[v2,0/2] Fix bugs in public_key_verify_signature()

Message ID	20220208052448.409152-1-ebiggers@kernel.org (mailing list archive)
Headers	show Return-Path: <keyrings-owner@kernel.org> From: Eric Biggers <ebiggers@kernel.org> To: keyrings@vger.kernel.org, Jarkko Sakkinen <jarkko@kernel.org>, David Howells <dhowells@redhat.com> Cc: linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, Stefan Berger <stefanb@linux.ibm.com>, Gilad Ben-Yossef <gilad@benyossef.com>, Tianjia Zhang <tianjia.zhang@linux.alibaba.com>, Vitaly Chikunov <vt@altlinux.org>, Mimi Zohar <zohar@linux.ibm.com> Subject: [PATCH v2 0/2] Fix bugs in public_key_verify_signature() Date: Mon, 7 Feb 2022 21:24:46 -0800 Message-Id: <20220208052448.409152-1-ebiggers@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Fix bugs in public_key_verify_signature() \| expand [v2,0/2] Fix bugs in public_key_verify_signature() [v2,1/2] KEYS: asymmetric: enforce that sig algo matches key algo [v2,2/2] KEYS: asymmetric: properly validate hash_algo and encoding

Message ID

20220208052448.409152-1-ebiggers@kernel.org (mailing list archive)

Headers

From: Eric Biggers <ebiggers@kernel.org>
To: keyrings@vger.kernel.org, Jarkko Sakkinen <jarkko@kernel.org>,
        David Howells <dhowells@redhat.com>
Cc: linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org,
        Stefan Berger <stefanb@linux.ibm.com>,
        Gilad Ben-Yossef <gilad@benyossef.com>,
        Tianjia Zhang <tianjia.zhang@linux.alibaba.com>,
        Vitaly Chikunov <vt@altlinux.org>,
        Mimi Zohar <zohar@linux.ibm.com>
Subject: [PATCH v2 0/2] Fix bugs in public_key_verify_signature()
Date: Mon,  7 Feb 2022 21:24:46 -0800
Message-Id: <20220208052448.409152-1-ebiggers@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Fix bugs in public_key_verify_signature() | expand

Message

Eric Biggers Feb. 8, 2022, 5:24 a.m. UTC

This patchset fixes some bugs in public_key_verify_signature() where it
could be tricked into using the wrong algorithm, as was discussed at
https://lore.kernel.org/linux-integrity/20211202215507.298415-1-zohar@linux.ibm.com/T/#t

I'd appreciate it if the people who care about each of the supported
public key algorithms (RSA, ECDSA, ECRDSA, and SM2) would test this
patchset to make sure it still works for their use case(s).  I've tested
that X.509 and PKCS#7 with RSA still work.

Note, I have *not* included a fix for SM2 being implemented incorrectly.
That is another bug that I pointed out in the above thread.  I think
that bug is for the people who actually care about SM2.

This applies to v5.17-rc3.

Changed v1 => v2:
   - Changed patch 1 to continue allowing a NULL sig->pkey_algo.

Eric Biggers (2):
  KEYS: asymmetric: enforce that sig algo matches key algo
  KEYS: asymmetric: properly validate hash_algo and encoding

 crypto/asymmetric_keys/pkcs7_verify.c    |   6 --
 crypto/asymmetric_keys/public_key.c      | 126 ++++++++++++++++-------
 crypto/asymmetric_keys/x509_public_key.c |   6 --
 3 files changed, 91 insertions(+), 47 deletions(-)


base-commit: dfd42facf1e4ada021b939b4e19c935dcdd55566