Commit 3828485e authored by Lukas Wunner's avatar Lukas Wunner Committed by Herbert Xu
Browse files

crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY 



KEYCTL_PKEY_QUERY system calls for ecdsa keys return the key size as
max_enc_size and max_dec_size, even though such keys cannot be used for
encryption/decryption.  They're exclusively for signature generation or
verification.

Only rsa keys with pkcs1 encoding can also be used for encryption or
decryption.

Return 0 instead for ecdsa keys (as well as ecrdsa keys).

Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
Reviewed-by: default avatarStefan Berger <stefanb@linux.ibm.com>
Reviewed-by: default avatarIgnat Korchagin <ignat@cloudflare.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 61bb8db6

crypto/asymmetric_keys/public_key.c

+7 −2
Original line number Diff line number Diff line
@@ -188,6 +188,8 @@ static int software_key_query(const struct kernel_pkey_params *params, 
	ptr = pkey_pack_u32(ptr, pkey->paramlen);

	memcpy(ptr, pkey->params, pkey->paramlen);



	memset(info, 0, sizeof(*info));



	if (issig) {

		sig = crypto_alloc_sig(alg_name, 0, 0);

		if (IS_ERR(sig)) {
@@ -211,6 +213,9 @@ static int software_key_query(const struct kernel_pkey_params *params, 
			info->supported_ops |= KEYCTL_SUPPORTS_SIGN;



		if (strcmp(params->encoding, "pkcs1") == 0) {

			info->max_enc_size = len;

			info->max_dec_size = len;



			info->supported_ops |= KEYCTL_SUPPORTS_ENCRYPT;

			if (pkey->key_is_private)

				info->supported_ops |= KEYCTL_SUPPORTS_DECRYPT;
@@ -232,6 +237,8 @@ static int software_key_query(const struct kernel_pkey_params *params, 
		len = crypto_akcipher_maxsize(tfm);

		info->max_sig_size = len;

		info->max_data_size = len;

		info->max_enc_size = len;

		info->max_dec_size = len;



		info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT;

		if (pkey->key_is_private)
@@ -239,8 +246,6 @@ static int software_key_query(const struct kernel_pkey_params *params, 
	}



	info->key_size = len * 8;

	info->max_enc_size = len;

	info->max_dec_size = len;



	ret = 0;