Received: by 2002:a05:6a10:6d25:0:0:0:0 with SMTP id gq37csp1827076pxb; Mon, 13 Sep 2021 06:26:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwygDa86JVh0QGZDrpCnASagrH3hfDRbwxyqB8+F1gdaeNdFFuwfl7SO7CvQN7dQfVSoW0E X-Received: by 2002:a05:6638:2611:: with SMTP id m17mr7521172jat.85.1631539580509; Mon, 13 Sep 2021 06:26:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631539580; cv=none; d=google.com; s=arc-20160816; b=U3mUMnNVnDKJJ55KaxZenGk45VoqPFMVLx8k/KRueruP6cg1/33ZhvWBPS9RM3x9NA DjTshH1QnjONaWlbcRt+VY6UY8/wEGWLTprtvDTmfVWwAOiNSPuwlRMvOsndtEEvcxmj yNDDtw4DxidodHWh18a+2hjfqiHlk0mGeiGkhXqm3cNpfET8xFKDL7RHS0RMG7rOO6Bj mFc41mklc8uWBhIicuH5F6mxKApEaZPASXbMyA+LT1I4my22rZ3Lm9USs6IclFH8SF2E AlHx45FQDOVrf83xfL1pfpyNUrkkPZVX66eY6qrvH/Nte3eZdlJrdX6G03PFSYoJF5Ut MhzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Ru6gQUVtoy+LbnOWPa/BBRUTzf5CXyTI9i5BByrZhyQ=; b=R598qnhqX7oX0hp9l6bW3H4qPpaD61UrkVnaMwijAWIDP1bxFLF9jhIoTLP34iKIb6 gczaP6k+xaqKj6WZR8s2CXzJYCUae0JMkE9hbzrJeS709QgW2RJ52shMYGPtgklxD5/2 cZHAZaZXWzvtGwOxvCDQtPJscLnjSeT/uDFuv0OE0L29j66cBN0sVzvQw3oiExRNfq7e DwtM5p6B4bFlDjR+sGg27goLpAVSNc1rZfNJJr0OiB4Ih1tNivdJhLdUeguGBSrsgB/E NEFPaRpMgyfPSDUP2LkGvVs3cG4SoT2++zNfWUMDMXoi6t+H84J182jfMhMIEY3X8/Ll nLzQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=LmiKOw6s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f22si7374619jam.69.2021.09.13.06.26.09; Mon, 13 Sep 2021 06:26:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=LmiKOw6s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240705AbhIMNYv (ORCPT + 99 others); Mon, 13 Sep 2021 09:24:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:34850 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240213AbhIMNUD (ORCPT ); Mon, 13 Sep 2021 09:20:03 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C4CDF6112D; Mon, 13 Sep 2021 13:18:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1631539085; bh=lYhlJUiZeJ71eAsBUsEU418h4Qd1oNkRZB8M5J6fuKI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LmiKOw6sO5WAlp/th4hJwKGS0O6e+UDoFKJEq6qd/1p9xuHDJLj9+bF6nmysqx59k V6QoV7ZMzaAzzaa8GVz38YmQXNrA3S9Lk6/JQZSIwqymsb8+ldYJu7OeCz6tiOUn7T kByXkIMqb2jDu+2xvx+AQmwQms7m+qXOEt1wD1os= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hongbo Li , Herbert Xu , Sasha Levin Subject: [PATCH 5.4 036/144] lib/mpi: use kcalloc in mpi_resize Date: Mon, 13 Sep 2021 15:13:37 +0200 Message-Id: <20210913131049.158310508@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210913131047.974309396@linuxfoundation.org> References: <20210913131047.974309396@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Hongbo Li [ Upstream commit b6f756726e4dfe75be1883f6a0202dcecdc801ab ] We should set the additional space to 0 in mpi_resize(). So use kcalloc() instead of kmalloc_array(). In lib/mpi/ec.c: /**************** * Resize the array of A to NLIMBS. the additional space is cleared * (set to 0) [done by m_realloc()] */ int mpi_resize(MPI a, unsigned nlimbs) Like the comment of kernel's mpi_resize() said, the additional space need to be set to 0, but when a->d is not NULL, it does not set. The kernel's mpi lib is from libgcrypt, the mpi resize in libgcrypt is _gcry_mpi_resize() which set the additional space to 0. This bug may cause mpi api which use mpi_resize() get wrong result under the condition of using the additional space without initiation. If this condition is not met, the bug would not be triggered. Currently in kernel, rsa, sm2 and dh use mpi lib, and they works well, so the bug is not triggered in these cases. add_points_edwards() use the additional space directly, so it will get a wrong result. Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)") Signed-off-by: Hongbo Li Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin --- lib/mpi/mpiutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/mpi/mpiutil.c b/lib/mpi/mpiutil.c index 20ed0f766787..00825028cc84 100644 --- a/lib/mpi/mpiutil.c +++ b/lib/mpi/mpiutil.c @@ -91,7 +91,7 @@ int mpi_resize(MPI a, unsigned nlimbs) return 0; /* no need to do it */ if (a->d) { - p = kmalloc_array(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL); + p = kcalloc(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL); if (!p) return -ENOMEM; memcpy(p, a->d, a->alloced * sizeof(mpi_limb_t)); -- 2.30.2