Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp687178pxb;
        Tue, 5 Apr 2022 18:48:43 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx68GqgUuBWSis2uIymDzpe7CSJHuu89AR28T0fs4utzXB2Mvsbh7DkgZ8QPD8W8FlrAK4e
X-Received: by 2002:a63:6c4a:0:b0:398:604b:7263 with SMTP id h71-20020a636c4a000000b00398604b7263mr5185327pgc.545.1649209722880;
        Tue, 05 Apr 2022 18:48:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649209722; cv=none;
        d=google.com; s=arc-20160816;
        b=Hq966eAAc2wS5Ahv63w1FhCTHxPgyPlex8aJFrg+xEzUtQUUaPNpU4E2F5pfMniHEW
         C9+DcpGRwnuD+oXLNMoVCGlAVUx3xmncuMnv+5StqOeRiP7Kp74sdZlREd1psMBjjlRD
         ay0JnvhCnixc3y9m8l7nJI9edq5KleeeFql+oAt7BPViVw5DapdqdCzPdC4JfkgcsHWO
         scPmtenSkGNkRKrEaHt8e+8BB15w0XyLoGXaVLtrtrALSgPtTgCN6QwZ7Yx8Me4DYUOh
         hpeETuUMyZYMmP4eYYp6FT7nkQpPgGY69Q1EJ8ChHyEZiLMJ7+dlwulUZweeM33e7BP7
         GFCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=Uly24Jg6aYHAF+0dVc2bvye/3gb4d4KxhCTj/MEKDp0=;
        b=CXOJN0uNUehTeUayaXxxXNwahNo9w7WjkRG9qZjz9GPmvr7rtHIcib4bAbqSB+4ERg
         R5DA9tk3jHTVRHMzE78TgL/59jx68Q+leN7BQUCzRSWTeGord+El+FMJa2/mcbEWuI6L
         xJBXF/rz0figgKMbQqNLu+gdcmvkydA/0yQW1jhVutXK/zEXLQh4POugtrtq6Wu2iWTO
         4p7Ol1nOEbnvIq0530mDZo5bYLSJ1DD8iQaTcfFdVcOX7z2TKyRxt5DJeubD0s9fmesq
         EPrWW+1C0xNcST6vEMwgFkE+D2mHMyfte5p4Z2ato/MB8Eb2MxV1sUTJDdbK8RCXK774
         n7Yg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="yzKXE/qQ";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id p3-20020a056a000a0300b004fa86593770si9119020pfh.145.2022.04.05.18.48.27;
        Tue, 05 Apr 2022 18:48:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="yzKXE/qQ";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1388227AbiDEOmR (ORCPT <rfc822;arunks.linux@gmail.com>
        + 99 others); Tue, 5 Apr 2022 10:42:17 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53164 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S244200AbiDEJlK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 Apr 2022 05:41:10 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA4F4BB082;
        Tue,  5 Apr 2022 02:25:31 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 3E62761654;
        Tue,  5 Apr 2022 09:25:31 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 49E71C385A0;
        Tue,  5 Apr 2022 09:25:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1649150730;
        bh=wxo5Qgm4ML6MQghSIyIPjrQXgvNxgJgLaqb67pNgPhk=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=yzKXE/qQL5RODg5dmumMYGrPcaxCKO3QM6oW0kLbBhBRfsdVqI5YGBvWyU0f26utI
         4hxpMMINatI8WRr5x8B+Su4HZnAnUX1z9MMVK4pU0VBw0H8FxX9rQuKMbp0Pr9iOi+
         FyKhG6WVFAEHsNs1OKLp1Ebc8E7DyiAZ9RKXuSi4=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Tadeusz Struk <tadeusz.struk@linaro.org>,
        Vitaly Chikunov <vt@altlinux.org>,
        Eric Biggers <ebiggers@google.com>,
        Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 5.15 159/913] crypto: rsa-pkcs1pad - restore signature length check
Date:   Tue,  5 Apr 2022 09:20:21 +0200
Message-Id: <20220405070344.607892594@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220405070339.801210740@linuxfoundation.org>
References: <20220405070339.801210740@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Eric Biggers <ebiggers@google.com>

commit d3481accd974541e6a5d6a1fb588924a3519c36e upstream.

RSA PKCS#1 v1.5 signatures are required to be the same length as the RSA
key size.  RFC8017 specifically requires the verifier to check this
(https://datatracker.ietf.org/doc/html/rfc8017#section-8.2.2).

Commit a49de377e051 ("crypto: Add hash param to pkcs1pad") changed the
kernel to allow longer signatures, but didn't explain this part of the
change; it seems to be unrelated to the rest of the commit.

Revert this change, since it doesn't appear to be correct.

We can be pretty sure that no one is relying on overly-long signatures
(which would have to be front-padded with zeroes) being supported, given
that they would have been broken since commit c7381b012872
("crypto: akcipher - new verify API for public key algorithms").

Fixes: a49de377e051 ("crypto: Add hash param to pkcs1pad")
Cc: <stable@vger.kernel.org> # v4.6+
Cc: Tadeusz Struk <tadeusz.struk@linaro.org>
Suggested-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 crypto/rsa-pkcs1pad.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -538,7 +538,7 @@ static int pkcs1pad_verify(struct akciph
 
 	if (WARN_ON(req->dst) ||
 	    WARN_ON(!req->dst_len) ||
-	    !ctx->key_size || req->src_len < ctx->key_size)
+	    !ctx->key_size || req->src_len != ctx->key_size)
 		return -EINVAL;
 
 	req_ctx->out_buf = kmalloc(ctx->key_size + req->dst_len, GFP_KERNEL);