LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [RESEND] crypto: public_key: fix overflow during implicit conversion
@ 2021-08-19 12:37 zhenwei pi
  2021-08-19 12:54 ` Jarkko Sakkinen
  0 siblings, 1 reply; 2+ messages in thread
From: zhenwei pi @ 2021-08-19 12:37 UTC (permalink / raw)
  To: jarkko
  Cc: dhowells, herbert, davem, keyrings, linux-crypto, linux-kernel,
	zhenwei pi

Hit kernel warning like this, it can be reproduced by verifying 256
bytes datafile by keyctl command, run script:
RAWDATA=rawdata
SIGDATA=sigdata

modprobe pkcs8_key_parser

rm -rf *.der *.pem *.pfx
rm -rf $RAWDATA
dd if=/dev/random of=$RAWDATA bs=256 count=1

openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem \
  -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=xx.com/emailAddress=yy@xx.com"

KEY_ID=`openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER | keyctl \
  padd asymmetric 123 @s`

keyctl pkey_sign $KEY_ID 0 $RAWDATA enc=pkcs1 hash=sha1 > $SIGDATA
keyctl pkey_verify $KEY_ID 0 $RAWDATA $SIGDATA enc=pkcs1 hash=sha1

Then the kernel reports:
 WARNING: CPU: 5 PID: 344556 at crypto/rsa-pkcs1pad.c:540
   pkcs1pad_verify+0x160/0x190
 ...
 Call Trace:
  public_key_verify_signature+0x282/0x380
  ? software_key_query+0x12d/0x180
  ? keyctl_pkey_params_get+0xd6/0x130
  asymmetric_key_verify_signature+0x66/0x80
  keyctl_pkey_verify+0xa5/0x100
  do_syscall_64+0x35/0xb0
  entry_SYSCALL_64_after_hwframe+0x44/0xae

The reason of this issue, in function 'asymmetric_key_verify_signature':
'.digest_size(u8) = params->in_len(u32)' leads overflow of an u8 value,
so use u32 instead of u8 for digest_size field. And reorder struct
public_key_signature, it saves 8 bytes on a 64-bit machine.

Thanks to Jarkko Sakkinen for suggestions.

Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
---
 include/crypto/public_key.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 47accec68cb0..f603325c0c30 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -38,9 +38,9 @@ extern void public_key_free(struct public_key *key);
 struct public_key_signature {
 	struct asymmetric_key_id *auth_ids[2];
 	u8 *s;			/* Signature */
-	u32 s_size;		/* Number of bytes in signature */
 	u8 *digest;
-	u8 digest_size;		/* Number of bytes in digest */
+	u32 s_size;		/* Number of bytes in signature */
+	u32 digest_size;	/* Number of bytes in digest */
 	const char *pkey_algo;
 	const char *hash_algo;
 	const char *encoding;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [RESEND] crypto: public_key: fix overflow during implicit conversion
  2021-08-19 12:37 [RESEND] crypto: public_key: fix overflow during implicit conversion zhenwei pi
@ 2021-08-19 12:54 ` Jarkko Sakkinen
  0 siblings, 0 replies; 2+ messages in thread
From: Jarkko Sakkinen @ 2021-08-19 12:54 UTC (permalink / raw)
  To: zhenwei pi; +Cc: dhowells, herbert, davem, keyrings, linux-crypto, linux-kernel

On Thu, 2021-08-19 at 20:37 +0800, zhenwei pi wrote:
> Hit kernel warning like this, it can be reproduced by verifying 256
> bytes datafile by keyctl command, run script:
> RAWDATA=rawdata
> SIGDATA=sigdata
> 
> modprobe pkcs8_key_parser
> 
> rm -rf *.der *.pem *.pfx
> rm -rf $RAWDATA
> dd if=/dev/random of=$RAWDATA bs=256 count=1
> 
> openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem \
>   -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=xx.com/emailAddress=yy@xx.com"
> 
> KEY_ID=`openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER | keyctl \
>   padd asymmetric 123 @s`
> 
> keyctl pkey_sign $KEY_ID 0 $RAWDATA enc=pkcs1 hash=sha1 > $SIGDATA
> keyctl pkey_verify $KEY_ID 0 $RAWDATA $SIGDATA enc=pkcs1 hash=sha1
> 
> Then the kernel reports:
>  WARNING: CPU: 5 PID: 344556 at crypto/rsa-pkcs1pad.c:540
>    pkcs1pad_verify+0x160/0x190
>  ...
>  Call Trace:
>   public_key_verify_signature+0x282/0x380
>   ? software_key_query+0x12d/0x180
>   ? keyctl_pkey_params_get+0xd6/0x130
>   asymmetric_key_verify_signature+0x66/0x80
>   keyctl_pkey_verify+0xa5/0x100
>   do_syscall_64+0x35/0xb0
>   entry_SYSCALL_64_after_hwframe+0x44/0xae
> 
> The reason of this issue, in function 'asymmetric_key_verify_signature':
> '.digest_size(u8) = params->in_len(u32)' leads overflow of an u8 value,
> so use u32 instead of u8 for digest_size field. And reorder struct
> public_key_signature, it saves 8 bytes on a 64-bit machine.
> 
> Thanks to Jarkko Sakkinen for suggestions.

I appreciate this but since it is not relevant for the commit message,
I have to rip it off :-)

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

/Jarkko

> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> ---
>  include/crypto/public_key.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
> index 47accec68cb0..f603325c0c30 100644
> --- a/include/crypto/public_key.h
> +++ b/include/crypto/public_key.h
> @@ -38,9 +38,9 @@ extern void public_key_free(struct public_key *key);
>  struct public_key_signature {
>  	struct asymmetric_key_id *auth_ids[2];
>  	u8 *s;			/* Signature */
> -	u32 s_size;		/* Number of bytes in signature */
>  	u8 *digest;
> -	u8 digest_size;		/* Number of bytes in digest */
> +	u32 s_size;		/* Number of bytes in signature */
> +	u32 digest_size;	/* Number of bytes in digest */
>  	const char *pkey_algo;
>  	const char *hash_algo;
>  	const char *encoding;


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-08-19 12:54 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-19 12:37 [RESEND] crypto: public_key: fix overflow during implicit conversion zhenwei pi
2021-08-19 12:54 ` Jarkko Sakkinen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).