Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp494427imn; Tue, 26 Jul 2022 01:08:53 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vrA7xTMKPm63iV2GQTLYvRD4y49BzbQN7rT4dhwxyPYMuPZkDHoC5NjehJPfOlN1jFOXDr X-Received: by 2002:a63:e5c:0:b0:416:8db:4f5f with SMTP id 28-20020a630e5c000000b0041608db4f5fmr13870082pgo.620.1658822933128; Tue, 26 Jul 2022 01:08:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658822933; cv=none; d=google.com; s=arc-20160816; b=SdZXvc0I+YzLY7gszKglP0YYEUIBeSnw6BgJNl95vdqNCdVLl/rGhL1wN9kguLMaTL Poc7WRg9sPtU5XyFNKqs1FfOty6Rora0H460RnhuXB7EfY0gwBMr0p7FZtbA4g34LNPj 5k4I9bwcKC6aiZQlm+829fJXRHj2StG7SKD7uZ7XEla55574zdjH/hpBw5Bw33MAFw7T JZWoCaolh1wq4bsCdUCx2F739WI1sgpU5ZEdmigrkBuS3zx391hHWzmgwpfLH5u+S9XV w/aCCmMRZmARWmB25XDDMDglINGQ7oRqOyIlXOi5XJFE2ih+miNAPOVTcTj2GP//VkGX 4eqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:to:from; bh=mrLRlz6t3enW4/OQNf17DAauvqsx0cNsENWUsEOKP0Q=; b=KIFlhOiOD8I8gv/z5xTiA6xHkw8j2j8U3i7CCOsGjQ64GL8AVPKRP41kKj0TSJlZgX QPkwFadGjEfe+QMe6BtN8s3TCaUZYxu9frSz9S5PuwzVbLfGoUllA+7lHwgd90CWwI+t paftdsSVKC0NOsB0YXNm5Q6yX0UG/QmIjS3SagoOeEysRUFcZh0FeEuHniECEEVVGr4n KIQMe+X12GkowvaDdQ9EGj/TVnOlgyFrxSZ3+W3fHp/SgLk5C6ed2/ayve874dXfAql0 vKlHTn61vm2+r9NtVfdlIESIfGf08Vp6aH1rHP9GLwN9bqa6RJ0GIYpjB3Dsg7/Gfdws rimw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u16-20020a170903125000b0016ca0533a62si21479288plh.306.2022.07.26.01.08.29; Tue, 26 Jul 2022 01:08:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238208AbiGZIBh (ORCPT + 99 others); Tue, 26 Jul 2022 04:01:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49900 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238136AbiGZIBg (ORCPT ); Tue, 26 Jul 2022 04:01:36 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E60882D1D5 for ; Tue, 26 Jul 2022 01:01:34 -0700 (PDT) Received: from dggpeml500023.china.huawei.com (unknown [172.30.72.54]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4LsTnD1GK9zjXX1; Tue, 26 Jul 2022 15:58:40 +0800 (CST) Received: from localhost.localdomain (10.175.101.6) by dggpeml500023.china.huawei.com (7.185.36.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Tue, 26 Jul 2022 16:01:19 +0800 From: Zhang Xiaoxu To: , , , , , , Subject: [PATCH -next] crypto: testmgr - fix oob read when test RSA vectors Date: Tue, 26 Jul 2022 17:00:21 +0800 Message-ID: <20220726090021.1529148-1-zhangxiaoxu5@huawei.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.175.101.6] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To dggpeml500023.china.huawei.com (7.185.36.114) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The definition of key before coefficient should not add comma. Otherwise there will be OOB read happened as follow: BUG: KASAN: global-out-of-bounds in test_akcipher_one+0x1ae/0xb20 Read of size 607 at addr ffffffff99f95ac0 by task cryptomgr_test/198 CPU: 5 PID: 198 Comm: cryptomgr_test Not tainted 5.19.0-rc7-next-20220722-00002-g4628e935ed92-dirty #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace: dump_stack_lvl+0x34/0x44 print_report.cold+0x59/0x682 kasan_report+0xa3/0x120 kasan_check_range+0x145/0x1a0 memcpy+0x20/0x60 test_akcipher_one+0x1ae/0xb20 alg_test_akcipher+0x94/0xb0 alg_test.part.0+0x467/0x510 cryptomgr_test+0x36/0x60 kthread+0x165/0x1a0 ret_from_fork+0x1f/0x30 Remove the comma before coefficient. Fixes: 79e6e2f3f3ff3 ("crypto: testmgr - populate RSA CRT parameters in RSA test vectors") Signed-off-by: Zhang Xiaoxu --- crypto/testmgr.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/testmgr.h b/crypto/testmgr.h index dee88510f58d..57da8c8b4574 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -273,7 +273,7 @@ static const struct akcipher_testvec rsa_tv_template[] = { "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D" - "\x02\x41", /* coefficient - integer of 65 bytes */ + "\x02\x41" /* coefficient - integer of 65 bytes */ "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" @@ -370,7 +370,7 @@ static const struct akcipher_testvec rsa_tv_template[] = { "\x6A\x37\x3B\x86\x6C\x51\x37\x5B\x1D\x79\xF2\xA3\x43\x10\xC6\xA7" "\x21\x79\x6D\xF9\xE9\x04\x6A\xE8\x32\xFF\xAE\xFD\x1C\x7B\x8C\x29" "\x13\xA3\x0C\xB2\xAD\xEC\x6C\x0F\x8D\x27\x12\x7B\x48\xB2\xDB\x31" - "\x02\x81\x81", /* coefficient - integer of 129 bytes */ + "\x02\x81\x81" /* coefficient - integer of 129 bytes */ "\x00\x8D\x1B\x05\xCA\x24\x1F\x0C\x53\x19\x52\x74\x63\x21\xFA\x78" "\x46\x79\xAF\x5C\xDE\x30\xA4\x6C\x20\x38\xE6\x97\x39\xB8\x7A\x70" "\x0D\x8B\x6C\x6D\x13\x74\xD5\x1C\xDE\xA9\xF4\x60\x37\xFE\x68\x77" -- 2.31.1