1 files changed, 107 insertions, 65 deletions
diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index d226f48d0907..4df6451e7543 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -22,20 +22,29 @@ int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
              const void *value, size_t vlen)
 {
        struct rsa_key *key = context;
+        const u8 *ptr = value;
+        size_t n_sz = vlen;
-        key->n = mpi_read_raw_data(value, vlen);
+        /* invalid key provided */
+        if (!value || !vlen)
-        if (!key->n)
-                return -ENOMEM;
-        /* In FIPS mode only allow key size 2K & 3K */
-        if (fips_enabled && (mpi_get_size(key->n) != 256 &&
-                             mpi_get_size(key->n) != 384)) {
-                pr_err("RSA: key size not allowed in FIPS mode\n");
-                mpi_free(key->n);
-                key->n = NULL;
                return -EINVAL;
+        if (fips_enabled) {
+                while (!*ptr && n_sz) {
+                        ptr++;
+                        n_sz--;
+                }
+                /* In FIPS mode only allow key size 2K & 3K */
+                if (n_sz != 256 && n_sz != 384) {
+                        pr_err("RSA: key size not allowed in FIPS mode\n");
+                        return -EINVAL;
+                }
        }
+        key->n = value;
+        key->n_sz = vlen;
        return 0;
 }
@@ -44,10 +53,12 @@ int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
 {
        struct rsa_key *key = context;
-        key->e = mpi_read_raw_data(value, vlen);
+        /* invalid key provided */
+        if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
+                return -EINVAL;
-        if (!key->e)
+        key->e = value;
-                return -ENOMEM;
+        key->e_sz = vlen;
        return 0;
 }
@@ -57,46 +68,95 @@ int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
 {
        struct rsa_key *key = context;
-        key->d = mpi_read_raw_data(value, vlen);
+        /* invalid key provided */
+        if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
+                return -EINVAL;
-        if (!key->d)
+        key->d = value;
-                return -ENOMEM;
+        key->d_sz = vlen;
-        /* In FIPS mode only allow key size 2K & 3K */
+        return 0;
-        if (fips_enabled && (mpi_get_size(key->d) != 256 &&
+}
-                             mpi_get_size(key->d) != 384)) {
-                pr_err("RSA: key size not allowed in FIPS mode\n");
+int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
-                mpi_free(key->d);
+              const void *value, size_t vlen)
-                key->d = NULL;
+{
+        struct rsa_key *key = context;
+        /* invalid key provided */
+        if (!value || !vlen || vlen > key->n_sz)
                return -EINVAL;
-        }
+        key->p = value;
+        key->p_sz = vlen;
        return 0;
 }
-static void free_mpis(struct rsa_key *key)
+int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
+              const void *value, size_t vlen)
 {
-        mpi_free(key->n);
+        struct rsa_key *key = context;
-        mpi_free(key->e);
-        mpi_free(key->d);
+        /* invalid key provided */
-        key->n = NULL;
+        if (!value || !vlen || vlen > key->n_sz)
-        key->e = NULL;
+                return -EINVAL;
-        key->d = NULL;
+        key->q = value;
+        key->q_sz = vlen;
+        return 0;
 }
-/**
+int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
- * rsa_free_key() - frees rsa key allocated by rsa_parse_key()
+               const void *value, size_t vlen)
- *
+{
- * @rsa_key:    struct rsa_key key representation
+        struct rsa_key *key = context;
- */
-void rsa_free_key(struct rsa_key *key)
+        /* invalid key provided */
+        if (!value || !vlen || vlen > key->n_sz)
+                return -EINVAL;
+        key->dp = value;
+        key->dp_sz = vlen;
+        return 0;
+}
+int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
+               const void *value, size_t vlen)
 {
-        free_mpis(key);
+        struct rsa_key *key = context;
+        /* invalid key provided */
+        if (!value || !vlen || vlen > key->n_sz)
+                return -EINVAL;
+        key->dq = value;
+        key->dq_sz = vlen;
+        return 0;
+}
+int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
+                 const void *value, size_t vlen)
+{
+        struct rsa_key *key = context;
+        /* invalid key provided */
+        if (!value || !vlen || vlen > key->n_sz)
+                return -EINVAL;
+        key->qinv = value;
+        key->qinv_sz = vlen;
+        return 0;
 }
-EXPORT_SYMBOL_GPL(rsa_free_key);
 /**
- * rsa_parse_pub_key() - extracts an rsa public key from BER encoded buffer
+ * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
- *                       and stores it in the provided struct rsa_key
+ *                       provided struct rsa_key, pointers to the raw key as is,
+ *                       so that the caller can copy it or MPI parse it, etc.
 *
 * @rsa_key:    struct rsa_key key representation
 * @key:        key in BER format
@@ -107,23 +167,15 @@ EXPORT_SYMBOL_GPL(rsa_free_key);
 int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
                      unsigned int key_len)
 {
-        int ret;
+        return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
-        free_mpis(rsa_key);
-        ret = asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
-        if (ret < 0)
-                goto error;
-        return 0;
-error:
-        free_mpis(rsa_key);
-        return ret;
 }
 EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
 /**
- * rsa_parse_pub_key() - extracts an rsa private key from BER encoded buffer
+ * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
- *                       and stores it in the provided struct rsa_key
+ *                        provided struct rsa_key, pointers to the raw key
+ *                        as is, so that the caller can copy it or MPI parse it,
+ *                        etc.
 *
 * @rsa_key:    struct rsa_key key representation
 * @key:        key in BER format
@@ -134,16 +186,6 @@ EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
 int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
                       unsigned int key_len)
 {
-        int ret;
+        return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
-        free_mpis(rsa_key);
-        ret = asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
-        if (ret < 0)
-                goto error;
-        return 0;
-error:
-        free_mpis(rsa_key);
-        return ret;
 }
 EXPORT_SYMBOL_GPL(rsa_parse_priv_key);

diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c index d226f48d0907..4df6451e7543 100644 --- a/crypto/rsa_helper.c +++ b/crypto/rsa_helper.c
@@ -22,20 +22,29 @@ int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
22	const void *value, size_t vlen)	22	const void *value, size_t vlen)
23	{	23	{
24	struct rsa_key *key = context;	24	struct rsa_key *key = context;
		25	const u8 *ptr = value;
		26	size_t n_sz = vlen;
25		27
26	key->n = mpi_read_raw_data(value, vlen);	28	/* invalid key provided */
27		29	if (!value \|\| !vlen)
28	if (!key->n)
29	return -ENOMEM;
30
31	/* In FIPS mode only allow key size 2K & 3K */
32	if (fips_enabled && (mpi_get_size(key->n) != 256 &&
33	mpi_get_size(key->n) != 384)) {
34	pr_err("RSA: key size not allowed in FIPS mode\n");
35	mpi_free(key->n);
36	key->n = NULL;
37	return -EINVAL;	30	return -EINVAL;
		31
		32	if (fips_enabled) {
		33	while (!*ptr && n_sz) {
		34	ptr++;
		35	n_sz--;
		36	}
		37
		38	/* In FIPS mode only allow key size 2K & 3K */
		39	if (n_sz != 256 && n_sz != 384) {
		40	pr_err("RSA: key size not allowed in FIPS mode\n");
		41	return -EINVAL;
		42	}
38	}	43	}
		44
		45	key->n = value;
		46	key->n_sz = vlen;
		47
39	return 0;	48	return 0;
40	}	49	}
41		50
@@ -44,10 +53,12 @@ int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
44	{	53	{
45	struct rsa_key *key = context;	54	struct rsa_key *key = context;
46		55
47	key->e = mpi_read_raw_data(value, vlen);	56	/* invalid key provided */
		57	if (!value \|\| !key->n_sz \|\| !vlen \|\| vlen > key->n_sz)
		58	return -EINVAL;
48		59
49	if (!key->e)	60	key->e = value;
50	return -ENOMEM;	61	key->e_sz = vlen;
51		62
52	return 0;	63	return 0;
53	}	64	}
@@ -57,46 +68,95 @@ int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
57	{	68	{
58	struct rsa_key *key = context;	69	struct rsa_key *key = context;
59		70
60	key->d = mpi_read_raw_data(value, vlen);	71	/* invalid key provided */
		72	if (!value \|\| !key->n_sz \|\| !vlen \|\| vlen > key->n_sz)
		73	return -EINVAL;
61		74
62	if (!key->d)	75	key->d = value;
63	return -ENOMEM;	76	key->d_sz = vlen;
64		77
65	/* In FIPS mode only allow key size 2K & 3K */	78	return 0;
66	if (fips_enabled && (mpi_get_size(key->d) != 256 &&	79	}
67	mpi_get_size(key->d) != 384)) {	80
68	pr_err("RSA: key size not allowed in FIPS mode\n");	81	int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
69	mpi_free(key->d);	82	const void *value, size_t vlen)
70	key->d = NULL;	83	{
		84	struct rsa_key *key = context;
		85
		86	/* invalid key provided */
		87	if (!value \|\| !vlen \|\| vlen > key->n_sz)
71	return -EINVAL;	88	return -EINVAL;
72	}	89
		90	key->p = value;
		91	key->p_sz = vlen;
		92
73	return 0;	93	return 0;
74	}	94	}
75		95
76	static void free_mpis(struct rsa_key *key)	96	int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
		97	const void *value, size_t vlen)
77	{	98	{
78	mpi_free(key->n);	99	struct rsa_key *key = context;
79	mpi_free(key->e);	100
80	mpi_free(key->d);	101	/* invalid key provided */
81	key->n = NULL;	102	if (!value \|\| !vlen \|\| vlen > key->n_sz)
82	key->e = NULL;	103	return -EINVAL;
83	key->d = NULL;	104
		105	key->q = value;
		106	key->q_sz = vlen;
		107
		108	return 0;
84	}	109	}
85		110
86	/**	111	int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
87	* rsa_free_key() - frees rsa key allocated by rsa_parse_key()	112	const void *value, size_t vlen)
88	*	113	{
89	* @rsa_key: struct rsa_key key representation	114	struct rsa_key *key = context;
90	*/	115
91	void rsa_free_key(struct rsa_key *key)	116	/* invalid key provided */
		117	if (!value \|\| !vlen \|\| vlen > key->n_sz)
		118	return -EINVAL;
		119
		120	key->dp = value;
		121	key->dp_sz = vlen;
		122
		123	return 0;
		124	}
		125
		126	int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
		127	const void *value, size_t vlen)
92	{	128	{
93	free_mpis(key);	129	struct rsa_key *key = context;
		130
		131	/* invalid key provided */
		132	if (!value \|\| !vlen \|\| vlen > key->n_sz)
		133	return -EINVAL;
		134
		135	key->dq = value;
		136	key->dq_sz = vlen;
		137
		138	return 0;
		139	}
		140
		141	int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
		142	const void *value, size_t vlen)
		143	{
		144	struct rsa_key *key = context;
		145
		146	/* invalid key provided */
		147	if (!value \|\| !vlen \|\| vlen > key->n_sz)
		148	return -EINVAL;
		149
		150	key->qinv = value;
		151	key->qinv_sz = vlen;
		152
		153	return 0;
94	}	154	}
95	EXPORT_SYMBOL_GPL(rsa_free_key);
96		155
97	/**	156	/**
98	* rsa_parse_pub_key() - extracts an rsa public key from BER encoded buffer	157	* rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
99	* and stores it in the provided struct rsa_key	158	* provided struct rsa_key, pointers to the raw key as is,
		159	* so that the caller can copy it or MPI parse it, etc.
100	*	160	*
101	* @rsa_key: struct rsa_key key representation	161	* @rsa_key: struct rsa_key key representation
102	* @key: key in BER format	162	* @key: key in BER format
@@ -107,23 +167,15 @@ EXPORT_SYMBOL_GPL(rsa_free_key);
107	int rsa_parse_pub_key(struct rsa_key rsa_key, const void key,	167	int rsa_parse_pub_key(struct rsa_key rsa_key, const void key,
108	unsigned int key_len)	168	unsigned int key_len)
109	{	169	{
110	int ret;	170	return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
111
112	free_mpis(rsa_key);
113	ret = asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
114	if (ret < 0)
115	goto error;
116
117	return 0;
118	error:
119	free_mpis(rsa_key);
120	return ret;
121	}	171	}
122	EXPORT_SYMBOL_GPL(rsa_parse_pub_key);	172	EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
123		173
124	/**	174	/**
125	* rsa_parse_pub_key() - extracts an rsa private key from BER encoded buffer	175	* rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
126	* and stores it in the provided struct rsa_key	176	* provided struct rsa_key, pointers to the raw key
		177	* as is, so that the caller can copy it or MPI parse it,
		178	* etc.
127	*	179	*
128	* @rsa_key: struct rsa_key key representation	180	* @rsa_key: struct rsa_key key representation
129	* @key: key in BER format	181	* @key: key in BER format
@@ -134,16 +186,6 @@ EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
134	int rsa_parse_priv_key(struct rsa_key rsa_key, const void key,	186	int rsa_parse_priv_key(struct rsa_key rsa_key, const void key,
135	unsigned int key_len)	187	unsigned int key_len)
136	{	188	{
137	int ret;	189	return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
138
139	free_mpis(rsa_key);
140	ret = asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
141	if (ret < 0)
142	goto error;
143
144	return 0;
145	error:
146	free_mpis(rsa_key);
147	return ret;
148	}	190	}
149	EXPORT_SYMBOL_GPL(rsa_parse_priv_key);	191	EXPORT_SYMBOL_GPL(rsa_parse_priv_key);