Received: by 2002:a05:6520:4d:b0:139:a872:a4c9 with SMTP id i13csp2564044lkm; Mon, 20 Sep 2021 18:49:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyTHO4nD8nQiCo4K3+8DxkaUdGpVKMrcf7tZFRLPUVDPibPq3Gkz+kcIYCgXgYC26JMd9qt X-Received: by 2002:a05:6e02:1bc9:: with SMTP id x9mr20080243ilv.168.1632188882590; Mon, 20 Sep 2021 18:48:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632188882; cv=none; d=google.com; s=arc-20160816; b=EF7lvgZK5YMGwb8lYIXZT30RpEy1KB8qVcJi7aVdo4q5sWEX+BLw6gcDxPZyg8iQ14 0PnWLTDytndEbzL8GBD2FW98JHBVs0X09TzNCbgWGdwTEDw0eZBHzpHyeoemuI8hQLxW xvTdihKS8EYnpI/3cT9N69WIqwNScBhdlcuveRZ4Qx6qgdiEwBVRh078ps25l0dP+TsH LTa2B3N9Z05MmmX2yzqSV7dZu0+TNRVLRKY/yeUazTkVzo+KxHmjHU9dxgSVcfUxzWlL aMBlmXVFM78uZPwmB6XXfynrfvsB8xkT1SmswBklwqvsyfvQQTVoq0uN4+anTkCxATXp OhOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Ru6gQUVtoy+LbnOWPa/BBRUTzf5CXyTI9i5BByrZhyQ=; b=ViZ2fqqQjOxxLqNPuajhwh7HLl3nYBf27VKuKgglQBOiwlvHMwTLl0OHrwECtJhP3u URgcj/dZh89LtPIjGwgMIhVtsC+NQk1UxxgTBm5PYy342rvPDc6f1afBsShowTej7ogz aJURtTAJMY6EyaLAZ2QXrL5N90Dg8eKbEp57Q6dCsqtQ5GEb55HaVP/ScPQ1lSGKFRPK ztIaMga2ErTuLNSw7S+SmvEgjx9dqUBVdoH7NB7ONg5xtIUYOVfaWdZAEmIRvKGQ3E2u pUz2sVFYfFacbPBurNKbgqj+GmlmPSkViQDyWIlV5KEuRsNzgbJwiZsrdqdpn2t7FF8s XoAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=oWsYmu43; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l11si2202059ilv.110.2021.09.20.18.47.51; Mon, 20 Sep 2021 18:48:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=oWsYmu43; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346550AbhITRiJ (ORCPT + 99 others); Mon, 20 Sep 2021 13:38:09 -0400 Received: from mail.kernel.org ([198.145.29.99]:40476 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348137AbhITRgI (ORCPT ); Mon, 20 Sep 2021 13:36:08 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D715B61B1E; Mon, 20 Sep 2021 17:06:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1632157583; bh=lYhlJUiZeJ71eAsBUsEU418h4Qd1oNkRZB8M5J6fuKI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oWsYmu43/mzoIsL8emvSpE0tL/wNIWeUyMh5FGeOYg6gq2byIWQfNXdUInenZXn07 rFFYBw40pY7F6GKWM8O4YXDxGnnBr8GPThj5NYkdQwR7C0XJriSKFZqEJm+uHJkVr/ 8g0j3R6kytcmv8dSv57y5o5QQHaqKmF6G2q2Ds2I= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hongbo Li , Herbert Xu , Sasha Levin Subject: [PATCH 4.19 057/293] lib/mpi: use kcalloc in mpi_resize Date: Mon, 20 Sep 2021 18:40:19 +0200 Message-Id: <20210920163935.208923682@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210920163933.258815435@linuxfoundation.org> References: <20210920163933.258815435@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Hongbo Li [ Upstream commit b6f756726e4dfe75be1883f6a0202dcecdc801ab ] We should set the additional space to 0 in mpi_resize(). So use kcalloc() instead of kmalloc_array(). In lib/mpi/ec.c: /**************** * Resize the array of A to NLIMBS. the additional space is cleared * (set to 0) [done by m_realloc()] */ int mpi_resize(MPI a, unsigned nlimbs) Like the comment of kernel's mpi_resize() said, the additional space need to be set to 0, but when a->d is not NULL, it does not set. The kernel's mpi lib is from libgcrypt, the mpi resize in libgcrypt is _gcry_mpi_resize() which set the additional space to 0. This bug may cause mpi api which use mpi_resize() get wrong result under the condition of using the additional space without initiation. If this condition is not met, the bug would not be triggered. Currently in kernel, rsa, sm2 and dh use mpi lib, and they works well, so the bug is not triggered in these cases. add_points_edwards() use the additional space directly, so it will get a wrong result. Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)") Signed-off-by: Hongbo Li Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin --- lib/mpi/mpiutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/mpi/mpiutil.c b/lib/mpi/mpiutil.c index 20ed0f766787..00825028cc84 100644 --- a/lib/mpi/mpiutil.c +++ b/lib/mpi/mpiutil.c @@ -91,7 +91,7 @@ int mpi_resize(MPI a, unsigned nlimbs) return 0; /* no need to do it */ if (a->d) { - p = kmalloc_array(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL); + p = kcalloc(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL); if (!p) return -ENOMEM; memcpy(p, a->d, a->alloced * sizeof(mpi_limb_t)); -- 2.30.2