Re: [RESEND] crypto: public_key: fix overflow during implicit conversion

From: Jarkko Sakkinen
Date: Thu Aug 19 2021 - 08:54:09 EST

Next message: THOBY Simon: "Re: [PATCH] ima: fix infinite loop within "ima_match_policy" function."
Previous message: Steven Rostedt: "Re: [PATCH v7 08/10] tracing: Add a probe that attaches to trace events"
In reply to: zhenwei pi: "[RESEND] crypto: public_key: fix overflow during implicit conversion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2021-08-19 at 20:37 +0800, zhenwei pi wrote:
> Hit kernel warning like this, it can be reproduced by verifying 256
> bytes datafile by keyctl command, run script:
> RAWDATA=rawdata
> SIGDATA=sigdata
>
> modprobe pkcs8_key_parser
>
> rm -rf *.der *.pem *.pfx
> rm -rf $RAWDATA
> dd if=/dev/random of=$RAWDATA bs=256 count=1
>
> openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem \
> -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=xx.com/emailAddress=yy@xxxxxx"
>
> KEY_ID=`openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER | keyctl \
> padd asymmetric 123 @s`
>
> keyctl pkey_sign $KEY_ID 0 $RAWDATA enc=pkcs1 hash=sha1 > $SIGDATA
> keyctl pkey_verify $KEY_ID 0 $RAWDATA $SIGDATA enc=pkcs1 hash=sha1
>
> Then the kernel reports:
> WARNING: CPU: 5 PID: 344556 at crypto/rsa-pkcs1pad.c:540
> pkcs1pad_verify+0x160/0x190
> ...
> Call Trace:
> public_key_verify_signature+0x282/0x380
> ? software_key_query+0x12d/0x180
> ? keyctl_pkey_params_get+0xd6/0x130
> asymmetric_key_verify_signature+0x66/0x80
> keyctl_pkey_verify+0xa5/0x100
> do_syscall_64+0x35/0xb0
> entry_SYSCALL_64_after_hwframe+0x44/0xae
>
> The reason of this issue, in function 'asymmetric_key_verify_signature':
> '.digest_size(u8) = params->in_len(u32)' leads overflow of an u8 value,
> so use u32 instead of u8 for digest_size field. And reorder struct
> public_key_signature, it saves 8 bytes on a 64-bit machine.
>
> Thanks to Jarkko Sakkinen for suggestions.

I appreciate this but since it is not relevant for the commit message,
I have to rip it off :-)

Reviewed-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>

/Jarkko

> Signed-off-by: zhenwei pi <pizhenwei@xxxxxxxxxxxxx>
> ---
> include/crypto/public_key.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
> index 47accec68cb0..f603325c0c30 100644
> --- a/include/crypto/public_key.h
> +++ b/include/crypto/public_key.h
> @@ -38,9 +38,9 @@ extern void public_key_free(struct public_key *key);
> struct public_key_signature {
> struct asymmetric_key_id *auth_ids[2];
> u8 *s; /* Signature */
> - u32 s_size; /* Number of bytes in signature */
> u8 *digest;
> - u8 digest_size; /* Number of bytes in digest */
> + u32 s_size; /* Number of bytes in signature */
> + u32 digest_size; /* Number of bytes in digest */
> const char *pkey_algo;
> const char *hash_algo;
> const char *encoding;

Next message: THOBY Simon: "Re: [PATCH] ima: fix infinite loop within "ima_match_policy" function."
Previous message: Steven Rostedt: "Re: [PATCH v7 08/10] tracing: Add a probe that attaches to trace events"
In reply to: zhenwei pi: "[RESEND] crypto: public_key: fix overflow during implicit conversion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]