linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 22:02:02 +00:00

History

zhenwei pi cfdd25cd42 crypto: public_key: fix overflow during implicit conversion commit `f985911b7b` upstream. Hit kernel warning like this, it can be reproduced by verifying 256 bytes datafile by keyctl command, run script: RAWDATA=rawdata SIGDATA=sigdata modprobe pkcs8_key_parser rm -rf .der .pem *.pfx rm -rf $RAWDATA dd if=/dev/random of=$RAWDATA bs=256 count=1 openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem \ -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=xx.com/emailAddress=yy@xx.com" KEY_ID=`openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER \| keyctl \ padd asymmetric 123 @s` keyctl pkey_sign $KEY_ID 0 $RAWDATA enc=pkcs1 hash=sha1 > $SIGDATA keyctl pkey_verify $KEY_ID 0 $RAWDATA $SIGDATA enc=pkcs1 hash=sha1 Then the kernel reports: WARNING: CPU: 5 PID: 344556 at crypto/rsa-pkcs1pad.c:540 pkcs1pad_verify+0x160/0x190 ... Call Trace: public_key_verify_signature+0x282/0x380 ? software_key_query+0x12d/0x180 ? keyctl_pkey_params_get+0xd6/0x130 asymmetric_key_verify_signature+0x66/0x80 keyctl_pkey_verify+0xa5/0x100 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae The reason of this issue, in function 'asymmetric_key_verify_signature': '.digest_size(u8) = params->in_len(u32)' leads overflow of an u8 value, so use u32 instead of u8 for digest_size field. And reorder struct public_key_signature, it saves 8 bytes on a 64-bit machine. Cc: stable@vger.kernel.org Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2021-09-22 12:26:21 +02:00
..
internal	crypto: shash - avoid comparing pointers to exported functions under CFI	2021-07-14 16:53:13 +02:00
acompress.h	crypto: api - check for ERR pointers in crypto_destroy_tfm()	2021-05-11 14:04:05 +02:00
aead.h	crypto: api - check for ERR pointers in crypto_destroy_tfm()	2021-05-11 14:04:05 +02:00
aes.h
akcipher.h	crypto: api - check for ERR pointers in crypto_destroy_tfm()	2021-05-11 14:04:05 +02:00
algapi.h
arc4.h
asym_tpm_subtype.h
authenc.h
b128ops.h
blowfish.h
cast5.h
cast6.h	crypto: x86 - Regularize glue function prototypes	2021-03-20 10:39:47 +01:00
cast_common.h
cbc.h
chacha.h
cryptd.h
ctr.h
des.h
dh.h
drbg.h
ecdh.h
engine.h
gcm.h
gf128mul.h
ghash.h
hash.h	crypto: api - check for ERR pointers in crypto_destroy_tfm()	2021-05-11 14:04:05 +02:00
hash_info.h
hmac.h
if_alg.h	crypto: algif_aead - Only wake up when ctx->more is zero	2020-08-21 13:05:30 +02:00
kpp.h	crypto: api - check for ERR pointers in crypto_destroy_tfm()	2021-05-11 14:04:05 +02:00
md5.h
nhpoly1305.h
null.h
padlock.h
pcrypt.h
pkcs7.h
poly1305.h
public_key.h	crypto: public_key: fix overflow during implicit conversion	2021-09-22 12:26:21 +02:00
rng.h	crypto: api - check for ERR pointers in crypto_destroy_tfm()	2021-05-11 14:04:05 +02:00
scatterwalk.h
serpent.h	crypto: x86 - Regularize glue function prototypes	2021-03-20 10:39:47 +01:00
sha.h
sha1_base.h
sha3.h
sha256_base.h
sha512_base.h
skcipher.h	crypto: api - check for ERR pointers in crypto_destroy_tfm()	2021-05-11 14:04:05 +02:00
sm3.h
sm3_base.h
sm4.h
streebog.h
twofish.h
xts.h	crypto: x86 - Regularize glue function prototypes	2021-03-20 10:39:47 +01:00