Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6434053rwb; Mon, 12 Dec 2022 01:37:33 -0800 (PST) X-Google-Smtp-Source: AA0mqf5zpsVwzUhrKs6laUqcgCQmhwQjbCqVuTpLItA4Yhg9yB1pRtjFRwzSc/C96xzVi3tt6sRl X-Received: by 2002:a05:6a20:93a3:b0:ac:2424:e873 with SMTP id x35-20020a056a2093a300b000ac2424e873mr19904226pzh.17.1670837853599; Mon, 12 Dec 2022 01:37:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670837853; cv=none; d=google.com; s=arc-20160816; b=po6XzfQddzeAim/scaP2GCPoajVhXtwY8Y3ztu4Zo2ozPyLYWFhN6EoaTOANoghkSH kGuhKe5g5IsE7hjzr7dYMgEkH0v1OGJ3ejVqngJcuzv/9XG+HLpweQzJBGtpM/sOjSNM vyuzR4qLDeuxyGJACUGRPX7u69vLFOBqucL9wBpSV/6HFUYvNDxlK5yfLkhSjPGhYOAz 0lxX3giQeIGQWC2k9keIc+nb3JNWWv/oMmvv81yHAs3lxmOVcKJ/TRGkgvOaBZm91N77 cZGuLM/o4mll2/mtw3sG3ChVwH8e0qE7H/8oCmVfS6i2n3ybj0ASDKA1Y8/z5wGKv2ml +Klw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=mD3QQK56jRCCRmIrDn0G1UCxAF0Ybnoo9dTW5ZLFXxk=; b=sPEEtOkAg4xFv05caK/9ig6PPdsXH38zpdCJSggNg3mfGXdrV7o0ixx2AsQ7FUcF9k CrBdh46hKj50mebrSiM1d9V6oJpTi8LPKP06wIoYKdorS31pY0G8W1Q8UmbJFKCS2lFK 1P9HyXX9KAMEb7/Hd1SHLw2DPKqlgYiEBhz+yqZaxfwxkE6z2N4oVBbjq9oiBAke5gOU MvSetJUDSfHeCBEVqwRj/XjFoqX5ik7KWbShaPrwNkxK0mivlj4AjQOeYr8ti0epdhwT ER/gp+KYy2T/ojYYR3tOqNXgD9UIdReBNXz/Dz0SJNPpsbgDj+H7lMsqcMVNmSvQRnAX 7IGg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h192-20020a636cc9000000b0047959422029si867768pgc.395.2022.12.12.01.37.13; Mon, 12 Dec 2022 01:37:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231626AbiLLJQa (ORCPT + 99 others); Mon, 12 Dec 2022 04:16:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45502 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231858AbiLLJQC (ORCPT ); Mon, 12 Dec 2022 04:16:02 -0500 Received: from formenos.hmeau.com (helcar.hmeau.com [216.24.177.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 584C2E0D1; Mon, 12 Dec 2022 01:15:55 -0800 (PST) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1p4eu7-006PYn-Dc; Mon, 12 Dec 2022 17:15:20 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Mon, 12 Dec 2022 17:15:19 +0800 Date: Mon, 12 Dec 2022 17:15:19 +0800 From: Herbert Xu To: Roberto Sassu Cc: Eric Biggers , dhowells@redhat.com, davem@davemloft.net, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Roberto Sassu , stable@vger.kernel.org Subject: Re: [PATCH v2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() Message-ID: References: <20221209150633.1033556-1-roberto.sassu@huaweicloud.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Dec 12, 2022 at 10:07:38AM +0100, Roberto Sassu wrote: > > The problem is a misalignment between req->src_len (set to sig->s_size > by akcipher_request_set_crypt()) and the length of the scatterlist (if > we set the latter to sig->s_size + sig->digest_size). > > When rsa_enc() calls mpi_read_raw_from_sgl(), it passes req->src_len as > argument, and the latter allocates the MPI according to that. However, > it does parsing depending on the length of the scatterlist. > > If there are two scatterlists, it is not a problem, there is no > misalignment. mpi_read_raw_from_sgl() picks the first. If there is just > one, mpi_read_raw_from_sgl() parses all data there. Thanks for the explanation. That's definitely a bug which should be fixed either in the RSA code or in MPI. I'll look into it. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt