Received: by 10.223.185.116 with SMTP id b49csp1972828wrg; Sat, 24 Feb 2018 08:04:32 -0800 (PST) X-Google-Smtp-Source: AH8x227LFklXHLJKH2WNLlk+Rhd9QGLFLVsElUaXZF61hB3CP5BO6e1kCkKc8NZpql9A/VXMEy8n X-Received: by 10.99.160.80 with SMTP id u16mr4194566pgn.389.1519488272644; Sat, 24 Feb 2018 08:04:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519488272; cv=none; d=google.com; s=arc-20160816; b=gYeilPseS+WqcIkN2HA8Lmur9gPEVUeV9+PP3aveCnDQmrF3vRflOlrBj4ZTmye0w4 l4KosdqIKJEquX+Z186THn4MxWgX9cdbIrBVU3YY31PQIfYYik477UfvWM87dflw4uB9 J3QB0uGLyjRM9rYI4GAfu+bD++XIUMEzO5i4dDFfX94DoQuN70yc2xDbCT8D5GoGX6Xp 5ViZqGY7dpjrg46dgpX3f0Q6Mw7hOV92mUiwobbSi5cOGBNhMDe9wzBm617bUfbMMCiF Vy9v7kaGBPYbnQIfsz/AtYZ9pNPvaD6mpbZNdu0YLiNZz0XSoRuydsgWkGl7t8u0GgTt fd7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:mime-version:user-agent:date:message-id:cc:to :subject:from:arc-authentication-results; bh=bfCV1qiEcBLmwjEdNfPz9SXK2Eb394F69rfkmZhXGNU=; b=v2zVqiDbcuMTTrn+Zfm/UyQIqt5Xm3tQPwDJGLGRMrp35Aa9WfYD43hUK9K5oXL08z ikQHH4+ckJXDN2MPNd4uPjf6h81fkDgJyGUW3RCiLjk6vJ8f/ffAwiWkr47eG6hhllRo d8G+kzeXCrGFcvdO6bK7yfuD6d90R8V1+SwUPgMnOVe44cKRRnRQfuyzsbiqLXXo2FXW hjKCV7c0esSJre7EPXVuDNPGXL96XGVVn2No4bO+ti33I+uKj3MrE9Be0L+6RhtzxoU1 BFeLnYZCXPwa++8hernTrmcX51dpxCFKPIPxwji6Jq9OAWS0z4woUKUmDmRINAUopy1i GB8A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q2-v6si3699436plh.499.2018.02.24.08.04.18; Sat, 24 Feb 2018 08:04:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751609AbeBXQDi (ORCPT + 99 others); Sat, 24 Feb 2018 11:03:38 -0500 Received: from vps-vb.mhejs.net ([37.28.154.113]:41924 "EHLO vps-vb.mhejs.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751581AbeBXQDf (ORCPT ); Sat, 24 Feb 2018 11:03:35 -0500 Received: by vps-vb.mhejs.net with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from ) id 1epcIN-0003zw-Je; Sat, 24 Feb 2018 17:03:31 +0100 From: "Maciej S. Szmigiero" Subject: [PATCH 3/3] crypto: ccp - protect RSA implementation from too large input data To: Herbert Xu , "David S. Miller" Cc: David Howells , Tom Lendacky , Gary Hook , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Message-ID: <4af6c02f-db3f-3d82-9685-367913c684ff@maciej.szmigiero.name> Date: Sat, 24 Feb 2018 17:03:31 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org CCP RSA implementation uses a hardware input buffer which size depends only on the current RSA key length. Key modulus and a message to be processed is then copied to this buffer based on their own lengths. Since the price for providing too long input data is a buffer overflow and there already has been a case when this has happened let's better reject such oversized input data and log an error message in this case so we know what is going on. Signed-off-by: Maciej S. Szmigiero --- drivers/crypto/ccp/ccp-ops.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c index 406b95329b3d..517aeee30abf 100644 --- a/drivers/crypto/ccp/ccp-ops.c +++ b/drivers/crypto/ccp/ccp-ops.c @@ -1770,10 +1770,6 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) if (!rsa->exp || !rsa->mod || !rsa->src || !rsa->dst) return -EINVAL; - memset(&op, 0, sizeof(op)); - op.cmd_q = cmd_q; - op.jobid = CCP_NEW_JOBID(cmd_q->ccp); - /* The RSA modulus must precede the message being acted upon, so * it must be copied to a DMA area where the message and the * modulus can be concatenated. Therefore the input buffer @@ -1785,6 +1781,26 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) o_len = 32 * ((rsa->key_size + 255) / 256); i_len = o_len * 2; + if (rsa->mod_len > o_len) { + dev_err(cmd_q->ccp->dev, + "RSA modulus of %u bytes too large for key size of %u bits\n", + (unsigned int)rsa->mod_len, + (unsigned int)rsa->key_size); + return -EINVAL; + } + + if (rsa->src_len > o_len) { + dev_err(cmd_q->ccp->dev, + "RSA data of %u bytes too large for key size of %u bits\n", + (unsigned int)rsa->src_len, + (unsigned int)rsa->key_size); + return -EINVAL; + } + + memset(&op, 0, sizeof(op)); + op.cmd_q = cmd_q; + op.jobid = CCP_NEW_JOBID(cmd_q->ccp); + sb_count = 0; if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) { /* sb_count is the number of storage block slots required