| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Dec 2022 17:15:19 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Roberto Sassu <roberto.sassu@...weicloud.com>
Cc: Eric Biggers <ebiggers@...nel.org>, dhowells@...hat.com,
davem@...emloft.net, zohar@...ux.ibm.com,
dmitry.kasatkin@...il.com, paul@...l-moore.com, jmorris@...ei.org,
serge@...lyn.com, linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
Roberto Sassu <roberto.sassu@...wei.com>,
stable@...r.kernel.org
Subject: Re: [PATCH v2] KEYS: asymmetric: Copy sig and digest in
public_key_verify_signature()
On Mon, Dec 12, 2022 at 10:07:38AM +0100, Roberto Sassu wrote:
>
> The problem is a misalignment between req->src_len (set to sig->s_size
> by akcipher_request_set_crypt()) and the length of the scatterlist (if
> we set the latter to sig->s_size + sig->digest_size).
>
> When rsa_enc() calls mpi_read_raw_from_sgl(), it passes req->src_len as
> argument, and the latter allocates the MPI according to that. However,
> it does parsing depending on the length of the scatterlist.
>
> If there are two scatterlists, it is not a problem, there is no
> misalignment. mpi_read_raw_from_sgl() picks the first. If there is just
> one, mpi_read_raw_from_sgl() parses all data there.
Thanks for the explanation. That's definitely a bug which should
be fixed either in the RSA code or in MPI.
I'll look into it.
Cheers,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists