| Message ID | 20210819123710.1170050-1-pizhenwei@bytedance.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | [RESEND] crypto: public_key: fix overflow during implicit conversion | expand |
On Thu, 2021-08-19 at 20:37 +0800, zhenwei pi wrote: > Hit kernel warning like this, it can be reproduced by verifying 256 > bytes datafile by keyctl command, run script: > RAWDATA=rawdata > SIGDATA=sigdata > > modprobe pkcs8_key_parser > > rm -rf *.der *.pem *.pfx > rm -rf $RAWDATA > dd if=/dev/random of=$RAWDATA bs=256 count=1 > > openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem \ > -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=xx.com/emailAddress=yy@xx.com" > > KEY_ID=`openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER | keyctl \ > padd asymmetric 123 @s` > > keyctl pkey_sign $KEY_ID 0 $RAWDATA enc=pkcs1 hash=sha1 > $SIGDATA > keyctl pkey_verify $KEY_ID 0 $RAWDATA $SIGDATA enc=pkcs1 hash=sha1 > > Then the kernel reports: > WARNING: CPU: 5 PID: 344556 at crypto/rsa-pkcs1pad.c:540 > pkcs1pad_verify+0x160/0x190 > ... > Call Trace: > public_key_verify_signature+0x282/0x380 > ? software_key_query+0x12d/0x180 > ? keyctl_pkey_params_get+0xd6/0x130 > asymmetric_key_verify_signature+0x66/0x80 > keyctl_pkey_verify+0xa5/0x100 > do_syscall_64+0x35/0xb0 > entry_SYSCALL_64_after_hwframe+0x44/0xae > > The reason of this issue, in function 'asymmetric_key_verify_signature': > '.digest_size(u8) = params->in_len(u32)' leads overflow of an u8 value, > so use u32 instead of u8 for digest_size field. And reorder struct > public_key_signature, it saves 8 bytes on a 64-bit machine. > > Thanks to Jarkko Sakkinen for suggestions. I appreciate this but since it is not relevant for the commit message, I have to rip it off :-) Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> /Jarkko > Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> > --- > include/crypto/public_key.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h > index 47accec68cb0..f603325c0c30 100644 > --- a/include/crypto/public_key.h > +++ b/include/crypto/public_key.h > @@ -38,9 +38,9 @@ extern void public_key_free(struct public_key *key); > struct public_key_signature { > struct asymmetric_key_id *auth_ids[2]; > u8 *s; /* Signature */ > - u32 s_size; /* Number of bytes in signature */ > u8 *digest; > - u8 digest_size; /* Number of bytes in digest */ > + u32 s_size; /* Number of bytes in signature */ > + u32 digest_size; /* Number of bytes in digest */ > const char *pkey_algo; > const char *hash_algo; > const char *encoding;
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 47accec68cb0..f603325c0c30 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -38,9 +38,9 @@ extern void public_key_free(struct public_key *key); struct public_key_signature { struct asymmetric_key_id *auth_ids[2]; u8 *s; /* Signature */ - u32 s_size; /* Number of bytes in signature */ u8 *digest; - u8 digest_size; /* Number of bytes in digest */ + u32 s_size; /* Number of bytes in signature */ + u32 digest_size; /* Number of bytes in digest */ const char *pkey_algo; const char *hash_algo; const char *encoding;
Hit kernel warning like this, it can be reproduced by verifying 256 bytes datafile by keyctl command, run script: RAWDATA=rawdata SIGDATA=sigdata modprobe pkcs8_key_parser rm -rf *.der *.pem *.pfx rm -rf $RAWDATA dd if=/dev/random of=$RAWDATA bs=256 count=1 openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem \ -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=xx.com/emailAddress=yy@xx.com" KEY_ID=`openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER | keyctl \ padd asymmetric 123 @s` keyctl pkey_sign $KEY_ID 0 $RAWDATA enc=pkcs1 hash=sha1 > $SIGDATA keyctl pkey_verify $KEY_ID 0 $RAWDATA $SIGDATA enc=pkcs1 hash=sha1 Then the kernel reports: WARNING: CPU: 5 PID: 344556 at crypto/rsa-pkcs1pad.c:540 pkcs1pad_verify+0x160/0x190 ... Call Trace: public_key_verify_signature+0x282/0x380 ? software_key_query+0x12d/0x180 ? keyctl_pkey_params_get+0xd6/0x130 asymmetric_key_verify_signature+0x66/0x80 keyctl_pkey_verify+0xa5/0x100 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae The reason of this issue, in function 'asymmetric_key_verify_signature': '.digest_size(u8) = params->in_len(u32)' leads overflow of an u8 value, so use u32 instead of u8 for digest_size field. And reorder struct public_key_signature, it saves 8 bytes on a 64-bit machine. Thanks to Jarkko Sakkinen for suggestions. Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- include/crypto/public_key.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)