releases/5.10.50/crypto-sm2-fix-a-memory-leak-in-sm2.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 268a3334e47b3894e7085cd0cf0c9f95b00261dd Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Fri, 4 Jun 2021 14:30:35 +0800
 Subject: crypto: sm2 - fix a memory leak in sm2

 From: Hongbo Li <herberthbli@tencent.com>

 [ Upstream commit 5cd259ca5d466f65ffd21e2e2fa00fb648a8c555 ]

 SM2 module alloc ec->Q in sm2_set_pub_key(), when doing alg test in
 test_akcipher_one(), it will set public key for every test vector,
 and don't free ec->Q. This will cause a memory leak.

 This patch alloc ec->Q in sm2_ec_ctx_init().

 Fixes: ea7ecb66440b ("crypto: sm2 - introduce OSCCA SM2 asymmetric cipher algorithm")
 Signed-off-by: Hongbo Li <herberthbli@tencent.com>
 Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  crypto/sm2.c | 24 ++++++++++--------------
  1 file changed, 10 insertions(+), 14 deletions(-)

 diff --git a/crypto/sm2.c b/crypto/sm2.c
 index b21addc3ac06..db8a4a265669 100644
 --- a/crypto/sm2.c
 +++ b/crypto/sm2.c
 @@ -79,10 +79,17 @@ static int sm2_ec_ctx_init(struct mpi_ec_ctx *ec)
  		goto free;

  	rc = -ENOMEM;
 +
 +	ec->Q = mpi_point_new(0);
 +	if (!ec->Q)
 +		goto free;
 +
  	/* mpi_ec_setup_elliptic_curve */
  	ec->G = mpi_point_new(0);
 -	if (!ec->G)
 +	if (!ec->G) {
 +		mpi_point_release(ec->Q);
  		goto free;
 +	}

  	mpi_set(ec->G->x, x);
  	mpi_set(ec->G->y, y);
 @@ -91,6 +98,7 @@ static int sm2_ec_ctx_init(struct mpi_ec_ctx *ec)
  	rc = -EINVAL;
  	ec->n = mpi_scanval(ecp->n);
  	if (!ec->n) {
 +		mpi_point_release(ec->Q);
  		mpi_point_release(ec->G);
  		goto free;
  	}
 @@ -386,27 +394,15 @@ static int sm2_set_pub_key(struct crypto_akcipher *tfm,
  	MPI a;
  	int rc;

 -	ec->Q = mpi_point_new(0);
 -	if (!ec->Q)
 -		return -ENOMEM;
 -
  	/* include the uncompressed flag '0x04' */
 -	rc = -ENOMEM;
  	a = mpi_read_raw_data(key, keylen);
  	if (!a)
 -		goto error;
 +		return -ENOMEM;

  	mpi_normalize(a);
  	rc = sm2_ecc_os2ec(ec->Q, a);
  	mpi_free(a);
 -	if (rc)
 -		goto error;
 -
 -	return 0;

 -error:
 -	mpi_point_release(ec->Q);
 -	ec->Q = NULL;
  	return rc;
  }

 --
 2.30.2
	From 268a3334e47b3894e7085cd0cf0c9f95b00261dd Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Fri, 4 Jun 2021 14:30:35 +0800
	Subject: crypto: sm2 - fix a memory leak in sm2

	From: Hongbo Li <herberthbli@tencent.com>

	[ Upstream commit 5cd259ca5d466f65ffd21e2e2fa00fb648a8c555 ]

	SM2 module alloc ec->Q in sm2_set_pub_key(), when doing alg test in
	test_akcipher_one(), it will set public key for every test vector,
	and don't free ec->Q. This will cause a memory leak.

	This patch alloc ec->Q in sm2_ec_ctx_init().

	Fixes: ea7ecb66440b ("crypto: sm2 - introduce OSCCA SM2 asymmetric cipher algorithm")
	Signed-off-by: Hongbo Li <herberthbli@tencent.com>
	Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	crypto/sm2.c \| 24 ++++++++++--------------
	1 file changed, 10 insertions(+), 14 deletions(-)

	diff --git a/crypto/sm2.c b/crypto/sm2.c
	index b21addc3ac06..db8a4a265669 100644
	--- a/crypto/sm2.c
	+++ b/crypto/sm2.c
	@@ -79,10 +79,17 @@ static int sm2_ec_ctx_init(struct mpi_ec_ctx *ec)
	goto free;

	rc = -ENOMEM;
	+
	+ ec->Q = mpi_point_new(0);
	+ if (!ec->Q)
	+ goto free;
	+
	/* mpi_ec_setup_elliptic_curve */
	ec->G = mpi_point_new(0);
	- if (!ec->G)
	+ if (!ec->G) {
	+ mpi_point_release(ec->Q);
	goto free;
	+ }

	mpi_set(ec->G->x, x);
	mpi_set(ec->G->y, y);
	@@ -91,6 +98,7 @@ static int sm2_ec_ctx_init(struct mpi_ec_ctx *ec)
	rc = -EINVAL;
	ec->n = mpi_scanval(ecp->n);
	if (!ec->n) {
	+ mpi_point_release(ec->Q);
	mpi_point_release(ec->G);
	goto free;
	}
	@@ -386,27 +394,15 @@ static int sm2_set_pub_key(struct crypto_akcipher *tfm,
	MPI a;
	int rc;

	- ec->Q = mpi_point_new(0);
	- if (!ec->Q)
	- return -ENOMEM;
	-
	/* include the uncompressed flag '0x04' */
	- rc = -ENOMEM;
	a = mpi_read_raw_data(key, keylen);
	if (!a)
	- goto error;
	+ return -ENOMEM;

	mpi_normalize(a);
	rc = sm2_ecc_os2ec(ec->Q, a);
	mpi_free(a);
	- if (rc)
	- goto error;
	-
	- return 0;

	-error:
	- mpi_point_release(ec->Q);
	- ec->Q = NULL;
	return rc;
	}

	--
	2.30.2