Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp150734pxb; Mon, 13 Sep 2021 15:35:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyTdILynCxbNUOJGUsKYjT9eYOmea4ae11vHNRs8PiCjF0YSvEnqMCmlZsUYOl17eGuhxMU X-Received: by 2002:a05:6402:2c9:: with SMTP id b9mr15976237edx.109.1631572541100; Mon, 13 Sep 2021 15:35:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631572541; cv=none; d=google.com; s=arc-20160816; b=JJB4sb8SAq88BVhNNXegtnGOq4RxsuWiVuLFgFBMZTHx4RFUUC4ltIb3XL911IjPhX 3lTM8MQazpf2mAwWQtopXWyAuS2Nlia/5ql13VxK4HDcuAWGzlG7KzHKgAAdPUldT3xU 0r9f7VTYeecABpbwWNXZMVQnpcxyxSTCwyplzXodxwKQQZtDKnPeb8SogiNEJ2o3lFkq xgFxdvzC0b4+4v/kS4Ui1F4mB8q3Ke6sj/DLAg5LAz20m3OGUoLesbyB9boDZsHm7jlU CQy/UTi3i96O8IwFx/HIQCStro40VPnfzTP7rtdOPSAFOhz/khXFH/Vi2eK75tzAYY+Y wStQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Nd4NomUNcSUxsSuC/m8PRsDhFOfO/4qB21pNulFaxW4=; b=pDbT+WH6sIehGxJbHI0GyU0vpsCP0PdOhCQl23tdD849GXZVA6dLUpEqruL9hJ6deo J1Gf4O31n90MPxKtZjDOI7U8zmQGWp+ymDeeMHFfKb80o5JHV6dxtrBtWEkl0SZInaik Sez+f2ESYKe9mqZisYwBIeLBcfYE4EusrLBg6ud7yUPYfVynFiki5gX6DIeyg4XgSHwQ +TG28Sws2P4QRkTysUpSahkjIAHlc/PqY+iVNwU4AdQNDptEapKbPsIviaaowcui8LCU xFw23ciZqdt4kxCaXmIXLyUpz+ykjdb6z8o4zGVphtZX7u0ey9M/G+iUsxyblQGFN4Jz NtJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="z/eOkN8A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hg13si4095628ejc.330.2021.09.13.15.35.16; Mon, 13 Sep 2021 15:35:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="z/eOkN8A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244909AbhIMOAZ (ORCPT + 99 others); Mon, 13 Sep 2021 10:00:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:48182 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245657AbhIMN5s (ORCPT ); Mon, 13 Sep 2021 09:57:48 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9BEB560462; Mon, 13 Sep 2021 13:36:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1631540202; bh=lNnfIkoxkGMnhxc9WgDuAvO438LsQOi8NKlR+JJQBKw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=z/eOkN8Ag0YbBDs6zgCskc9BIouQedA6ad8jQLaP/TPO2fu4cq56fSu9pRngyapSK VKTXf5huVEDlA5HT/BhCdHiWBk/aPMjDNXrL5+duDt5F1X6dT/rWW3rkVSQRyyrQDP p4d2ZzsQcnG8tD1Q4Vnb6s/W9DgQ53BNP99ms9wY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hongbo Li , Herbert Xu , Sasha Levin Subject: [PATCH 5.13 062/300] lib/mpi: use kcalloc in mpi_resize Date: Mon, 13 Sep 2021 15:12:03 +0200 Message-Id: <20210913131111.456055790@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210913131109.253835823@linuxfoundation.org> References: <20210913131109.253835823@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Hongbo Li [ Upstream commit b6f756726e4dfe75be1883f6a0202dcecdc801ab ] We should set the additional space to 0 in mpi_resize(). So use kcalloc() instead of kmalloc_array(). In lib/mpi/ec.c: /**************** * Resize the array of A to NLIMBS. the additional space is cleared * (set to 0) [done by m_realloc()] */ int mpi_resize(MPI a, unsigned nlimbs) Like the comment of kernel's mpi_resize() said, the additional space need to be set to 0, but when a->d is not NULL, it does not set. The kernel's mpi lib is from libgcrypt, the mpi resize in libgcrypt is _gcry_mpi_resize() which set the additional space to 0. This bug may cause mpi api which use mpi_resize() get wrong result under the condition of using the additional space without initiation. If this condition is not met, the bug would not be triggered. Currently in kernel, rsa, sm2 and dh use mpi lib, and they works well, so the bug is not triggered in these cases. add_points_edwards() use the additional space directly, so it will get a wrong result. Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)") Signed-off-by: Hongbo Li Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin --- lib/mpi/mpiutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/mpi/mpiutil.c b/lib/mpi/mpiutil.c index 3c63710c20c6..e6c4b3180ab1 100644 --- a/lib/mpi/mpiutil.c +++ b/lib/mpi/mpiutil.c @@ -148,7 +148,7 @@ int mpi_resize(MPI a, unsigned nlimbs) return 0; /* no need to do it */ if (a->d) { - p = kmalloc_array(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL); + p = kcalloc(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL); if (!p) return -ENOMEM; memcpy(p, a->d, a->alloced * sizeof(mpi_limb_t)); -- 2.30.2