
|
||||
|
@ -420,34 +421,37 @@ int public_key_verify_signature(const struct public_key *pkey,
|
|||
if (!req)
|
||||
goto error_free_tfm;
|
||||
|
||||
key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
|
||||
GFP_KERNEL);
|
||||
if (!key)
|
||||
buf_len = max_t(size_t, pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
|
||||
sig->s_size + sig->digest_size);
|
||||
|
||||
buf = kmalloc(buf_len, GFP_KERNEL);
|
||||
if (!buf)
|
||||
goto error_free_req;
|
||||
|
||||
memcpy(key, pkey->key, pkey->keylen);
|
||||
ptr = key + pkey->keylen;
|
||||
memcpy(buf, pkey->key, pkey->keylen);
|
||||
ptr = buf + pkey->keylen;
|
||||
ptr = pkey_pack_u32(ptr, pkey->algo);
|
||||
ptr = pkey_pack_u32(ptr, pkey->paramlen);
|
||||
memcpy(ptr, pkey->params, pkey->paramlen);
|
||||
|
||||
if (pkey->key_is_private)
|
||||
ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
|
||||
ret = crypto_akcipher_set_priv_key(tfm, buf, pkey->keylen);
|
||||
else
|
||||
ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
|
||||
ret = crypto_akcipher_set_pub_key(tfm, buf, pkey->keylen);
|
||||
if (ret)
|
||||
goto error_free_key;
|
||||
goto error_free_buf;
|
||||
|
||||
if (strcmp(pkey->pkey_algo, "sm2") == 0 && sig->data_size) {
|
||||
ret = cert_sig_digest_update(sig, tfm);
|
||||
if (ret)
|
||||
goto error_free_key;
|
||||
goto error_free_buf;
|
||||
}
|
||||
|
||||
sg_init_table(src_sg, 2);
|
||||
sg_set_buf(&src_sg[0], sig->s, sig->s_size);
|
||||
sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
|
||||
akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
|
||||
memcpy(buf, sig->s, sig->s_size);
|
||||
memcpy(buf + sig->s_size, sig->digest, sig->digest_size);
|
||||
|
||||
sg_init_one(&src_sg, buf, sig->s_size + sig->digest_size);
|
||||
akcipher_request_set_crypt(req, &src_sg, NULL, sig->s_size,
|
||||
sig->digest_size);
|
||||
crypto_init_wait(&cwait);
|
||||
akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
|
||||
|
@ -455,8 +459,8 @@ int public_key_verify_signature(const struct public_key *pkey,
|
|||
crypto_req_done, &cwait);
|
||||
ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
|
||||
|
||||
error_free_key:
|
||||
kfree(key);
|
||||
error_free_buf:
|
||||
kfree(buf);
|
||||
error_free_req:
|
||||
akcipher_request_free(req);
|
||||
error_free_tfm:
|
||||
|
|
Loading…
Reference in a new issue