Re: [PATCH] KEYS: fix length validation in keyctl_pkey_params_get_2()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jan 15, 2022 at 11:53:34AM -0800, Eric Biggers wrote:
> On Sat, Jan 15, 2022 at 08:45:03PM +0200, Jarkko Sakkinen wrote:
> > On Thu, Jan 13, 2022 at 12:04:54PM -0800, Eric Biggers wrote:
> > > From: Eric Biggers <ebiggers@xxxxxxxxxx>
> > > 
> > > In many cases, keyctl_pkey_params_get_2() is validating the user buffer
> > > lengths against the wrong algorithm properties.  Fix it to check against
> > > the correct properties.
> > > 
> > > Probably this wasn't noticed before because for all asymmetric keys of
> > > the "public_key" subtype, max_data_size == max_sig_size == max_enc_size
> > > == max_dec_size.  However, this isn't necessarily true for the
> > > "asym_tpm" subtype (it should be, but it's not strictly validated).  Of
> > > course, future key types could have different values as well.
> > 
> > With a quick look, asym_tpm is TPM 1.x only, which only has 2048-bit RSA
> > keys.
> 
> The code allows other lengths, as well as the case where the "RSA key size"
> doesn't match the "public key size".  Probably both are bugs and they should
> both be 256 bytes (2048 bits) only.  Anyway, that would be a separate fix.
> 
> - Eric

I'm fine with the current commit message. E.g. I have no idea at this
point whether there should be in future separate asym_tpm2 or all bundled
to asym_tpm.

Acked-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>

BR, Jarkko



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux