[PATCH 6.15 006/780] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY

17 Jun 2025

6.15-stable review patch.  If anyone has any objections, please let me know.
------------------
From: Lukas Wunner lukas@wunner.de
[ Upstream commit 3828485e1c7b111290122ab6e083c2a37132b5c2 ]
KEYCTL_PKEY_QUERY system calls for ecdsa keys return the key size as
max_enc_size and max_dec_size, even though such keys cannot be used for
encryption/decryption.  They're exclusively for signature generation or
verification.
Only rsa keys with pkcs1 encoding can also be used for encryption or
decryption.
Return 0 instead for ecdsa keys (as well as ecrdsa keys).
Signed-off-by: Lukas Wunner lukas@wunner.de
Reviewed-by: Stefan Berger stefanb@linux.ibm.com
Reviewed-by: Ignat Korchagin ignat@cloudflare.com
Signed-off-by: Herbert Xu herbert@gondor.apana.org.au
Stable-dep-of: 6b7f9397c98c ("crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY")
Signed-off-by: Sasha Levin sashal@kernel.org
---
 crypto/asymmetric_keys/public_key.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index bf165d321440d..dd44a966947fb 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -188,6 +188,8 @@ static int software_key_query(const struct kernel_pkey_params *params,
    ptr = pkey_pack_u32(ptr, pkey->paramlen);
    memcpy(ptr, pkey->params, pkey->paramlen);
+	memset(info, 0, sizeof(*info));
+
    if (issig) {
    	sig = crypto_alloc_sig(alg_name, 0, 0);
    	if (IS_ERR(sig)) {
@@ -211,6 +213,9 @@ static int software_key_query(const struct kernel_pkey_params *params,
    		info->supported_ops |= KEYCTL_SUPPORTS_SIGN;
if (strcmp(params->encoding, "pkcs1") == 0) {
+			info->max_enc_size = len;
+			info->max_dec_size = len;
+
    		info->supported_ops |= KEYCTL_SUPPORTS_ENCRYPT;
    		if (pkey->key_is_private)
    			info->supported_ops |= KEYCTL_SUPPORTS_DECRYPT;
@@ -232,6 +237,8 @@ static int software_key_query(const struct kernel_pkey_params *params,
    	len = crypto_akcipher_maxsize(tfm);
    	info->max_sig_size = len;
    	info->max_data_size = len;
+		info->max_enc_size = len;
+		info->max_dec_size = len;
info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT;
    	if (pkey->key_is_private)
@@ -239,8 +246,6 @@ static int software_key_query(const struct kernel_pkey_params *params,
    }
info->key_size = len * 8;
-	info->max_enc_size = len;
-	info->max_dec_size = len;
ret = 0;
-- 
2.39.5





    

2025

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 6.15 006/780] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY