Embedding the akcipher_request in pkcs1pad_request don't take
into account the context space required by the akcipher object.
This result in memory corruption (and kernel panic) as the
akcipher object will overwrite anything after akcipher_request
structure.
Fix it by dinamically allocating the structure with akcipher_request_alloc.
Software akcipher implementation is working only because it is
synchronous and it does not use a request context.
Signed-off-by: Salvatore Benedetto <[email protected]>
---
crypto/rsa-pkcs1pad.c | 75 ++++++++++++++++++++++++++++++++++-----------------
1 file changed, 51 insertions(+), 24 deletions(-)
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 880d3db..d663ab6 100644
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -101,7 +101,7 @@ struct pkcs1pad_inst_ctx {
};
struct pkcs1pad_request {
- struct akcipher_request child_req;
+ struct akcipher_request *child_req;
struct scatterlist in_sg[2], out_sg[1];
uint8_t *in_buf, *out_buf;
@@ -192,7 +192,7 @@ static int pkcs1pad_encrypt_sign_complete(struct akcipher_request *req, int err)
if (err)
goto out;
- len = req_ctx->child_req.dst_len;
+ len = req_ctx->child_req->dst_len;
pad_len = ctx->key_size - len;
/* Four billion to one */
@@ -215,6 +215,7 @@ out:
req->dst_len = ctx->key_size;
kfree(req_ctx->in_buf);
+ akcipher_request_free(req_ctx->child_req);
return err;
}
@@ -277,15 +278,21 @@ static int pkcs1pad_encrypt(struct akcipher_request *req)
pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
ctx->key_size, NULL);
- akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
- akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
+ req_ctx->child_req = akcipher_request_alloc(ctx->child, GFP_KERNEL);
+ if (!req_ctx->child_req) {
+ kfree(req_ctx->out_buf);
+ kfree(req_ctx->in_buf);
+ return -ENOMEM;
+ }
+ akcipher_request_set_tfm(req_ctx->child_req, ctx->child);
+ akcipher_request_set_callback(req_ctx->child_req, req->base.flags,
pkcs1pad_encrypt_sign_complete_cb, req);
/* Reuse output buffer */
- akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
+ akcipher_request_set_crypt(req_ctx->child_req, req_ctx->in_sg,
req->dst, ctx->key_size - 1, req->dst_len);
- err = crypto_akcipher_encrypt(&req_ctx->child_req);
+ err = crypto_akcipher_encrypt(req_ctx->child_req);
if (err != -EINPROGRESS &&
(err != -EBUSY ||
!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
@@ -308,7 +315,7 @@ static int pkcs1pad_decrypt_complete(struct akcipher_request *req, int err)
if (err)
goto done;
- if (req_ctx->child_req.dst_len != ctx->key_size - 1) {
+ if (req_ctx->child_req->dst_len != ctx->key_size - 1) {
err = -EINVAL;
goto done;
}
@@ -317,18 +324,18 @@ static int pkcs1pad_decrypt_complete(struct akcipher_request *req, int err)
err = -EINVAL;
goto done;
}
- for (pos = 1; pos < req_ctx->child_req.dst_len; pos++)
+ for (pos = 1; pos < req_ctx->child_req->dst_len; pos++)
if (req_ctx->out_buf[pos] == 0x00)
break;
- if (pos < 9 || pos == req_ctx->child_req.dst_len) {
+ if (pos < 9 || pos == req_ctx->child_req->dst_len) {
err = -EINVAL;
goto done;
}
pos++;
- if (req->dst_len < req_ctx->child_req.dst_len - pos)
+ if (req->dst_len < req_ctx->child_req->dst_len - pos)
err = -EOVERFLOW;
- req->dst_len = req_ctx->child_req.dst_len - pos;
+ req->dst_len = req_ctx->child_req->dst_len - pos;
if (!err)
sg_copy_from_buffer(req->dst,
@@ -337,6 +344,7 @@ static int pkcs1pad_decrypt_complete(struct akcipher_request *req, int err)
done:
kzfree(req_ctx->out_buf);
+ akcipher_request_free(req_ctx->child_req);
return err;
}
@@ -373,16 +381,22 @@ static int pkcs1pad_decrypt(struct akcipher_request *req)
pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
ctx->key_size, NULL);
- akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
- akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
+ req_ctx->child_req = akcipher_request_alloc(ctx->child, GFP_KERNEL);
+ if (!req_ctx->child_req) {
+ kfree(req_ctx->out_buf);
+ return -ENOMEM;
+ }
+
+ akcipher_request_set_tfm(req_ctx->child_req, ctx->child);
+ akcipher_request_set_callback(req_ctx->child_req, req->base.flags,
pkcs1pad_decrypt_complete_cb, req);
/* Reuse input buffer, output to a new buffer */
- akcipher_request_set_crypt(&req_ctx->child_req, req->src,
+ akcipher_request_set_crypt(req_ctx->child_req, req->src,
req_ctx->out_sg, req->src_len,
ctx->key_size);
- err = crypto_akcipher_decrypt(&req_ctx->child_req);
+ err = crypto_akcipher_decrypt(req_ctx->child_req);
if (err != -EINPROGRESS &&
(err != -EBUSY ||
!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
@@ -420,6 +434,12 @@ static int pkcs1pad_sign(struct akcipher_request *req)
if (!req_ctx->in_buf)
return -ENOMEM;
+ req_ctx->child_req = akcipher_request_alloc(ctx->child, GFP_KERNEL);
+ if (!req_ctx->child_req) {
+ kfree(req_ctx->in_buf);
+ return -ENOMEM;
+ }
+
ps_end = ctx->key_size - digest_size - req->src_len - 2;
req_ctx->in_buf[0] = 0x01;
memset(req_ctx->in_buf + 1, 0xff, ps_end - 1);
@@ -431,15 +451,15 @@ static int pkcs1pad_sign(struct akcipher_request *req)
pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
ctx->key_size - 1 - req->src_len, req->src);
- akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
- akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
+ akcipher_request_set_tfm(req_ctx->child_req, ctx->child);
+ akcipher_request_set_callback(req_ctx->child_req, req->base.flags,
pkcs1pad_encrypt_sign_complete_cb, req);
/* Reuse output buffer */
- akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
+ akcipher_request_set_crypt(req_ctx->child_req, req_ctx->in_sg,
req->dst, ctx->key_size - 1, req->dst_len);
- err = crypto_akcipher_sign(&req_ctx->child_req);
+ err = crypto_akcipher_sign(req_ctx->child_req);
if (err != -EINPROGRESS &&
(err != -EBUSY ||
!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
@@ -464,7 +484,7 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
goto done;
err = -EINVAL;
- dst_len = req_ctx->child_req.dst_len;
+ dst_len = req_ctx->child_req->dst_len;
if (dst_len < ctx->key_size - 1)
goto done;
@@ -507,6 +527,7 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
out_buf + pos, req->dst_len);
done:
kzfree(req_ctx->out_buf);
+ akcipher_request_free(req_ctx->child_req);
return err;
}
@@ -551,16 +572,22 @@ static int pkcs1pad_verify(struct akcipher_request *req)
pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
ctx->key_size, NULL);
- akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
- akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
+ req_ctx->child_req = akcipher_request_alloc(ctx->child, GFP_KERNEL);
+ if (!req_ctx->child_req) {
+ kfree(req_ctx->out_buf);
+ return -ENOMEM;
+ }
+
+ akcipher_request_set_tfm(req_ctx->child_req, ctx->child);
+ akcipher_request_set_callback(req_ctx->child_req, req->base.flags,
pkcs1pad_verify_complete_cb, req);
/* Reuse input buffer, output to a new buffer */
- akcipher_request_set_crypt(&req_ctx->child_req, req->src,
+ akcipher_request_set_crypt(req_ctx->child_req, req->src,
req_ctx->out_sg, req->src_len,
ctx->key_size);
- err = crypto_akcipher_verify(&req_ctx->child_req);
+ err = crypto_akcipher_verify(req_ctx->child_req);
if (err != -EINPROGRESS &&
(err != -EBUSY ||
!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
--
2.7.4
Hi Salvatore,
On 07/14/2016 03:25 AM, Salvatore Benedetto wrote:
> Embedding the akcipher_request in pkcs1pad_request don't take
> into account the context space required by the akcipher object.
I think we do take into account the sub request context. See line 675.
The only thing that is wrong is that the child_req should be at
the end of the structure. This is build tested only.
---8<---
From: Tadeusz Struk <[email protected]>
Subject: [PATCH] crypto: rsa-pkcs1pad - fix rsa-pkcs1pad request struct
To allow for child request context the struct akcipher_request child_req
needs to be at the end of the structure.
Signed-off-by: Tadeusz Struk <[email protected]>
---
crypto/rsa-pkcs1pad.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 880d3db..877019a 100644
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -101,10 +101,9 @@ struct pkcs1pad_inst_ctx {
};
struct pkcs1pad_request {
- struct akcipher_request child_req;
-
struct scatterlist in_sg[2], out_sg[1];
uint8_t *in_buf, *out_buf;
+ struct akcipher_request child_req;
};
static int pkcs1pad_set_pub_key(struct crypto_akcipher *tfm, const void *key,
On Thu, Jul 14, 2016 at 08:39:18PM -0700, Tadeusz Struk wrote:
> Hi Salvatore,
> On 07/14/2016 03:25 AM, Salvatore Benedetto wrote:
> > Embedding the akcipher_request in pkcs1pad_request don't take
> > into account the context space required by the akcipher object.
>
> I think we do take into account the sub request context. See line 675.
> The only thing that is wrong is that the child_req should be at
> the end of the structure. This is build tested only.
>
> ---8<---
> From: Tadeusz Struk <[email protected]>
> Subject: [PATCH] crypto: rsa-pkcs1pad - fix rsa-pkcs1pad request struct
>
> To allow for child request context the struct akcipher_request child_req
> needs to be at the end of the structure.
>
> Signed-off-by: Tadeusz Struk <[email protected]>
Patch applied. Thanks.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt