On Sat, Jun 03, 2023 at 12:41:00PM +0200, Roberto Sassu wrote: > On 6/3/2023 2:02 AM, Linus Torvalds wrote: > > On Fri, Jun 2, 2023 at 1:38 PM Linus Torvalds > > <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > > > > > > The patch re-uses the allocation it already does for the key data, and > > > it seems sane. > > > > Ugh. I had to check that it was ok to re-use the key buffer, but it > > does seem to be the case that you can just re-use the buffer after > > you've done that crypto_akcipher_set_priv/pub_key() call, and the > > crypto layer has to copy it into its own data structures. > > Yes, we could not do it if the set_pub_key/set_priv_key methods use > internally the passed pointer. I guess it depends on the methods, for RSA > and ECDSA it seems fine (they copy to a different location). > > The doubt comes because the buffer is freed after crypto_wait_req() and not > after crypto_akcipher_set_*_key(), suggesting that it could be actually used > during the crypto operation. > > Rechecked the thread, and the suggestion to reuse the buffer and not append > the signature and digest at the end was by Eric Biggers. > > Eric, in light of this finding, should we still reuse the buffer? > I don't think there was any "finding" here. The setkey methods in the crypto API aren't allowed to reuse the buffer they are passed, so the patch is fine. - Eric
