Re: [PATCH 1/3] KEYS: asym_tpm: fix buffer overreads in extract_key_parameters()

[Jarkko Sakkinen <jarkko@kernel.org>]

On Fri, Jan 28, 2022 at 11:00:12AM -0800, Eric Biggers wrote:
> On Wed, Jan 26, 2022 at 04:22:53PM +0200, Jarkko Sakkinen wrote:
> > On Wed, Jan 26, 2022 at 04:21:53PM +0200, Jarkko Sakkinen wrote:
> > > On Tue, Jan 18, 2022 at 04:59:47PM -0800, Eric Biggers wrote:
> > > > On Sat, Jan 15, 2022 at 11:40:48PM +0200, Jarkko Sakkinen wrote:
> > > > > > 
> > > > > > - Avoid integer overflows when validating size fields; 'sz + 12' and
> > > > > >   '4 + sz' overflowed if 'sz' is near U32_MAX.
> > > > > 
> > > > > So we have a struct tpm_header in include/linux/tpm.h. It would be way
> > > > > more informative to use sizeof(struct tpm_header) than number 12, even
> > > > > if the patch does not otherwise use the struct. It tells what it is, 12
> > > > > does not.
> > > > 
> > > > I don't think that would be an improvement, given that the code is using
> > > > hard-coded offsets.  If it's reading 4 bytes from cur + 8, it's much easier to
> > > > understand that it needs 12 bytes than 'sizeof(struct tpm_header)' bytes.
> > > > 
> > > > I'd certainly encourage whoever is maintaining this code to change it to use
> > > > structs instead, but that's not what this patch is meant to do.
> > > 
> > > I would consider dropping asym_tpm as it has no practical use cases
> > > existing.
> > 
> > At least I have zero motivation to maintain it as it does not meet
> > any quality standards and is based on insecure crypto algorithms.
> > I neither have participated to its review process.
> 
> Fair enough, I'll send a patch to remove it then.

It is IMHO. I mean having this advertising insecure ways to to do crypto.

Thank you.

PS. My latency is because I've been moving to a new job. It is temporary.

/Jarkko