Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp50478pxb;
        Tue, 12 Jan 2021 19:44:32 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyF9El/Cn4szAqqcaAxzfZDVscqTy7j8FGze2eFG3dkVDrYYvHtz2VOb6DNLA1qkYDk4Pe9
X-Received: by 2002:a50:8b66:: with SMTP id l93mr177424edl.384.1610509472465;
        Tue, 12 Jan 2021 19:44:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1610509472; cv=none;
        d=google.com; s=arc-20160816;
        b=zufbB+boU0WXL74mSVnXirj+AJAjhUEWxM1p8qKyA5H5/68RD5vaXCexy9R5y1e0n0
         7Mjf/R292a+Jgc7F1NHoayoCmwaPs85yQ/ZEwArkHYxNncDCnoWF5gZimgUDTcHu3L6b
         gdj2nt+jkuM9AD8WUKVqHJx3Fmo4cDJ6Zpe7bigJsilTjq62xyBm3qEs8jaG1l6vTLwk
         Ol1YnGbpF+eeucT1a6cKFAHQWSpkalvjW2x6LaTXVCY+QmPFTxRJ0xpkXis8X97G0KIZ
         Jwla3O17eMV/457TE7x6ywMG76apkdc1ZV4DsMPkb06Xsksf7Gd8/yHjE6DfFsy4Q0OV
         qSAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject;
        bh=3/i1G9WAeTihksVvinBe6+ziiNnXRGCVc30JoV5VhEY=;
        b=R3wGkdXPFM9iqIMXBg5N7skRdcdnKeV8S6E0afDibTJJ5m5CGfeHkiqhVSB5IXLX0h
         FeV4ACGJoA6cSAKyUUf1xMoTSO+rnmHBJBf39X0A7b9mGtF3q63VbVvzN3kI6jMmnnGl
         Ui2Fxh+muYNtWx4cCBynsO3S2RgYR+s9IWVfNAbxoYWbuRu/eOKPC1TjQryhZIIBJmQP
         Ai6/zmmP7HQ84xRs+VWtMFZco0x8ZOkzhbynu1c6lYZJhIrbwovww+L+PtLgu23LLerU
         aPT6W2DNwz+Bic06RtWajujlwyLsQeAFvqI6G5hQlHFfAI2XjDL5qXVe4qmfrvzGihyr
         PCzg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id b14si407394edw.332.2021.01.12.19.44.13;
        Tue, 12 Jan 2021 19:44:32 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728766AbhAMDDZ (ORCPT <rfc822;beexploring@gmail.com>
        + 99 others); Tue, 12 Jan 2021 22:03:25 -0500
Received: from out30-57.freemail.mail.aliyun.com ([115.124.30.57]:58515 "EHLO
        out30-57.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726499AbhAMDDZ (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 12 Jan 2021 22:03:25 -0500
X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R121e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04420;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=10;SR=0;TI=SMTPD_---0ULZk49v_1610506958;
Received: from B-455UMD6M-2027.local(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0ULZk49v_1610506958)
          by smtp.aliyun-inc.com(127.0.0.1);
          Wed, 13 Jan 2021 11:02:39 +0800
Subject: Re: [PATCH] X.509: Fix crash caused by NULL pointer
To:     David Howells <dhowells@redhat.com>
Cc:     Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        Gilad Ben-Yossef <gilad@benyossef.com>,
        Tobias Markus <tobias@markus-regensburg.de>,
        Tee Hao Wei <angelsl@in04.sg>, keyrings@vger.kernel.org,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        stable@vger.kernel.org
References: <20210107092855.76093-1-tianjia.zhang@linux.alibaba.com>
 <772253.1610017082@warthog.procyon.org.uk>
From:   Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Message-ID: <8ff730e0-bf03-0fbf-41f6-8e06f8956929@linux.alibaba.com>
Date:   Wed, 13 Jan 2021 11:02:38 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
 Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <772253.1610017082@warthog.procyon.org.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org



On 1/7/21 6:58 PM, David Howells wrote:
> Tianjia Zhang <tianjia.zhang@linux.alibaba.com> wrote:
> 
>> On the following call path, `sig->pkey_algo` is not assigned
>> in asymmetric_key_verify_signature(), which causes runtime
>> crash in public_key_verify_signature().
>>
>>    keyctl_pkey_verify
>>      asymmetric_key_verify_signature
>>        verify_signature
>>          public_key_verify_signature
>>
>> This patch simply check this situation and fixes the crash
>> caused by NULL pointer.
>>
>> Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
>> Cc: stable@vger.kernel.org # v5.10+
>> Reported-by: Tobias Markus <tobias@markus-regensburg.de>
>> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> 
> Looks reasonable:
> 
> Acked-by: David Howells <dhowells@redhat.com>
> 
> I wonder, though, if cert_sig_digest_update() should be obtained by some sort
> of function pointer.  It doesn't really seem to belong in this file.  But this
> is a separate issue.
> 
> David
> 

Yes, this is indeed the logic of the SM2 module. I have tried to 
dynamically load and obtain the pointer of this function through 
`request_module` before, but this method still does not seem very 
suitable. Here are some unfinished codes I tried before:

https://github.com/uudiin/linux/commit/55bca48c6282415d94c53a7692622d544da99342

It would be great if you have some good experience to share with me, I 
will continue to try to optimize this code.

Best regards,
Tianjia