kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-xiaomi-chiron/include
History
zhenwei pi f985911b7b crypto: public_key: fix overflow during implicit conversion 
Hit kernel warning like this, it can be reproduced by verifying 256
bytes datafile by keyctl command, run script:
RAWDATA=rawdata
SIGDATA=sigdata

modprobe pkcs8_key_parser

rm -rf *.der *.pem *.pfx
rm -rf $RAWDATA
dd if=/dev/random of=$RAWDATA bs=256 count=1

openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem \
  -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=xx.com/emailAddress=yy@xx.com"

KEY_ID=`openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER | keyctl \
  padd asymmetric 123 @s`

keyctl pkey_sign $KEY_ID 0 $RAWDATA enc=pkcs1 hash=sha1 > $SIGDATA
keyctl pkey_verify $KEY_ID 0 $RAWDATA $SIGDATA enc=pkcs1 hash=sha1

Then the kernel reports:
 WARNING: CPU: 5 PID: 344556 at crypto/rsa-pkcs1pad.c:540
   pkcs1pad_verify+0x160/0x190
 ...
 Call Trace:
  public_key_verify_signature+0x282/0x380
  ? software_key_query+0x12d/0x180
  ? keyctl_pkey_params_get+0xd6/0x130
  asymmetric_key_verify_signature+0x66/0x80
  keyctl_pkey_verify+0xa5/0x100
  do_syscall_64+0x35/0xb0
  entry_SYSCALL_64_after_hwframe+0x44/0xae

The reason of this issue, in function 'asymmetric_key_verify_signature':
'.digest_size(u8) = params->in_len(u32)' leads overflow of an u8 value,
so use u32 instead of u8 for digest_size field. And reorder struct
public_key_signature, it saves 8 bytes on a 64-bit machine.

Cc: stable@vger.kernel.org
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2021-08-23 20:25:24 +03:00
..
acpi ACPI: fix NULL pointer dereference 2021-07-24 15:25:54 -07:00
asm-generic vmlinux.lds.h: Handle clang's module.{c,d}tor sections 2021-08-11 12:19:58 -07:00
clocksource clocksource/drivers/timer-ti-dm: Save and restore timer TIOCP_CFG 2021-06-15 14:14:14 +02:00
crypto crypto: public_key: fix overflow during implicit conversion 2021-08-23 20:25:24 +03:00
drm drm: Return -ENOTTY for non-drm ioctls 2021-07-20 15:57:43 +02:00
dt-bindings dt-bindings: clock: r9a07g044-cpg: Update clock/reset definitions 2021-07-12 10:52:03 +02:00
keys
kunit linux-kselftest-kunit-fixes-5.14-rc1 2021-07-02 12:58:26 -07:00
kvm KVM: arm64: vgic: Implement SW-driven deactivation 2021-06-01 10:46:00 +01:00
linux Merge branch 'akpm' (patches from Andrew) 2021-08-20 13:08:56 -07:00
math-emu math-emu: Fix fall-through warning 2021-07-13 13:57:44 -05:00
media media: Fix Media Controller API config checks 2021-06-24 14:26:00 +02:00
memory memory: renesas-rpc-if: correct whitespace 2021-06-03 13:12:37 +02:00
misc
net Revert "flow_offload: action should not be NULL when it is referenced" 2021-08-19 10:00:38 -07:00
pcmcia
ras
rdma IB/core: Shuffle locks in ib_port_data to save memory 2021-06-21 20:49:32 -03:00
scsi SCSI misc on 20210702 2021-07-02 15:14:36 -07:00
soc Memory controller drivers for v5.14 - Tegra SoC, late fixes 2021-07-16 22:51:01 +02:00
sound ASoC: Fixes for v5.14 2021-07-21 19:48:09 +02:00
target scsi: target: core: Add configurable IEEE Company ID attribute 2021-05-15 14:14:28 -04:00
trace mmflags.h: add missing __GFP_ZEROTAGS and __GFP_SKIP_KASAN_POISON names 2021-08-20 11:31:42 -07:00
uapi net: bridge: fix flags interpretation for extern learn fdb entries 2021-08-10 11:29:39 -07:00
vdso
video gpu: ipu-v3: Add Rec.709 limited range support to DP 2021-05-10 17:20:29 +02:00
xen xen: sync include/xen/interface/io/ring.h with Xen's newest version 2021-07-05 09:49:45 +02:00