tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'v6.13-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:
"Fix a regression in rsassa-pkcs1 as well as a buffer overrun in
hisilicon/debugfs"

* tag 'v6.13-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: hisilicon/debugfs - fix the struct pointer incorrectly offset problem
crypto: rsassa-pkcs1 - Copy source data for SG list

Linus Torvalds ec209291 78248507

+16 -33
+14 -31
crypto/rsassa-pkcs1.c
··· 163 163 struct rsassa_pkcs1_inst_ctx *ictx = sig_instance_ctx(inst); 164 164 const struct hash_prefix *hash_prefix = ictx->hash_prefix; 165 165 struct rsassa_pkcs1_ctx *ctx = crypto_sig_ctx(tfm); 166 - unsigned int child_reqsize = crypto_akcipher_reqsize(ctx->child); 167 - struct akcipher_request *child_req __free(kfree_sensitive) = NULL; 168 - struct scatterlist in_sg[3], out_sg; 169 - struct crypto_wait cwait; 170 166 unsigned int pad_len; 171 167 unsigned int ps_end; 172 168 unsigned int len; ··· 183 187 184 188 pad_len = ctx->key_size - slen - hash_prefix->size - 1; 185 189 186 - child_req = kmalloc(sizeof(*child_req) + child_reqsize + pad_len, 187 - GFP_KERNEL); 188 - if (!child_req) 189 - return -ENOMEM; 190 - 191 190 /* RFC 8017 sec 8.2.1 step 1 - EMSA-PKCS1-v1_5 encoding generation */ 192 - in_buf = (u8 *)(child_req + 1) + child_reqsize; 191 + in_buf = dst; 192 + memmove(in_buf + pad_len + hash_prefix->size, src, slen); 193 + memcpy(in_buf + pad_len, hash_prefix->data, hash_prefix->size); 194 + 193 195 ps_end = pad_len - 1; 194 196 in_buf[0] = 0x01; 195 197 memset(in_buf + 1, 0xff, ps_end - 1); 196 198 in_buf[ps_end] = 0x00; 197 199 198 - /* RFC 8017 sec 8.2.1 step 2 - RSA signature */ 199 - crypto_init_wait(&cwait); 200 - sg_init_table(in_sg, 3); 201 - sg_set_buf(&in_sg[0], in_buf, pad_len); 202 - sg_set_buf(&in_sg[1], hash_prefix->data, hash_prefix->size); 203 - sg_set_buf(&in_sg[2], src, slen); 204 - sg_init_one(&out_sg, dst, dlen); 205 - akcipher_request_set_tfm(child_req, ctx->child); 206 - akcipher_request_set_crypt(child_req, in_sg, &out_sg, 207 - ctx->key_size - 1, dlen); 208 - akcipher_request_set_callback(child_req, CRYPTO_TFM_REQ_MAY_SLEEP, 209 - crypto_req_done, &cwait); 210 200 211 - err = crypto_akcipher_decrypt(child_req); 212 - err = crypto_wait_req(err, &cwait); 213 - if (err) 201 + /* RFC 8017 sec 8.2.1 step 2 - RSA signature */ 202 + err = crypto_akcipher_sync_decrypt(ctx->child, in_buf, 203 + ctx->key_size - 1, in_buf, 204 + ctx->key_size); 205 + if (err < 0) 214 206 return err; 215 207 216 - len = child_req->dst_len; 208 + len = err; 217 209 pad_len = ctx->key_size - len; 218 210 219 211 /* Four billion to one */ ··· 223 239 struct rsassa_pkcs1_ctx *ctx = crypto_sig_ctx(tfm); 224 240 unsigned int child_reqsize = crypto_akcipher_reqsize(ctx->child); 225 241 struct akcipher_request *child_req __free(kfree_sensitive) = NULL; 226 - struct scatterlist in_sg, out_sg; 227 242 struct crypto_wait cwait; 243 + struct scatterlist sg; 228 244 unsigned int dst_len; 229 245 unsigned int pos; 230 246 u8 *out_buf; ··· 243 259 return -ENOMEM; 244 260 245 261 out_buf = (u8 *)(child_req + 1) + child_reqsize; 262 + memcpy(out_buf, src, slen); 246 263 247 264 crypto_init_wait(&cwait); 248 - sg_init_one(&in_sg, src, slen); 249 - sg_init_one(&out_sg, out_buf, ctx->key_size); 265 + sg_init_one(&sg, out_buf, slen); 250 266 akcipher_request_set_tfm(child_req, ctx->child); 251 - akcipher_request_set_crypt(child_req, &in_sg, &out_sg, 252 - slen, ctx->key_size); 267 + akcipher_request_set_crypt(child_req, &sg, &sg, slen, slen); 253 268 akcipher_request_set_callback(child_req, CRYPTO_TFM_REQ_MAY_SLEEP, 254 269 crypto_req_done, &cwait); 255 270
+2 -2
drivers/crypto/hisilicon/debugfs.c
··· 192 192 193 193 down_read(&qm->qps_lock); 194 194 if (qm->sqc) { 195 - memcpy(&sqc, qm->sqc + qp_id * sizeof(struct qm_sqc), sizeof(struct qm_sqc)); 195 + memcpy(&sqc, qm->sqc + qp_id, sizeof(struct qm_sqc)); 196 196 sqc.base_h = cpu_to_le32(QM_XQC_ADDR_MASK); 197 197 sqc.base_l = cpu_to_le32(QM_XQC_ADDR_MASK); 198 198 dump_show(qm, &sqc, sizeof(struct qm_sqc), "SOFT SQC"); ··· 229 229 230 230 down_read(&qm->qps_lock); 231 231 if (qm->cqc) { 232 - memcpy(&cqc, qm->cqc + qp_id * sizeof(struct qm_cqc), sizeof(struct qm_cqc)); 232 + memcpy(&cqc, qm->cqc + qp_id, sizeof(struct qm_cqc)); 233 233 cqc.base_h = cpu_to_le32(QM_XQC_ADDR_MASK); 234 234 cqc.base_l = cpu_to_le32(QM_XQC_ADDR_MASK); 235 235 dump_show(qm, &cqc, sizeof(struct qm_cqc), "SOFT CQC");