archive mirror
 help / color / mirror / Atom feed
From: Hongbo Li <>
Subject: [PATCH v2 2/7] lib/mpi: use kcalloc in mpi_resize
Date: Thu, 27 May 2021 21:53:30 +0800	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

From: Hongbo Li <>

We should set the additional space to 0 in mpi_resize().
So use kcalloc() instead of kmalloc_array().

In lib/mpi/ec.c:
 * Resize the array of A to NLIMBS. the additional space is cleared
 * (set to 0) [done by m_realloc()]
int mpi_resize(MPI a, unsigned nlimbs)

Like the comment of kernel's mpi_resize(), the additional space
need to set to 0, but when a->d is not NULL, it does not set.

The kernel's mpi lib is from libgcrypt, the mpi resize in libgcrypt
is _gcry_mpi_resize() which set the additional space to 0.

This bug may cause mpi api which use mpi_resize() get wrong result
under the condition of using the additional space without initiation.
If this condition is not met, the bug would not be triggered.
Currently in kernel, rsa, sm2 and dh use mpi lib, and they works well,
so the bug is not triggered in these cases. 

add_points_edwards() use the additional space directly, so it will
get a wrong result, and lead to a failed eddsa verification.

Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)")
Signed-off-by: Hongbo Li <>
 lib/mpi/mpiutil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/mpi/mpiutil.c b/lib/mpi/mpiutil.c
index 3c63710c20c6..e6c4b3180ab1 100644
--- a/lib/mpi/mpiutil.c
+++ b/lib/mpi/mpiutil.c
@@ -148,7 +148,7 @@ int mpi_resize(MPI a, unsigned nlimbs)
 		return 0;	/* no need to do it */
 	if (a->d) {
-		p = kmalloc_array(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL);
+		p = kcalloc(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL);
 		if (!p)
 			return -ENOMEM;
 		memcpy(p, a->d, a->alloced * sizeof(mpi_limb_t));

  parent reply	other threads:[~2021-05-27 13:54 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-27 13:53 [PATCH v2 0/7] crypto: add eddsa support for x509 Hongbo Li
2021-05-27 13:53 ` [PATCH v2 1/7] crypto: fix a memory leak in sm2 Hongbo Li
2021-05-28  6:27   ` Tianjia Zhang
2021-05-31 12:43     ` hongbo li
2021-05-27 13:53 ` Hongbo Li [this message]
2021-05-27 13:53 ` [PATCH v2 3/7] lib/mpi: export some common function Hongbo Li
2021-05-27 13:53 ` [PATCH v2 4/7] x509: add support for eddsa Hongbo Li
2021-05-27 13:53 ` [PATCH v2 5/7] crypto: move common code in sm2 to ec_mpi.c and ec_mpi.h Hongbo Li
2021-05-27 13:53 ` [PATCH v2 6/7] crypto: ed25519 cert verification Hongbo Li
2021-05-27 13:53 ` [PATCH v2 7/7] crypto: add eddsa test vector Hongbo Li

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).