AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
f38c318068
kernel_optimize_test/crypto
History
Eric Biggers f38c318068 crypto: rsa-pkcs1pad - correctly get hash from source scatterlist 
commit e316f7179be22912281ce6331d96d7c121fb2b17 upstream.

Commit c7381b0128 ("crypto: akcipher - new verify API for public key
algorithms") changed akcipher_alg::verify to take in both the signature
and the actual hash and do the signature verification, rather than just
return the hash expected by the signature as was the case before.  To do
this, it implemented a hack where the signature and hash are
concatenated with each other in one scatterlist.

Obviously, for this to work correctly, akcipher_alg::verify needs to
correctly extract the two items from the scatterlist it is given.
Unfortunately, it doesn't correctly extract the hash in the case where
the signature is longer than the RSA key size, as it assumes that the
signature's length is equal to the RSA key size.  This causes a prefix
of the hash, or even the entire hash, to be taken from the *signature*.

(Note, the case of a signature longer than the RSA key size should not
be allowed in the first place; a separate patch will fix that.)

It is unclear whether the resulting scheme has any useful security
properties.

Fix this by correctly extracting the hash from the scatterlist.

Fixes: c7381b0128 ("crypto: akcipher - new verify API for public key algorithms")
Cc: <stable@vger.kernel.org> # v5.2+
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-08 14:39:57 +02:00
..
asymmetric_keys X.509: Fix crash caused by NULL pointer 2021-01-23 16:03:58 +01:00
async_tx async_xor: check src_offs is not NULL before updating it 2021-06-16 12:01:40 +02:00
842.c
acompress.c
adiantum.c
aead.c
aegis.h
aegis128-core.c
aegis128-neon-inner.c
aegis128-neon.c
aes_generic.c
aes_ti.c
af_alg.c
ahash.c
akcipher.c
algapi.c crypto: api - Move cryptomgr soft dependency into algapi 2022-02-11 09:09:03 +01:00
algboss.c
algif_aead.c
algif_hash.c
algif_rng.c
algif_skcipher.c
ansi_cprng.c
anubis.c
api.c crypto: api - Move cryptomgr soft dependency into algapi 2022-02-11 09:09:03 +01:00
arc4.c
authenc.c
authencesn.c
blake2b_generic.c
blake2s_generic.c
blowfish_common.c
blowfish_generic.c
camellia_generic.c
cast_common.c
cast5_generic.c
cast6_generic.c
cbc.c
ccm.c
cfb.c
chacha_generic.c
chacha20poly1305.c
cipher.c
cmac.c
compress.c
crc32_generic.c
crc32c_generic.c
crct10dif_common.c
crct10dif_generic.c
cryptd.c
crypto_engine.c
crypto_null.c
crypto_user_base.c
crypto_user_stat.c
ctr.c
cts.c
curve25519-generic.c
deflate.c
des_generic.c
dh_helper.c
dh.c
drbg.c
ecb.c
ecc_curve_defs.h
ecc.c
ecc.h
ecdh_helper.c crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() 2021-03-04 11:37:49 +01:00
ecdh.c
echainiv.c
ecrdsa_defs.h
ecrdsa_params.asn1
ecrdsa_pub_key.asn1
ecrdsa.c
essiv.c
fcrypt.c
fips.c
gcm.c
geniv.c
gf128mul.c
ghash-generic.c
hash_info.c
hmac.c
internal.h
jitterentropy-kcapi.c
jitterentropy.c crypto: jitter - consider 32 LSB for APT 2022-01-27 10:54:12 +01:00
jitterentropy.h
Kconfig crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency 2021-11-18 14:04:05 +01:00
keywrap.c
khazad.c
kpp.c
lrw.c
lz4.c
lz4hc.c
lzo-rle.c
lzo.c
Makefile
md4.c
md5.c
memneq.c
michael_mic.c crypto: michael_mic - fix broken misalignment handling 2021-03-04 11:38:31 +01:00
nhpoly1305.c
ofb.c
pcbc.c
pcrypt.c crypto: pcrypt - Delay write to padata->info 2021-11-18 14:04:12 +01:00
poly1305_generic.c
proc.c
ripemd.h
rmd128.c
rmd160.c
rmd256.c
rmd320.c
rng.c crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS 2021-05-11 14:47:35 +02:00
rsa_helper.c
rsa-pkcs1pad.c crypto: rsa-pkcs1pad - correctly get hash from source scatterlist 2022-04-08 14:39:57 +02:00
rsa.c
rsaprivkey.asn1
rsapubkey.asn1
salsa20_generic.c
scatterwalk.c
scompress.c
seed.c
seqiv.c
serpent_generic.c
sha1_generic.c
sha3_generic.c
sha256_generic.c
sha512_generic.c
shash.c crypto: shash - avoid comparing pointers to exported functions under CFI 2021-07-14 16:55:54 +02:00
simd.c
skcipher.c
sm2.c crypto: sm2 - fix a memory leak in sm2 2021-07-14 16:56:06 +02:00
sm2signature.asn1
sm3_generic.c
sm4_generic.c
streebog_generic.c
tcrypt.c crypto: tcrypt - avoid signed overflow in byte count 2021-03-07 12:34:11 +01:00
tcrypt.h
tea.c
testmgr.c
testmgr.h
tgr192.c
twofish_common.c
twofish_generic.c
vmac.c
wp512.c
xcbc.c
xor.c crypto: xor - Fix divide error in do_xor_speed() 2021-01-27 11:54:52 +01:00
xts.c
xxhash_generic.c
zstd.c