Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp6034960rdb;
        Mon, 18 Sep 2023 01:50:33 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGp/gIYgW5CTALa4L/5jd5NdlqLaRCmeHfxgutVDSEcNv3d+ncTHaXFum3tKFKJqZW85amP
X-Received: by 2002:a05:6a20:8f02:b0:15a:2d98:bc81 with SMTP id b2-20020a056a208f0200b0015a2d98bc81mr8692903pzk.53.1695027033517;
        Mon, 18 Sep 2023 01:50:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695027033; cv=none;
        d=google.com; s=arc-20160816;
        b=Z3N2DjmoSvLjq7TVrOihBJGn1iSFyU4ZPe01QIkdUvs8OCbnDhtokwk0h8RsNBNzBn
         kBCsbUD29M32Opb1KXiamTc4UhMH/RfHDGpQ9ArS5Z1UqMeQle24gPGMoSyOelhtgp9j
         76liTgXAlPInRTSqEATthA853VVXfHNd3GrkuZB8DA6KNqE2J7Jz9PK6fF7u9PesraCT
         zRfg5OXa9mJn7VyNWc8+UOh6CBrCTw/5AVGn1oMbpblXQBeFOrhM/BoPUkTU+3wBY285
         nxytYX5D0Sjh+psTixBVlLorSEb9HTCOimI+mQIT0qw5kFC2Y0QKmO4COH/yH3g75MGU
         i+6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=OnIZxyPhx+Q9IMy+ffILYTD7o0NuA0ZbSu2HfEBe/ME=;
        fh=sDRasRhGWwQ13l32RXL4NlzsmlGGoxnRPSVoH6RXISQ=;
        b=LlesBjejQBp0OOjtnAUKXewrMBDPIMfkWqBFniHmmP6+4uqAvmiuhphf+oDHh7+bKc
         2systKGoaFHTlPm9lNY7hzqE8tm3MOxGvqDXSgP5NG3SNeUYie0OdNg+keKo7UbjirlM
         ZQsbS9mDLwMmwAtkaEi/bbCHy85VE6KfdQJRGk4gqXy07jxLvnYbMz0jtJ4b7gHthnU9
         6IDKU5Wx86KoWdX4JmWJBkBQoFBNRAG+JqGRIhKSQh7YSE+yYv3fkUiILGgmTUn4RpSS
         LoQTFq4ZtZRjNXb3BabJOpSQ856GmOsHkKLR093SBYeuJPX7pj4VF0gkbTBhwfaqL73u
         y1bQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from howler.vger.email (howler.vger.email. [23.128.96.34])
        by mx.google.com with ESMTPS id o10-20020a056a001bca00b00666c9148d03si7650109pfw.6.2023.09.18.01.50.32
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 18 Sep 2023 01:50:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by howler.vger.email (Postfix) with ESMTP id 81720833CE14;
	Mon, 18 Sep 2023 01:39:40 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236276AbjIRIjN (ORCPT <rfc822;berger.sven@gmail.com>
        + 99 others); Mon, 18 Sep 2023 04:39:13 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40072 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240816AbjIRIjF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Sep 2023 04:39:05 -0400
Received: from out30-132.freemail.mail.aliyun.com (out30-132.freemail.mail.aliyun.com [115.124.30.132])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E3F36AA;
        Mon, 18 Sep 2023 01:38:58 -0700 (PDT)
X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R111e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018045192;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=5;SR=0;TI=SMTPD_---0VsJFDGY_1695026333;
Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0VsJFDGY_1695026333)
          by smtp.aliyun-inc.com;
          Mon, 18 Sep 2023 16:38:55 +0800
From:   Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
To:     Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Cc:     Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Subject: [PATCH] crypto: sm2 - Fix crash caused by uninitialized context
Date:   Mon, 18 Sep 2023 16:38:50 +0800
Message-Id: <20230918083850.84562-1-tianjia.zhang@linux.alibaba.com>
X-Mailer: git-send-email 2.24.3 (Apple Git-128)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00,
        ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,
        UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Mon, 18 Sep 2023 01:39:40 -0700 (PDT)

In sm2_compute_z_digest() function, the newly allocated structure
mpi_ec_ctx is used, but forget to initialize it, which will cause
a crash when performing subsequent operations.

Fixes: e5221fa6a355 ("KEYS: asymmetric: Move sm2 code into x509_public_key")
Cc: stable@vger.kernel.org # v6.5
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
 crypto/sm2.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/crypto/sm2.c b/crypto/sm2.c
index 285b3cb7c0bc..5ab120d74c59 100644
--- a/crypto/sm2.c
+++ b/crypto/sm2.c
@@ -278,10 +278,14 @@ int sm2_compute_z_digest(struct shash_desc *desc,
 	if (!ec)
 		return -ENOMEM;
 
-	err = __sm2_set_pub_key(ec, key, keylen);
+	err = sm2_ec_ctx_init(ec);
 	if (err)
 		goto out_free_ec;
 
+	err = __sm2_set_pub_key(ec, key, keylen);
+	if (err)
+		goto out_deinit_ec;
+
 	bits_len = SM2_DEFAULT_USERID_LEN * 8;
 	entl[0] = bits_len >> 8;
 	entl[1] = bits_len & 0xff;
-- 
2.24.3 (Apple Git-128)