Received: by 10.223.185.116 with SMTP id b49csp306058wrg; Fri, 2 Mar 2018 19:51:43 -0800 (PST) X-Google-Smtp-Source: AG47ELvOEf0+8pdlZis/pWwxBlRPrOSobp8M6vJq7aLVxbcl156x7ms3qFfuI1WGld4C1yinNDnz X-Received: by 2002:a17:902:983:: with SMTP id 3-v6mr7357628pln.278.1520049103275; Fri, 02 Mar 2018 19:51:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520049103; cv=none; d=google.com; s=arc-20160816; b=vVxTMEiCK99K3/zqOU9UWMriIPjtPWyjS5zs2B6oZEMAg5RWn0WBmoh91uDbvhPruR 9ZQru7y+DKus3BA6sb6TBauuCy7MddXowctwAEDk6ANT5P0bTsQW6OgjHxzNz/Me0pv5 F7tbBCMDZ78hdUx5UC5DpjRlbQo63rfG6dMKVonf5tSFg4suoTG6mcbINA0YjuGs+Cqq yxslCmy69oRbh+c3ft39VEIRewBxKKvJJH8EADympMfRwL/YzbDXducSpd3TZDqa/tKW 9VyZCES72OHVn/dp8XiAaW19fRa/qSNtP/0zkN4o2LQKyRsDwx/P3XQr6jT4OdoULCOW 0NnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=6OFuVlr5HKpTdkY/HIxWwFDE7GGJ5FNxMXlhudbIxN8=; b=Ltc3DHEzmsPvUkoSNK6ryuaVC7RMipLZ6OKeafLDcTa+8YV5Sju0lf9Ks/G13MusFR FCBEuB6+uOrHWj0duGON+n8wZ6dQvTiUw8kpfxe3KrQUqfZqY1HPqXzBCqEptr3RGBLY haAMVoIC2Ks1Lz0i9hNyVaNkyeWNVGthSZATZB2419aakoImhaVhNVNx0jE8vW5rQIvg j8glXiX5p3fhm+MqVf8Jk15GHf8xRHHL1E6KwZa4pnt3BhqgLMpQK35terPu0m+n4e89 wFxHxrxdksG4uRqVF+QfLAao8YlYBnC4oHj1Rlk16y4Mad/SLaijvp4wyoPUzAtrpvEr Nl/A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h6-v6si5901346pln.198.2018.03.02.19.51.29; Fri, 02 Mar 2018 19:51:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935157AbeCBX6Z (ORCPT + 99 others); Fri, 2 Mar 2018 18:58:25 -0500 Received: from vps-vb.mhejs.net ([37.28.154.113]:50208 "EHLO vps-vb.mhejs.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934915AbeCBX6Y (ORCPT ); Fri, 2 Mar 2018 18:58:24 -0500 Received: by vps-vb.mhejs.net with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from ) id 1eruZ8-0003KR-Q4; Sat, 03 Mar 2018 00:58:18 +0100 Subject: Re: [PATCH 2/3] crypto: ccp - return an actual key size from RSA max_size callback To: "Hook, Gary" Cc: Herbert Xu , "David S. Miller" , David Howells , Tom Lendacky , Gary Hook , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org References: <51c265e4-6153-3e5e-316a-ebef059ac36a@maciej.szmigiero.name> <20180302164451.GJ21579@gondor.apana.org.au> <087e7b27-f839-8d4b-8da8-5d0fa2f8caf1@maciej.szmigiero.name> From: "Maciej S. Szmigiero" Message-ID: <7deb1115-b4b2-8fe3-885f-0162f2fe359f@maciej.szmigiero.name> Date: Sat, 3 Mar 2018 00:58:18 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03.03.2018 00:49, Hook, Gary wrote: > On 3/2/2018 5:15 PM, Maciej S. Szmigiero wrote: >> On 02.03.2018 17:44, Herbert Xu wrote: >>> On Sat, Feb 24, 2018 at 05:03:21PM +0100, Maciej S. Szmigiero wrote: >>>> rsa-pkcs1pad uses a value returned from a RSA implementation max_size >>>> callback as a size of an input buffer passed to the RSA implementation for >>>> encrypt and sign operations. >>>> >>>> CCP RSA implementation uses a hardware input buffer which size depends only >>>> on the current RSA key length, so it should return this key length in >>>> the max_size callback, too. >>>> This also matches what the kernel software RSA implementation does. >>>> >>>> Previously, the value returned from this callback was always the maximum >>>> RSA key size the CCP hardware supports. >>>> This resulted in this huge buffer being passed by rsa-pkcs1pad to CCP even >>>> for smaller key sizes and then in a buffer overflow when ccp_run_rsa_cmd() >>>> tried to copy this large input buffer into a RSA key length-sized hardware >>>> input buffer. >>>> >>>> Signed-off-by: Maciej S. Szmigiero >>>> Fixes: ceeec0afd684 ("crypto: ccp - Add support for RSA on the CCP") >>>> Cc: stable@vger.kernel.org >>> >>> Patch applied.  Thanks. >> >> Thanks. >> >> However, what about the first patch from this series? >> Without it, while it no longer should cause a buffer overflow, in-kernel >> X.509 certificate verification will still fail with CCP driver loaded >> (since CCP RSA implementation has a higher priority than the software >> RSA implementation). >> >> Maciej >> > > > I commented on that one here: > https://marc.info/?l=linux-crypto-vger&m=151986452422791&w=2 > > Effectively a NACK. We are a reviewing a proposed patch right now. Your earlier comment referred to the third patch from this series. My message above was about the first one. Maciej