LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] lib/mpi: use kcalloc in mpi_resize
@ 2021-08-05  8:53 Hongbo Li
  2021-08-12 11:36 ` Herbert Xu
  0 siblings, 1 reply; 2+ messages in thread
From: Hongbo Li @ 2021-08-05  8:53 UTC (permalink / raw)
  To: linux-crypto, herbert, ebiggers, herberthbli; +Cc: linux-kernel

From: Hongbo Li <herberthbli@tencent.com>

We should set the additional space to 0 in mpi_resize().
So use kcalloc() instead of kmalloc_array().

In lib/mpi/ec.c:
/****************
 * Resize the array of A to NLIMBS. the additional space is cleared
 * (set to 0) [done by m_realloc()]
 */
int mpi_resize(MPI a, unsigned nlimbs)

Like the comment of kernel's mpi_resize() said, the additional space
need to be set to 0, but when a->d is not NULL, it does not set.

The kernel's mpi lib is from libgcrypt, the mpi resize in libgcrypt
is _gcry_mpi_resize() which set the additional space to 0.

This bug may cause mpi api which use mpi_resize() get wrong result
under the condition of using the additional space without initiation.
If this condition is not met, the bug would not be triggered.
Currently in kernel, rsa, sm2 and dh use mpi lib, and they works well,
so the bug is not triggered in these cases.

add_points_edwards() use the additional space directly, so it will
get a wrong result.

Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)")
Signed-off-by: Hongbo Li <herberthbli@tencent.com>
---
 lib/mpi/mpiutil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/mpi/mpiutil.c b/lib/mpi/mpiutil.c
index 3c63710..e6c4b31 100644
--- a/lib/mpi/mpiutil.c
+++ b/lib/mpi/mpiutil.c
@@ -148,7 +148,7 @@ int mpi_resize(MPI a, unsigned nlimbs)
 		return 0;	/* no need to do it */
 
 	if (a->d) {
-		p = kmalloc_array(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL);
+		p = kcalloc(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL);
 		if (!p)
 			return -ENOMEM;
 		memcpy(p, a->d, a->alloced * sizeof(mpi_limb_t));
-- 
1.8.3.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] lib/mpi: use kcalloc in mpi_resize
  2021-08-05  8:53 [PATCH] lib/mpi: use kcalloc in mpi_resize Hongbo Li
@ 2021-08-12 11:36 ` Herbert Xu
  0 siblings, 0 replies; 2+ messages in thread
From: Herbert Xu @ 2021-08-12 11:36 UTC (permalink / raw)
  To: Hongbo Li; +Cc: linux-crypto, ebiggers, herberthbli, linux-kernel

On Thu, Aug 05, 2021 at 04:53:32PM +0800, Hongbo Li wrote:
> From: Hongbo Li <herberthbli@tencent.com>
> 
> We should set the additional space to 0 in mpi_resize().
> So use kcalloc() instead of kmalloc_array().
> 
> In lib/mpi/ec.c:
> /****************
>  * Resize the array of A to NLIMBS. the additional space is cleared
>  * (set to 0) [done by m_realloc()]
>  */
> int mpi_resize(MPI a, unsigned nlimbs)
> 
> Like the comment of kernel's mpi_resize() said, the additional space
> need to be set to 0, but when a->d is not NULL, it does not set.
> 
> The kernel's mpi lib is from libgcrypt, the mpi resize in libgcrypt
> is _gcry_mpi_resize() which set the additional space to 0.
> 
> This bug may cause mpi api which use mpi_resize() get wrong result
> under the condition of using the additional space without initiation.
> If this condition is not met, the bug would not be triggered.
> Currently in kernel, rsa, sm2 and dh use mpi lib, and they works well,
> so the bug is not triggered in these cases.
> 
> add_points_edwards() use the additional space directly, so it will
> get a wrong result.
> 
> Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)")
> Signed-off-by: Hongbo Li <herberthbli@tencent.com>
> ---
>  lib/mpi/mpiutil.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-08-12 11:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-05  8:53 [PATCH] lib/mpi: use kcalloc in mpi_resize Hongbo Li
2021-08-12 11:36 ` Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).