Commit 444db60f authored by Holger Dengler's avatar Holger Dengler Committed by Heiko Carstens
Browse files

s390/pkey: Tolerate larger key blobs 



The pkey handlers should only check, if the length of a key blob is big
enough for holding a key. Larger blobs should be tolerated.

Reviewed-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
Signed-off-by: default avatarHolger Dengler <dengler@linux.ibm.com>
Signed-off-by: default avatarHeiko Carstens <hca@linux.ibm.com>
parent a0bd7dac

drivers/s390/crypto/pkey_cca.c

+2 −2
Original line number Diff line number Diff line
@@ -224,14 +224,14 @@ static int cca_key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns, 
	if (hdr->type == TOKTYPE_CCA_INTERNAL &&

	    hdr->version == TOKVER_CCA_AES) {

		/* CCA AES data key */

		if (keylen != sizeof(struct secaeskeytoken))

		if (keylen < sizeof(struct secaeskeytoken))

			return -EINVAL;

		if (cca_check_secaeskeytoken(pkey_dbf_info, 3, key, 0))

			return -EINVAL;

	} else if (hdr->type == TOKTYPE_CCA_INTERNAL &&

		   hdr->version == TOKVER_CCA_VLSC) {

		/* CCA AES cipher key */

		if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE)

		if (keylen < hdr->len)

			return -EINVAL;

		if (cca_check_secaescipherkey(pkey_dbf_info,

					      3, key, 0, 1))

drivers/s390/crypto/pkey_pckmo.c

+6 −6
Original line number Diff line number Diff line
@@ -244,7 +244,7 @@ static int pckmo_key2protkey(const u8 *key, u32 keylen, 
		case PKEY_KEYTYPE_AES_192:

		case PKEY_KEYTYPE_AES_256:

			if (t->len != keysize + AES_WK_VP_SIZE ||

			    keylen != sizeof(struct protaeskeytoken))

			    keylen < sizeof(struct protaeskeytoken))

				goto out;

			rc = pckmo_verify_protkey(t->protkey, t->len,

						  t->keytype);
@@ -253,7 +253,7 @@ static int pckmo_key2protkey(const u8 *key, u32 keylen, 
			break;

		default:

			if (t->len != keysize + AES_WK_VP_SIZE ||

			    keylen != sizeof(*t) + keysize + AES_WK_VP_SIZE)

			    keylen < sizeof(*t) + keysize + AES_WK_VP_SIZE)

				goto out;

			break;

		}
@@ -266,8 +266,8 @@ static int pckmo_key2protkey(const u8 *key, u32 keylen, 
		struct clearkeytoken *t = (struct clearkeytoken *)key;

		u32 keysize;



		if (keylen < sizeof(struct clearkeytoken) ||

		    keylen != sizeof(*t) + t->len)

		if (keylen < sizeof(*t) ||

		    keylen < sizeof(*t) + t->len)

			goto out;

		keysize = pkey_keytype_to_size(t->keytype);

		if (!keysize) {
@@ -376,11 +376,11 @@ static int pckmo_verify_key(const u8 *key, u32 keylen) 
		case PKEY_KEYTYPE_AES_128:

		case PKEY_KEYTYPE_AES_192:

		case PKEY_KEYTYPE_AES_256:

			if (keylen != sizeof(struct protaeskeytoken))

			if (keylen < sizeof(struct protaeskeytoken))

				goto out;

			break;

		default:

			if (keylen != sizeof(*t) + keysize + AES_WK_VP_SIZE)

			if (keylen < sizeof(*t) + keysize + AES_WK_VP_SIZE)

				goto out;

			break;

		}