On 6/3/2023 6:02 PM, Eric Biggers wrote:
On Sat, Jun 03, 2023 at 12:41:00PM +0200, Roberto Sassu wrote:
On 6/3/2023 2:02 AM, Linus Torvalds wrote:
On Fri, Jun 2, 2023 at 1:38 PM Linus Torvalds torvalds@linux-foundation.org wrote:
The patch re-uses the allocation it already does for the key data, and it seems sane.
Ugh. I had to check that it was ok to re-use the key buffer, but it does seem to be the case that you can just re-use the buffer after you've done that crypto_akcipher_set_priv/pub_key() call, and the crypto layer has to copy it into its own data structures.
Yes, we could not do it if the set_pub_key/set_priv_key methods use internally the passed pointer. I guess it depends on the methods, for RSA and ECDSA it seems fine (they copy to a different location).
The doubt comes because the buffer is freed after crypto_wait_req() and not after crypto_akcipher_set_*_key(), suggesting that it could be actually used during the crypto operation.
Rechecked the thread, and the suggestion to reuse the buffer and not append the signature and digest at the end was by Eric Biggers.
Eric, in light of this finding, should we still reuse the buffer?
I don't think there was any "finding" here. The setkey methods in the crypto API aren't allowed to reuse the buffer they are passed, so the patch is fine.
That was the information I was missing.
Thanks!
Roberto