From 444db60f8e29f045c4cdcaa5d6840075864955ba Mon Sep 17 00:00:00 2001 From: Holger Dengler Date: Fri, 25 Oct 2024 17:12:43 +0200 Subject: [PATCH] s390/pkey: Tolerate larger key blobs The pkey handlers should only check, if the length of a key blob is big enough for holding a key. Larger blobs should be tolerated. Reviewed-by: Harald Freudenberger Signed-off-by: Holger Dengler Signed-off-by: Heiko Carstens --- drivers/s390/crypto/pkey_cca.c | 4 ++-- drivers/s390/crypto/pkey_pckmo.c | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/s390/crypto/pkey_cca.c b/drivers/s390/crypto/pkey_cca.c index 8d619f9774b9..cda22db31f6c 100644 --- a/drivers/s390/crypto/pkey_cca.c +++ b/drivers/s390/crypto/pkey_cca.c @@ -224,14 +224,14 @@ static int cca_key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns, if (hdr->type == TOKTYPE_CCA_INTERNAL && hdr->version == TOKVER_CCA_AES) { /* CCA AES data key */ - if (keylen != sizeof(struct secaeskeytoken)) + if (keylen < sizeof(struct secaeskeytoken)) return -EINVAL; if (cca_check_secaeskeytoken(pkey_dbf_info, 3, key, 0)) return -EINVAL; } else if (hdr->type == TOKTYPE_CCA_INTERNAL && hdr->version == TOKVER_CCA_VLSC) { /* CCA AES cipher key */ - if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) + if (keylen < hdr->len) return -EINVAL; if (cca_check_secaescipherkey(pkey_dbf_info, 3, key, 0, 1)) diff --git a/drivers/s390/crypto/pkey_pckmo.c b/drivers/s390/crypto/pkey_pckmo.c index b66fbf9846dc..1f7dac107d93 100644 --- a/drivers/s390/crypto/pkey_pckmo.c +++ b/drivers/s390/crypto/pkey_pckmo.c @@ -244,7 +244,7 @@ static int pckmo_key2protkey(const u8 *key, u32 keylen, case PKEY_KEYTYPE_AES_192: case PKEY_KEYTYPE_AES_256: if (t->len != keysize + AES_WK_VP_SIZE || - keylen != sizeof(struct protaeskeytoken)) + keylen < sizeof(struct protaeskeytoken)) goto out; rc = pckmo_verify_protkey(t->protkey, t->len, t->keytype); @@ -253,7 +253,7 @@ static int pckmo_key2protkey(const u8 *key, u32 keylen, break; default: if (t->len != keysize + AES_WK_VP_SIZE || - keylen != sizeof(*t) + keysize + AES_WK_VP_SIZE) + keylen < sizeof(*t) + keysize + AES_WK_VP_SIZE) goto out; break; } @@ -266,8 +266,8 @@ static int pckmo_key2protkey(const u8 *key, u32 keylen, struct clearkeytoken *t = (struct clearkeytoken *)key; u32 keysize; - if (keylen < sizeof(struct clearkeytoken) || - keylen != sizeof(*t) + t->len) + if (keylen < sizeof(*t) || + keylen < sizeof(*t) + t->len) goto out; keysize = pkey_keytype_to_size(t->keytype); if (!keysize) { @@ -376,11 +376,11 @@ static int pckmo_verify_key(const u8 *key, u32 keylen) case PKEY_KEYTYPE_AES_128: case PKEY_KEYTYPE_AES_192: case PKEY_KEYTYPE_AES_256: - if (keylen != sizeof(struct protaeskeytoken)) + if (keylen < sizeof(struct protaeskeytoken)) goto out; break; default: - if (keylen != sizeof(*t) + keysize + AES_WK_VP_SIZE) + if (keylen < sizeof(*t) + keysize + AES_WK_VP_SIZE) goto out; break; }