From: Greg Kroah-Hartman Date: Wed, 15 Jul 2026 10:25:54 +0000 (+0200) Subject: 6.6-stable patches X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f8c0a18697adac650db9976b8a5d56f5e20234eb;p=thirdparty%2Fkernel%2Fstable-queue.git 6.6-stable patches added patches: crypto-qat-validate-rsa-crt-component-lengths.patch --- diff --git a/queue-6.6/crypto-qat-validate-rsa-crt-component-lengths.patch b/queue-6.6/crypto-qat-validate-rsa-crt-component-lengths.patch new file mode 100644 index 0000000000..178b22e173 --- /dev/null +++ b/queue-6.6/crypto-qat-validate-rsa-crt-component-lengths.patch @@ -0,0 +1,83 @@ +From b3ac78756588059729b9195fcc9f4b37d54057a5 Mon Sep 17 00:00:00 2001 +From: Giovanni Cabiddu +Date: Thu, 28 May 2026 16:57:44 +0100 +Subject: crypto: qat - validate RSA CRT component lengths + +From: Giovanni Cabiddu + +commit b3ac78756588059729b9195fcc9f4b37d54057a5 upstream. + +The generic RSA key parser (rsa_helper.c) bounds each CRT component (p, +q, dp, dq, qinv) by the modulus size n_sz, but qat_rsa_setkey_crt() +allocates half-size DMA buffers (key_sz / 2) and right-aligns each +component with: + + memcpy(dst + half_key_sz - len, src, len) + +When a CRT component is larger than half_key_sz the subtraction +underflows and memcpy writes past the DMA buffer, causing memory +corruption. + +Add a len > half_key_sz check next to the existing !len check for each +of the five CRT components so the driver falls back to the non-CRT path +instead of writing out of bounds. + +Fixes: 879f77e9071f ("crypto: qat - Add RSA CRT mode") +Cc: stable@vger.kernel.org +Signed-off-by: Giovanni Cabiddu +Reviewed-by: Ahsan Atta +Reviewed-by: Laurent M Coquerel +Tested-by: Laurent M Coquerel +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/intel/qat/qat_common/qat_asym_algs.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/drivers/crypto/intel/qat/qat_common/qat_asym_algs.c ++++ b/drivers/crypto/intel/qat/qat_common/qat_asym_algs.c +@@ -1032,7 +1032,7 @@ static void qat_rsa_setkey_crt(struct qa + ptr = rsa_key->p; + len = rsa_key->p_sz; + qat_rsa_drop_leading_zeros(&ptr, &len); +- if (!len) ++ if (!len || len > half_key_sz) + goto err; + ctx->p = dma_alloc_coherent(dev, half_key_sz, &ctx->dma_p, GFP_KERNEL); + if (!ctx->p) +@@ -1043,7 +1043,7 @@ static void qat_rsa_setkey_crt(struct qa + ptr = rsa_key->q; + len = rsa_key->q_sz; + qat_rsa_drop_leading_zeros(&ptr, &len); +- if (!len) ++ if (!len || len > half_key_sz) + goto free_p; + ctx->q = dma_alloc_coherent(dev, half_key_sz, &ctx->dma_q, GFP_KERNEL); + if (!ctx->q) +@@ -1054,7 +1054,7 @@ static void qat_rsa_setkey_crt(struct qa + ptr = rsa_key->dp; + len = rsa_key->dp_sz; + qat_rsa_drop_leading_zeros(&ptr, &len); +- if (!len) ++ if (!len || len > half_key_sz) + goto free_q; + ctx->dp = dma_alloc_coherent(dev, half_key_sz, &ctx->dma_dp, + GFP_KERNEL); +@@ -1066,7 +1066,7 @@ static void qat_rsa_setkey_crt(struct qa + ptr = rsa_key->dq; + len = rsa_key->dq_sz; + qat_rsa_drop_leading_zeros(&ptr, &len); +- if (!len) ++ if (!len || len > half_key_sz) + goto free_dp; + ctx->dq = dma_alloc_coherent(dev, half_key_sz, &ctx->dma_dq, + GFP_KERNEL); +@@ -1078,7 +1078,7 @@ static void qat_rsa_setkey_crt(struct qa + ptr = rsa_key->qinv; + len = rsa_key->qinv_sz; + qat_rsa_drop_leading_zeros(&ptr, &len); +- if (!len) ++ if (!len || len > half_key_sz) + goto free_dq; + ctx->qinv = dma_alloc_coherent(dev, half_key_sz, &ctx->dma_qinv, + GFP_KERNEL); diff --git a/queue-6.6/series b/queue-6.6/series index c893b2bb62..dffe52a6b5 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -276,3 +276,4 @@ crypto-pcrypt-restore-callback-for-non-parallel-fallback.patch crypto-drbg-fix-returning-success-on-failure-in-ctr_drbg.patch crypto-drbg-fix-drbg_max_addtl-on-64-bit-kernels.patch crypto-drbg-fix-the-fips_enabled-priority-boost.patch +crypto-qat-validate-rsa-crt-component-lengths.patch