Bug in rsa-pkcs1pad in 6.1 and 5.15

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There is a missing backport in the stables 6.1.x and 5.15.x that
combined with a backported patch as a dependency in the QAT driver
causes a kernel crash at boot under certain conditions.

In 6.1/5.15, the function pkcs1pad_create() in rsa-pkcs1pad.c [1] sets the
reqsize of its akcipher_instance using the value in the akcipher_alg of
the selected akcipher implementation. This assumes that the reqsize
field has been set for the akcipher implementation when the akcipher_alg
has been instantiated. The reqsize field is then used to allocate to
allocate memory for pkcs1pad requests.

In commit 80e62ad58db0 ("crypto: qat - Use helper to set reqsize"), the
reqsize for the rsa implementation in the QAT driver is moved from being
set in the akcipher_alg to being set when the tfm is initialized. This
means that the implementation of rsa-pkcs1pad won’t allocate any space
for the akcipher request when using the QAT driver.

This issue occurs only when CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not
set. When the crypto self-test is run, the correct value of the reqsize
is stored in the akcipher_alg in the qat driver by the first call to
akcipher_set_reqsize() and then when pkcs1pad_create() is executed, it
finds the correct value.

Options:
  1. Cherry-pick 5b11d1a360ea ("crypto: rsa-pkcs1pad - Use helper to set
     reqsize") to both 6.1.x and 5.15.x trees.
  2. Revert upstream commit 80e62ad58db0 ("crypto: qat - Use helper
     to set reqsize").
     In 6.1 revert da1729e6619c414f34ce679247721603ebb957dc
     In 5.15 revert 3894f5880f968f81c6f3ed37d96bdea01441a8b7

Option #1 is preferred as the same problem might be impacting other
akcipher implementations besides QAT. Option #2 is just specific to the
QAT driver.

@Herbert, can you have a quick look in case I missed something? I tried
both options in 6.1.51 and they appear to resolve the problem.

Thanks,

[1] https://elixir.bootlin.com/linux/v6.1.51/source/crypto/rsa-pkcs1pad.c#L673

-- 
Giovanni



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux