From: Lukas Wunner <lukas@wunner.de>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Stefan Berger <stefanb@linux.ibm.com>,
Vitaly Chikunov <vt@altlinux.org>
Cc: David Howells <dhowells@redhat.com>,
Ignat Korchagin <ignat@cloudflare.com>,
linux-crypto@vger.kernel.org, keyrings@vger.kernel.org
Subject: [PATCH v2 3/4] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY
Date: Sun, 2 Feb 2025 20:00:53 +0100 [thread overview]
Message-ID: <3d74d6134f4f87a90ebe0a37cb06c6ec144ceef7.1738521533.git.lukas@wunner.de> (raw)
In-Reply-To: <cover.1738521533.git.lukas@wunner.de>
KEYCTL_PKEY_QUERY system calls for ecdsa keys return the key size as
max_enc_size and max_dec_size, even though such keys cannot be used for
encryption/decryption. They're exclusively for signature generation or
verification.
Only rsa keys with pkcs1 encoding can also be used for encryption or
decryption.
Return 0 instead for ecdsa keys (as well as ecrdsa keys).
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
---
crypto/asymmetric_keys/public_key.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index bf165d321440..dd44a966947f 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -188,6 +188,8 @@ static int software_key_query(const struct kernel_pkey_params *params,
ptr = pkey_pack_u32(ptr, pkey->paramlen);
memcpy(ptr, pkey->params, pkey->paramlen);
+ memset(info, 0, sizeof(*info));
+
if (issig) {
sig = crypto_alloc_sig(alg_name, 0, 0);
if (IS_ERR(sig)) {
@@ -211,6 +213,9 @@ static int software_key_query(const struct kernel_pkey_params *params,
info->supported_ops |= KEYCTL_SUPPORTS_SIGN;
if (strcmp(params->encoding, "pkcs1") == 0) {
+ info->max_enc_size = len;
+ info->max_dec_size = len;
+
info->supported_ops |= KEYCTL_SUPPORTS_ENCRYPT;
if (pkey->key_is_private)
info->supported_ops |= KEYCTL_SUPPORTS_DECRYPT;
@@ -232,6 +237,8 @@ static int software_key_query(const struct kernel_pkey_params *params,
len = crypto_akcipher_maxsize(tfm);
info->max_sig_size = len;
info->max_data_size = len;
+ info->max_enc_size = len;
+ info->max_dec_size = len;
info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT;
if (pkey->key_is_private)
@@ -239,8 +246,6 @@ static int software_key_query(const struct kernel_pkey_params *params,
}
info->key_size = len * 8;
- info->max_enc_size = len;
- info->max_dec_size = len;
ret = 0;
--
2.43.0
next prev parent reply other threads:[~2025-02-02 19:29 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-02 19:00 [PATCH v2 0/4] ecdsa KEYCTL_PKEY_QUERY fixes Lukas Wunner
2025-02-02 19:00 ` [PATCH v2 1/4] crypto: sig - Prepare for algorithms with variable signature size Lukas Wunner
2025-02-02 19:00 ` [PATCH v2 2/4] crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Lukas Wunner
2025-02-03 5:11 ` Lukas Wunner
2025-02-02 19:00 ` Lukas Wunner [this message]
2025-02-09 9:58 ` [PATCH v2 3/4] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY Herbert Xu
2025-02-09 11:29 ` Lukas Wunner
2025-02-09 13:16 ` Ignat Korchagin
2025-02-10 7:54 ` Herbert Xu
2025-02-10 18:53 ` Lukas Wunner
2025-02-10 20:29 ` Lukas Wunner
2025-02-11 9:16 ` Herbert Xu
2025-02-16 4:19 ` Herbert Xu
2025-02-16 10:45 ` Lukas Wunner
2025-03-02 7:47 ` Herbert Xu
2025-03-02 9:25 ` Lukas Wunner
2025-03-02 10:11 ` Herbert Xu
2025-03-15 14:37 ` Lukas Wunner
2025-03-17 9:37 ` Herbert Xu
2025-03-17 9:40 ` Herbert Xu
2025-02-02 19:00 ` [PATCH v2 4/4] crypto: ecdsa - Fix NIST P521 key " Lukas Wunner
2025-02-09 10:25 ` [PATCH v2 0/4] ecdsa KEYCTL_PKEY_QUERY fixes Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3d74d6134f4f87a90ebe0a37cb06c6ec144ceef7.1738521533.git.lukas@wunner.de \
--to=lukas@wunner.de \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@cloudflare.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=stefanb@linux.ibm.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).