From: Martin Townsend Subject: Re: [PATCH] crypto: caam: Drop leading zero from input buffer Date: Sun, 15 Apr 2018 09:01:52 +0100 Message-ID: References: <1523739000-27093-1-git-send-email-festevam@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: herbert@gondor.apana.org.au, =?UTF-8?Q?Horia_Geant=C4=83?= , Aymen Sghaier , breno.lima@nxp.com, "Bryan O'Donoghue" , linux-crypto@vger.kernel.org, Fabio Estevam , stable@vger.kernel.org To: Fabio Estevam Return-path: In-Reply-To: <1523739000-27093-1-git-send-email-festevam@gmail.com> Sender: stable-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org Hi Fabio On Sat, Apr 14, 2018 at 9:50 PM, Fabio Estevam wrote: > From: Fabio Estevam > > imx6ul and imx7 report the following error: > > caam_jr 2142000.jr1: 40000789: DECO: desc idx 7: > Protocol Size Error - A protocol has seen an error in size. When > running RSA, pdb size N < (size of F) when no formatting is used; or > pdb size N < (F + 11) when formatting is used. > > ------------[ cut here ]------------ > WARNING: CPU: 0 PID: 1 at crypto/asymmetric_keys/public_key.c:148 > public_key_verify_signature+0x27c/0x2b0 > > This error happens because the signature contains 257 bytes, including > a leading zero as the first element. > > Fix the problem by striping off the leading zero from input data > before feeding it to the CAAM accelerator. > > Fixes: 8c419778ab57e497b5 ("crypto: caam - add support for RSA algorithm") > Cc: > Reported-by: Martin Townsend > Signed-off-by: Fabio Estevam > --- > drivers/crypto/caam/caampkc.c | 43 +++++++++++++++++++++++++++++++++++-------- > 1 file changed, 35 insertions(+), 8 deletions(-) > > diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c > index 7a897209..d2ad547 100644 > --- a/drivers/crypto/caam/caampkc.c > +++ b/drivers/crypto/caam/caampkc.c > @@ -166,6 +166,14 @@ static void rsa_priv_f3_done(struct device *dev, u32 *desc, u32 err, > akcipher_request_complete(req, err); > } > > +static void caam_rsa_drop_leading_zeros(const u8 **ptr, size_t *nbytes) > +{ > + while (!**ptr && *nbytes) { > + (*ptr)++; > + (*nbytes)--; > + } > +} > + > static struct rsa_edesc *rsa_edesc_alloc(struct akcipher_request *req, > size_t desclen) > { > @@ -178,7 +186,34 @@ static struct rsa_edesc *rsa_edesc_alloc(struct akcipher_request *req, > int sgc; > int sec4_sg_index, sec4_sg_len = 0, sec4_sg_bytes; > int src_nents, dst_nents; > + const u8 *buffer; > + size_t len; > + > + buffer = kzalloc(req->src_len, GFP_ATOMIC); > + if (!buffer) > + return ERR_PTR(-ENOMEM); > + > + sg_copy_to_buffer(req->src, sg_nents(req->src), > + (void *)buffer, req->src_len); > + len = req->src_len; > > + /* > + * Check if the buffer contains leading zero and if > + * it does, drop the leading zero > + */ > + if (buffer[0] == 0) { > + caam_rsa_drop_leading_zeros(&buffer, &len); > + if (!buffer) { This would free NULL, I would revert back to using a temp pointer instead of passing &buffer to caam_rsa_drop_leading_zeros. > + kfree(buffer); > + return ERR_PTR(-ENOMEM); > + } > + I would set req->src_len to len here and then we're covered if there are more than 1 leading zero. > + req->src_len -= 1; > + sg_copy_from_buffer(req->src, sg_nents(req->src), > + (void *)buffer, req->src_len); > + } > + If we have a leading zero buffer will now point to a different memory location than the one allocated, using temp as above should fix this. > + kfree(buffer); > src_nents = sg_nents_for_len(req->src, req->src_len); > dst_nents = sg_nents_for_len(req->dst, req->dst_len); > > @@ -683,14 +718,6 @@ static void caam_rsa_free_key(struct caam_rsa_key *key) > memset(key, 0, sizeof(*key)); > } > > -static void caam_rsa_drop_leading_zeros(const u8 **ptr, size_t *nbytes) > -{ > - while (!**ptr && *nbytes) { > - (*ptr)++; > - (*nbytes)--; > - } > -} > - > /** > * caam_read_rsa_crt - Used for reading dP, dQ, qInv CRT members. > * dP, dQ and qInv could decode to less than corresponding p, q length, as the > -- > 2.7.4 > Fixing these things I have tested the patch on my board and have not seen any issues yet and it has booted to the prompt and I've checked /sys/kernel/security/ima/ascii_runtime_measurements and can see all the files that have been measured. :) Cheers, Martin.