* [PATCH RESEND v2 0/2] ecdsa KEYCTL_PKEY_QUERY fixes
@ 2025-04-07 19:32 Lukas Wunner
2025-04-07 19:32 ` [PATCH RESEND v2 1/2] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY Lukas Wunner
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Lukas Wunner @ 2025-04-07 19:32 UTC (permalink / raw)
To: Herbert Xu, David S. Miller
Cc: David Howells, Ignat Korchagin, Stefan Berger, Vitaly Chikunov,
linux-crypto, keyrings
Here are two patches for ecdsa to avoid reporting nonsensical values
for enc/dec size and -- for P521 keys -- also the key size in response
to KEYCTL_PKEY_QUERY system calls.
Resending as requested by Herbert:
https://lore.kernel.org/r/Z9fuCTAAOphOvEeH@gondor.apana.org.au/
Link to the original submission:
https://lore.kernel.org/r/cover.1738521533.git.lukas@wunner.de/
Although these are technically fixes, the issues they address are
not critical, so I recommend not applying as fixes for v6.15,
but rather let the patches soak in linux-next for v6.16.
Lukas Wunner (2):
crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY
crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY
crypto/asymmetric_keys/public_key.c | 13 +++++++++----
crypto/ecdsa-p1363.c | 6 ++++--
crypto/ecdsa-x962.c | 5 +++--
crypto/ecdsa.c | 2 +-
crypto/ecrdsa.c | 2 +-
crypto/rsassa-pkcs1.c | 2 +-
crypto/sig.c | 9 +++++++--
include/crypto/sig.h | 2 +-
8 files changed, 27 insertions(+), 14 deletions(-)
--
2.43.0
^ permalink raw reply [flat|nested] 6+ messages in thread* [PATCH RESEND v2 1/2] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY 2025-04-07 19:32 [PATCH RESEND v2 0/2] ecdsa KEYCTL_PKEY_QUERY fixes Lukas Wunner @ 2025-04-07 19:32 ` Lukas Wunner 2025-04-11 19:54 ` Ignat Korchagin 2025-04-07 19:32 ` [PATCH RESEND v2 2/2] crypto: ecdsa - Fix NIST P521 key " Lukas Wunner 2025-04-16 7:56 ` [PATCH RESEND v2 0/2] ecdsa KEYCTL_PKEY_QUERY fixes Herbert Xu 2 siblings, 1 reply; 6+ messages in thread From: Lukas Wunner @ 2025-04-07 19:32 UTC (permalink / raw) To: Herbert Xu, David S. Miller Cc: David Howells, Ignat Korchagin, Stefan Berger, Vitaly Chikunov, linux-crypto, keyrings KEYCTL_PKEY_QUERY system calls for ecdsa keys return the key size as max_enc_size and max_dec_size, even though such keys cannot be used for encryption/decryption. They're exclusively for signature generation or verification. Only rsa keys with pkcs1 encoding can also be used for encryption or decryption. Return 0 instead for ecdsa keys (as well as ecrdsa keys). Signed-off-by: Lukas Wunner <lukas@wunner.de> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> --- crypto/asymmetric_keys/public_key.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index bf165d3..dd44a96 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -188,6 +188,8 @@ static int software_key_query(const struct kernel_pkey_params *params, ptr = pkey_pack_u32(ptr, pkey->paramlen); memcpy(ptr, pkey->params, pkey->paramlen); + memset(info, 0, sizeof(*info)); + if (issig) { sig = crypto_alloc_sig(alg_name, 0, 0); if (IS_ERR(sig)) { @@ -211,6 +213,9 @@ static int software_key_query(const struct kernel_pkey_params *params, info->supported_ops |= KEYCTL_SUPPORTS_SIGN; if (strcmp(params->encoding, "pkcs1") == 0) { + info->max_enc_size = len; + info->max_dec_size = len; + info->supported_ops |= KEYCTL_SUPPORTS_ENCRYPT; if (pkey->key_is_private) info->supported_ops |= KEYCTL_SUPPORTS_DECRYPT; @@ -232,6 +237,8 @@ static int software_key_query(const struct kernel_pkey_params *params, len = crypto_akcipher_maxsize(tfm); info->max_sig_size = len; info->max_data_size = len; + info->max_enc_size = len; + info->max_dec_size = len; info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT; if (pkey->key_is_private) @@ -239,8 +246,6 @@ static int software_key_query(const struct kernel_pkey_params *params, } info->key_size = len * 8; - info->max_enc_size = len; - info->max_dec_size = len; ret = 0; -- 2.43.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH RESEND v2 1/2] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY 2025-04-07 19:32 ` [PATCH RESEND v2 1/2] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY Lukas Wunner @ 2025-04-11 19:54 ` Ignat Korchagin 0 siblings, 0 replies; 6+ messages in thread From: Ignat Korchagin @ 2025-04-11 19:54 UTC (permalink / raw) To: Lukas Wunner Cc: Herbert Xu, David S. Miller, David Howells, Stefan Berger, Vitaly Chikunov, linux-crypto, keyrings On Mon, Apr 7, 2025 at 8:42 PM Lukas Wunner <lukas@wunner.de> wrote: > > KEYCTL_PKEY_QUERY system calls for ecdsa keys return the key size as > max_enc_size and max_dec_size, even though such keys cannot be used for > encryption/decryption. They're exclusively for signature generation or > verification. > > Only rsa keys with pkcs1 encoding can also be used for encryption or > decryption. > > Return 0 instead for ecdsa keys (as well as ecrdsa keys). > > Signed-off-by: Lukas Wunner <lukas@wunner.de> > Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Ignat Korchagin <ignat@cloudflare.com> > --- > crypto/asymmetric_keys/public_key.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c > index bf165d3..dd44a96 100644 > --- a/crypto/asymmetric_keys/public_key.c > +++ b/crypto/asymmetric_keys/public_key.c > @@ -188,6 +188,8 @@ static int software_key_query(const struct kernel_pkey_params *params, > ptr = pkey_pack_u32(ptr, pkey->paramlen); > memcpy(ptr, pkey->params, pkey->paramlen); > > + memset(info, 0, sizeof(*info)); > + > if (issig) { > sig = crypto_alloc_sig(alg_name, 0, 0); > if (IS_ERR(sig)) { > @@ -211,6 +213,9 @@ static int software_key_query(const struct kernel_pkey_params *params, > info->supported_ops |= KEYCTL_SUPPORTS_SIGN; > > if (strcmp(params->encoding, "pkcs1") == 0) { > + info->max_enc_size = len; > + info->max_dec_size = len; > + > info->supported_ops |= KEYCTL_SUPPORTS_ENCRYPT; > if (pkey->key_is_private) > info->supported_ops |= KEYCTL_SUPPORTS_DECRYPT; > @@ -232,6 +237,8 @@ static int software_key_query(const struct kernel_pkey_params *params, > len = crypto_akcipher_maxsize(tfm); > info->max_sig_size = len; > info->max_data_size = len; > + info->max_enc_size = len; > + info->max_dec_size = len; > > info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT; > if (pkey->key_is_private) > @@ -239,8 +246,6 @@ static int software_key_query(const struct kernel_pkey_params *params, > } > > info->key_size = len * 8; > - info->max_enc_size = len; > - info->max_dec_size = len; > > ret = 0; > > -- > 2.43.0 > ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH RESEND v2 2/2] crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY 2025-04-07 19:32 [PATCH RESEND v2 0/2] ecdsa KEYCTL_PKEY_QUERY fixes Lukas Wunner 2025-04-07 19:32 ` [PATCH RESEND v2 1/2] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY Lukas Wunner @ 2025-04-07 19:32 ` Lukas Wunner 2025-04-11 20:00 ` Ignat Korchagin 2025-04-16 7:56 ` [PATCH RESEND v2 0/2] ecdsa KEYCTL_PKEY_QUERY fixes Herbert Xu 2 siblings, 1 reply; 6+ messages in thread From: Lukas Wunner @ 2025-04-07 19:32 UTC (permalink / raw) To: Herbert Xu, David S. Miller Cc: David Howells, Ignat Korchagin, Stefan Berger, Vitaly Chikunov, linux-crypto, keyrings When user space issues a KEYCTL_PKEY_QUERY system call for a NIST P521 key, the key_size is incorrectly reported as 528 bits instead of 521. That's because the key size obtained through crypto_sig_keysize() is in bytes and software_key_query() multiplies by 8 to yield the size in bits. The underlying assumption is that the key size is always a multiple of 8. With the recent addition of NIST P521, that's no longer the case. Fix by returning the key_size in bits from crypto_sig_keysize() and adjusting the calculations in software_key_query(). The ->key_size() callbacks of sig_alg algorithms now return the size in bits, whereas the ->digest_size() and ->max_size() callbacks return the size in bytes. This matches with the units in struct keyctl_pkey_query. Fixes: a7d45ba77d3d ("crypto: ecdsa - Register NIST P521 and extend test suite") Signed-off-by: Lukas Wunner <lukas@wunner.de> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> --- crypto/asymmetric_keys/public_key.c | 8 ++++---- crypto/ecdsa-p1363.c | 6 ++++-- crypto/ecdsa-x962.c | 5 +++-- crypto/ecdsa.c | 2 +- crypto/ecrdsa.c | 2 +- crypto/rsassa-pkcs1.c | 2 +- crypto/sig.c | 9 +++++++-- include/crypto/sig.h | 2 +- 8 files changed, 22 insertions(+), 14 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index dd44a96..89dc887 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -205,6 +205,7 @@ static int software_key_query(const struct kernel_pkey_params *params, goto error_free_tfm; len = crypto_sig_keysize(sig); + info->key_size = len; info->max_sig_size = crypto_sig_maxsize(sig); info->max_data_size = crypto_sig_digestsize(sig); @@ -213,8 +214,8 @@ static int software_key_query(const struct kernel_pkey_params *params, info->supported_ops |= KEYCTL_SUPPORTS_SIGN; if (strcmp(params->encoding, "pkcs1") == 0) { - info->max_enc_size = len; - info->max_dec_size = len; + info->max_enc_size = len / BITS_PER_BYTE; + info->max_dec_size = len / BITS_PER_BYTE; info->supported_ops |= KEYCTL_SUPPORTS_ENCRYPT; if (pkey->key_is_private) @@ -235,6 +236,7 @@ static int software_key_query(const struct kernel_pkey_params *params, goto error_free_tfm; len = crypto_akcipher_maxsize(tfm); + info->key_size = len * BITS_PER_BYTE; info->max_sig_size = len; info->max_data_size = len; info->max_enc_size = len; @@ -245,8 +247,6 @@ static int software_key_query(const struct kernel_pkey_params *params, info->supported_ops |= KEYCTL_SUPPORTS_DECRYPT; } - info->key_size = len * 8; - ret = 0; error_free_tfm: diff --git a/crypto/ecdsa-p1363.c b/crypto/ecdsa-p1363.c index 4454f1f..e0c55c6 100644 --- a/crypto/ecdsa-p1363.c +++ b/crypto/ecdsa-p1363.c @@ -21,7 +21,8 @@ static int ecdsa_p1363_verify(struct crypto_sig *tfm, const void *digest, unsigned int dlen) { struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm); - unsigned int keylen = crypto_sig_keysize(ctx->child); + unsigned int keylen = DIV_ROUND_UP_POW2(crypto_sig_keysize(ctx->child), + BITS_PER_BYTE); unsigned int ndigits = DIV_ROUND_UP_POW2(keylen, sizeof(u64)); struct ecdsa_raw_sig sig; @@ -45,7 +46,8 @@ static unsigned int ecdsa_p1363_max_size(struct crypto_sig *tfm) { struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm); - return 2 * crypto_sig_keysize(ctx->child); + return 2 * DIV_ROUND_UP_POW2(crypto_sig_keysize(ctx->child), + BITS_PER_BYTE); } static unsigned int ecdsa_p1363_digest_size(struct crypto_sig *tfm) diff --git a/crypto/ecdsa-x962.c b/crypto/ecdsa-x962.c index 90a04f4..ee71594 100644 --- a/crypto/ecdsa-x962.c +++ b/crypto/ecdsa-x962.c @@ -82,7 +82,7 @@ static int ecdsa_x962_verify(struct crypto_sig *tfm, int err; sig_ctx.ndigits = DIV_ROUND_UP_POW2(crypto_sig_keysize(ctx->child), - sizeof(u64)); + sizeof(u64) * BITS_PER_BYTE); err = asn1_ber_decoder(&ecdsasignature_decoder, &sig_ctx, src, slen); if (err < 0) @@ -103,7 +103,8 @@ static unsigned int ecdsa_x962_max_size(struct crypto_sig *tfm) { struct ecdsa_x962_ctx *ctx = crypto_sig_ctx(tfm); struct sig_alg *alg = crypto_sig_alg(ctx->child); - int slen = crypto_sig_keysize(ctx->child); + int slen = DIV_ROUND_UP_POW2(crypto_sig_keysize(ctx->child), + BITS_PER_BYTE); /* * Verify takes ECDSA-Sig-Value (described in RFC 5480) as input, diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index 117526d..a70b60a 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -167,7 +167,7 @@ static unsigned int ecdsa_key_size(struct crypto_sig *tfm) { struct ecc_ctx *ctx = crypto_sig_ctx(tfm); - return DIV_ROUND_UP(ctx->curve->nbits, 8); + return ctx->curve->nbits; } static unsigned int ecdsa_digest_size(struct crypto_sig *tfm) diff --git a/crypto/ecrdsa.c b/crypto/ecrdsa.c index b3dd8a3..2c0602f 100644 --- a/crypto/ecrdsa.c +++ b/crypto/ecrdsa.c @@ -249,7 +249,7 @@ static unsigned int ecrdsa_key_size(struct crypto_sig *tfm) * Verify doesn't need any output, so it's just informational * for keyctl to determine the key bit size. */ - return ctx->pub_key.ndigits * sizeof(u64); + return ctx->pub_key.ndigits * sizeof(u64) * BITS_PER_BYTE; } static unsigned int ecrdsa_max_size(struct crypto_sig *tfm) diff --git a/crypto/rsassa-pkcs1.c b/crypto/rsassa-pkcs1.c index d01ac75..94fa5e9 100644 --- a/crypto/rsassa-pkcs1.c +++ b/crypto/rsassa-pkcs1.c @@ -301,7 +301,7 @@ static unsigned int rsassa_pkcs1_key_size(struct crypto_sig *tfm) { struct rsassa_pkcs1_ctx *ctx = crypto_sig_ctx(tfm); - return ctx->key_size; + return ctx->key_size * BITS_PER_BYTE; } static int rsassa_pkcs1_set_pub_key(struct crypto_sig *tfm, diff --git a/crypto/sig.c b/crypto/sig.c index dfc7cae..53a3dd6 100644 --- a/crypto/sig.c +++ b/crypto/sig.c @@ -102,6 +102,11 @@ static int sig_default_set_key(struct crypto_sig *tfm, return -ENOSYS; } +static unsigned int sig_default_size(struct crypto_sig *tfm) +{ + return DIV_ROUND_UP_POW2(crypto_sig_keysize(tfm), BITS_PER_BYTE); +} + static int sig_prepare_alg(struct sig_alg *alg) { struct crypto_alg *base = &alg->base; @@ -117,9 +122,9 @@ static int sig_prepare_alg(struct sig_alg *alg) if (!alg->key_size) return -EINVAL; if (!alg->max_size) - alg->max_size = alg->key_size; + alg->max_size = sig_default_size; if (!alg->digest_size) - alg->digest_size = alg->key_size; + alg->digest_size = sig_default_size; base->cra_type = &crypto_sig_type; base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; diff --git a/include/crypto/sig.h b/include/crypto/sig.h index 1102470..fa6dafaf 100644 --- a/include/crypto/sig.h +++ b/include/crypto/sig.h @@ -128,7 +128,7 @@ static inline void crypto_free_sig(struct crypto_sig *tfm) /** * crypto_sig_keysize() - Get key size * - * Function returns the key size in bytes. + * Function returns the key size in bits. * Function assumes that the key is already set in the transformation. If this * function is called without a setkey or with a failed setkey, you may end up * in a NULL dereference. -- 2.43.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH RESEND v2 2/2] crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY 2025-04-07 19:32 ` [PATCH RESEND v2 2/2] crypto: ecdsa - Fix NIST P521 key " Lukas Wunner @ 2025-04-11 20:00 ` Ignat Korchagin 0 siblings, 0 replies; 6+ messages in thread From: Ignat Korchagin @ 2025-04-11 20:00 UTC (permalink / raw) To: Lukas Wunner Cc: Herbert Xu, David S. Miller, David Howells, Stefan Berger, Vitaly Chikunov, linux-crypto, keyrings On Mon, Apr 7, 2025 at 8:43 PM Lukas Wunner <lukas@wunner.de> wrote: > > When user space issues a KEYCTL_PKEY_QUERY system call for a NIST P521 > key, the key_size is incorrectly reported as 528 bits instead of 521. > > That's because the key size obtained through crypto_sig_keysize() is in > bytes and software_key_query() multiplies by 8 to yield the size in bits. > The underlying assumption is that the key size is always a multiple of 8. > With the recent addition of NIST P521, that's no longer the case. > > Fix by returning the key_size in bits from crypto_sig_keysize() and > adjusting the calculations in software_key_query(). > > The ->key_size() callbacks of sig_alg algorithms now return the size in > bits, whereas the ->digest_size() and ->max_size() callbacks return the > size in bytes. This matches with the units in struct keyctl_pkey_query. > > Fixes: a7d45ba77d3d ("crypto: ecdsa - Register NIST P521 and extend test suite") > Signed-off-by: Lukas Wunner <lukas@wunner.de> > Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Ignat Korchagin <ignat@cloudflare.com> > --- > crypto/asymmetric_keys/public_key.c | 8 ++++---- > crypto/ecdsa-p1363.c | 6 ++++-- > crypto/ecdsa-x962.c | 5 +++-- > crypto/ecdsa.c | 2 +- > crypto/ecrdsa.c | 2 +- > crypto/rsassa-pkcs1.c | 2 +- > crypto/sig.c | 9 +++++++-- > include/crypto/sig.h | 2 +- > 8 files changed, 22 insertions(+), 14 deletions(-) > > diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c > index dd44a96..89dc887 100644 > --- a/crypto/asymmetric_keys/public_key.c > +++ b/crypto/asymmetric_keys/public_key.c > @@ -205,6 +205,7 @@ static int software_key_query(const struct kernel_pkey_params *params, > goto error_free_tfm; > > len = crypto_sig_keysize(sig); > + info->key_size = len; > info->max_sig_size = crypto_sig_maxsize(sig); > info->max_data_size = crypto_sig_digestsize(sig); > > @@ -213,8 +214,8 @@ static int software_key_query(const struct kernel_pkey_params *params, > info->supported_ops |= KEYCTL_SUPPORTS_SIGN; > > if (strcmp(params->encoding, "pkcs1") == 0) { > - info->max_enc_size = len; > - info->max_dec_size = len; > + info->max_enc_size = len / BITS_PER_BYTE; > + info->max_dec_size = len / BITS_PER_BYTE; > > info->supported_ops |= KEYCTL_SUPPORTS_ENCRYPT; > if (pkey->key_is_private) > @@ -235,6 +236,7 @@ static int software_key_query(const struct kernel_pkey_params *params, > goto error_free_tfm; > > len = crypto_akcipher_maxsize(tfm); > + info->key_size = len * BITS_PER_BYTE; > info->max_sig_size = len; > info->max_data_size = len; > info->max_enc_size = len; > @@ -245,8 +247,6 @@ static int software_key_query(const struct kernel_pkey_params *params, > info->supported_ops |= KEYCTL_SUPPORTS_DECRYPT; > } > > - info->key_size = len * 8; > - > ret = 0; > > error_free_tfm: > diff --git a/crypto/ecdsa-p1363.c b/crypto/ecdsa-p1363.c > index 4454f1f..e0c55c6 100644 > --- a/crypto/ecdsa-p1363.c > +++ b/crypto/ecdsa-p1363.c > @@ -21,7 +21,8 @@ static int ecdsa_p1363_verify(struct crypto_sig *tfm, > const void *digest, unsigned int dlen) > { > struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm); > - unsigned int keylen = crypto_sig_keysize(ctx->child); > + unsigned int keylen = DIV_ROUND_UP_POW2(crypto_sig_keysize(ctx->child), > + BITS_PER_BYTE); > unsigned int ndigits = DIV_ROUND_UP_POW2(keylen, sizeof(u64)); > struct ecdsa_raw_sig sig; > > @@ -45,7 +46,8 @@ static unsigned int ecdsa_p1363_max_size(struct crypto_sig *tfm) > { > struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm); > > - return 2 * crypto_sig_keysize(ctx->child); > + return 2 * DIV_ROUND_UP_POW2(crypto_sig_keysize(ctx->child), > + BITS_PER_BYTE); > } > > static unsigned int ecdsa_p1363_digest_size(struct crypto_sig *tfm) > diff --git a/crypto/ecdsa-x962.c b/crypto/ecdsa-x962.c > index 90a04f4..ee71594 100644 > --- a/crypto/ecdsa-x962.c > +++ b/crypto/ecdsa-x962.c > @@ -82,7 +82,7 @@ static int ecdsa_x962_verify(struct crypto_sig *tfm, > int err; > > sig_ctx.ndigits = DIV_ROUND_UP_POW2(crypto_sig_keysize(ctx->child), > - sizeof(u64)); > + sizeof(u64) * BITS_PER_BYTE); > > err = asn1_ber_decoder(&ecdsasignature_decoder, &sig_ctx, src, slen); > if (err < 0) > @@ -103,7 +103,8 @@ static unsigned int ecdsa_x962_max_size(struct crypto_sig *tfm) > { > struct ecdsa_x962_ctx *ctx = crypto_sig_ctx(tfm); > struct sig_alg *alg = crypto_sig_alg(ctx->child); > - int slen = crypto_sig_keysize(ctx->child); > + int slen = DIV_ROUND_UP_POW2(crypto_sig_keysize(ctx->child), > + BITS_PER_BYTE); > > /* > * Verify takes ECDSA-Sig-Value (described in RFC 5480) as input, > diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c > index 117526d..a70b60a 100644 > --- a/crypto/ecdsa.c > +++ b/crypto/ecdsa.c > @@ -167,7 +167,7 @@ static unsigned int ecdsa_key_size(struct crypto_sig *tfm) > { > struct ecc_ctx *ctx = crypto_sig_ctx(tfm); > > - return DIV_ROUND_UP(ctx->curve->nbits, 8); > + return ctx->curve->nbits; > } > > static unsigned int ecdsa_digest_size(struct crypto_sig *tfm) > diff --git a/crypto/ecrdsa.c b/crypto/ecrdsa.c > index b3dd8a3..2c0602f 100644 > --- a/crypto/ecrdsa.c > +++ b/crypto/ecrdsa.c > @@ -249,7 +249,7 @@ static unsigned int ecrdsa_key_size(struct crypto_sig *tfm) > * Verify doesn't need any output, so it's just informational > * for keyctl to determine the key bit size. > */ > - return ctx->pub_key.ndigits * sizeof(u64); > + return ctx->pub_key.ndigits * sizeof(u64) * BITS_PER_BYTE; > } > > static unsigned int ecrdsa_max_size(struct crypto_sig *tfm) > diff --git a/crypto/rsassa-pkcs1.c b/crypto/rsassa-pkcs1.c > index d01ac75..94fa5e9 100644 > --- a/crypto/rsassa-pkcs1.c > +++ b/crypto/rsassa-pkcs1.c > @@ -301,7 +301,7 @@ static unsigned int rsassa_pkcs1_key_size(struct crypto_sig *tfm) > { > struct rsassa_pkcs1_ctx *ctx = crypto_sig_ctx(tfm); > > - return ctx->key_size; > + return ctx->key_size * BITS_PER_BYTE; > } > > static int rsassa_pkcs1_set_pub_key(struct crypto_sig *tfm, > diff --git a/crypto/sig.c b/crypto/sig.c > index dfc7cae..53a3dd6 100644 > --- a/crypto/sig.c > +++ b/crypto/sig.c > @@ -102,6 +102,11 @@ static int sig_default_set_key(struct crypto_sig *tfm, > return -ENOSYS; > } > > +static unsigned int sig_default_size(struct crypto_sig *tfm) > +{ > + return DIV_ROUND_UP_POW2(crypto_sig_keysize(tfm), BITS_PER_BYTE); > +} > + > static int sig_prepare_alg(struct sig_alg *alg) > { > struct crypto_alg *base = &alg->base; > @@ -117,9 +122,9 @@ static int sig_prepare_alg(struct sig_alg *alg) > if (!alg->key_size) > return -EINVAL; > if (!alg->max_size) > - alg->max_size = alg->key_size; > + alg->max_size = sig_default_size; > if (!alg->digest_size) > - alg->digest_size = alg->key_size; > + alg->digest_size = sig_default_size; > > base->cra_type = &crypto_sig_type; > base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; > diff --git a/include/crypto/sig.h b/include/crypto/sig.h > index 1102470..fa6dafaf 100644 > --- a/include/crypto/sig.h > +++ b/include/crypto/sig.h > @@ -128,7 +128,7 @@ static inline void crypto_free_sig(struct crypto_sig *tfm) > /** > * crypto_sig_keysize() - Get key size > * > - * Function returns the key size in bytes. > + * Function returns the key size in bits. > * Function assumes that the key is already set in the transformation. If this > * function is called without a setkey or with a failed setkey, you may end up > * in a NULL dereference. > -- > 2.43.0 > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH RESEND v2 0/2] ecdsa KEYCTL_PKEY_QUERY fixes 2025-04-07 19:32 [PATCH RESEND v2 0/2] ecdsa KEYCTL_PKEY_QUERY fixes Lukas Wunner 2025-04-07 19:32 ` [PATCH RESEND v2 1/2] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY Lukas Wunner 2025-04-07 19:32 ` [PATCH RESEND v2 2/2] crypto: ecdsa - Fix NIST P521 key " Lukas Wunner @ 2025-04-16 7:56 ` Herbert Xu 2 siblings, 0 replies; 6+ messages in thread From: Herbert Xu @ 2025-04-16 7:56 UTC (permalink / raw) To: Lukas Wunner Cc: David S. Miller, David Howells, Ignat Korchagin, Stefan Berger, Vitaly Chikunov, linux-crypto, keyrings On Mon, Apr 07, 2025 at 09:32:40PM +0200, Lukas Wunner wrote: > Here are two patches for ecdsa to avoid reporting nonsensical values > for enc/dec size and -- for P521 keys -- also the key size in response > to KEYCTL_PKEY_QUERY system calls. > > Resending as requested by Herbert: > > https://lore.kernel.org/r/Z9fuCTAAOphOvEeH@gondor.apana.org.au/ > > Link to the original submission: > > https://lore.kernel.org/r/cover.1738521533.git.lukas@wunner.de/ > > Although these are technically fixes, the issues they address are > not critical, so I recommend not applying as fixes for v6.15, > but rather let the patches soak in linux-next for v6.16. > > > Lukas Wunner (2): > crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY > crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY > > crypto/asymmetric_keys/public_key.c | 13 +++++++++---- > crypto/ecdsa-p1363.c | 6 ++++-- > crypto/ecdsa-x962.c | 5 +++-- > crypto/ecdsa.c | 2 +- > crypto/ecrdsa.c | 2 +- > crypto/rsassa-pkcs1.c | 2 +- > crypto/sig.c | 9 +++++++-- > include/crypto/sig.h | 2 +- > 8 files changed, 27 insertions(+), 14 deletions(-) > > -- > 2.43.0 All applied. Thanks. -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-04-16 7:56 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-04-07 19:32 [PATCH RESEND v2 0/2] ecdsa KEYCTL_PKEY_QUERY fixes Lukas Wunner 2025-04-07 19:32 ` [PATCH RESEND v2 1/2] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY Lukas Wunner 2025-04-11 19:54 ` Ignat Korchagin 2025-04-07 19:32 ` [PATCH RESEND v2 2/2] crypto: ecdsa - Fix NIST P521 key " Lukas Wunner 2025-04-11 20:00 ` Ignat Korchagin 2025-04-16 7:56 ` [PATCH RESEND v2 0/2] ecdsa KEYCTL_PKEY_QUERY fixes Herbert Xu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).