Patch "crypto: sm2 - Fix crash caused by uninitialized context" has been added to the 6.5-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Wed, 04 Oct 2023 17:47:24 +0200

This is a note to let you know that I've just added the patch titled

    crypto: sm2 - Fix crash caused by uninitialized context

to the 6.5-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     crypto-sm2-fix-crash-caused-by-uninitialized-context.patch
and it can be found in the queue-6.5 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 21155620fbf2edbb071144894ff9d67ba9a1faa0 Mon Sep 17 00:00:00 2001
From: Tianjia Zhang <tianjia.zhang@xxxxxxxxxxxxxxxxx>
Date: Mon, 18 Sep 2023 16:38:50 +0800
Subject: crypto: sm2 - Fix crash caused by uninitialized context

From: Tianjia Zhang <tianjia.zhang@xxxxxxxxxxxxxxxxx>

commit 21155620fbf2edbb071144894ff9d67ba9a1faa0 upstream.

In sm2_compute_z_digest() function, the newly allocated structure
mpi_ec_ctx is used, but forget to initialize it, which will cause
a crash when performing subsequent operations.

Fixes: e5221fa6a355 ("KEYS: asymmetric: Move sm2 code into x509_public_key")
Cc: stable@xxxxxxxxxxxxxxx # v6.5
Signed-off-by: Tianjia Zhang <tianjia.zhang@xxxxxxxxxxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 crypto/sm2.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/crypto/sm2.c b/crypto/sm2.c
index 285b3cb7c0bc..5ab120d74c59 100644
--- a/crypto/sm2.c
+++ b/crypto/sm2.c
@@ -278,10 +278,14 @@ int sm2_compute_z_digest(struct shash_desc *desc,
 	if (!ec)
 		return -ENOMEM;
 
-	err = __sm2_set_pub_key(ec, key, keylen);
+	err = sm2_ec_ctx_init(ec);
 	if (err)
 		goto out_free_ec;
 
+	err = __sm2_set_pub_key(ec, key, keylen);
+	if (err)
+		goto out_deinit_ec;
+
 	bits_len = SM2_DEFAULT_USERID_LEN * 8;
 	entl[0] = bits_len >> 8;
 	entl[1] = bits_len & 0xff;
-- 
2.42.0



Patches currently in stable-queue which might be from tianjia.zhang@xxxxxxxxxxxxxxxxx are

queue-6.5/crypto-sm2-fix-crash-caused-by-uninitialized-context.patch






