From patchwork Wed Feb 7 01:10:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10204389 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 186336037E for ; Wed, 7 Feb 2018 01:16:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0B1C428D8B for ; Wed, 7 Feb 2018 01:16:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0032728D98; Wed, 7 Feb 2018 01:16:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A484128D8B for ; Wed, 7 Feb 2018 01:16:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932301AbeBGBQD (ORCPT ); Tue, 6 Feb 2018 20:16:03 -0500 Received: from mail-io0-f193.google.com ([209.85.223.193]:34574 "EHLO mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932154AbeBGBQB (ORCPT ); Tue, 6 Feb 2018 20:16:01 -0500 Received: by mail-io0-f193.google.com with SMTP id c17so194286iod.1; Tue, 06 Feb 2018 17:16:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1Zj+8CEjalm/0xcnm7HAn+3ZilbIuxAwj56w23HX2jY=; b=It9efBMHBWNxg2WYx+e3GP8ioMuxMRnMSGtgmEDpHnAy9aiOwi9J46hNjVHM5HdhQ8 QHETufAkP/T74c35oHk6TU0HzImrHsIM3xC5VAgOUnIK3AI9zr3yWp/nOu72KJ9hDzgI xWNhaQHSzNTF/P1ETYm3UgMlBi5gwYOm2EnSmiXhylojUaDKXBVGkfOL+jKusz7eT2// KrAS0+njY2NhN3Bf4VmCJ7NxmOENVtFtPXAysKK170KAHsE3QZ/dQMTACGWDA52t5pQX 3smllW3kenBLcmzpsJ4gwp0XrV+zeiNRANbH3PRJARO6ddnx42fwZ/7a2WPjn1pZ6mFT fitw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1Zj+8CEjalm/0xcnm7HAn+3ZilbIuxAwj56w23HX2jY=; b=ehz5L56gceRT1eYZy3Px0S+8qfkPH1NnDAITadV0oXhp2wt0mW578yVzTu9VtUE2vu 7U/7dNgYy7dln6T3BfpjxU1/qupTemgCoRnZlsm+TOd+XO4miOtsUe8MHXTiJg9auQql 6k5uSJYohPnQSRg1UFUTJIETlFJlmPOvzP5vQ+NAIz0FpDUabBldm8bH62X8F+jpxk71 6hxK9mBisXTF4UN8aEI/jlODooYRhMcFhHm+Kr/2pAfOVzLrXzWrGO7DJo1JBy4Ckf52 KbBwAmKXXkN0M1iHKnOUJQXVMuQa6qHWcB4IXVXQHpGmwRE3TBME5pQslsnna810JZxe 0Kdg== X-Gm-Message-State: APf1xPCcxwsVd8TAUOuxiaUbM3hN67t+shwTOpEF/2Fk00hkF4QOHcgB hdhq13owDBkYSNtgcKRl6W0sVthl X-Google-Smtp-Source: AH8x224zCeSxSZOmNAyzMOLEReAbyqssZGS8ZxGoNWNvza+sHA7I3zdCMj18PQoR672vPziKDkvMAg== X-Received: by 10.107.180.16 with SMTP id d16mr5593140iof.244.1517966161248; Tue, 06 Feb 2018 17:16:01 -0800 (PST) Received: from ebiggers-linuxstation.kir.corp.google.com ([2620:15c:17:3:dc28:5c82:b905:e8a8]) by smtp.gmail.com with ESMTPSA id c9sm186364iod.5.2018.02.06.17.16.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Feb 2018 17:16:00 -0800 (PST) From: Eric Biggers To: David Howells , keyrings@vger.kernel.org Cc: linux-crypto@vger.kernel.org, Michael Halcrow , Eric Biggers Subject: [PATCH 3/9] PKCS#7: fix direct verification of SignerInfo signature Date: Tue, 6 Feb 2018 17:10:06 -0800 Message-Id: <20180207011012.5928-4-ebiggers3@gmail.com> X-Mailer: git-send-email 2.16.0.rc1.238.g530d649a79-goog In-Reply-To: <20180207011012.5928-1-ebiggers3@gmail.com> References: <20180207011012.5928-1-ebiggers3@gmail.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers If none of the certificates in a SignerInfo's certificate chain match a trusted key, nor is the last certificate signed by a trusted key, then pkcs7_validate_trust_one() tries to check whether the SignerInfo's signature was made directly by a trusted key. But, it actually fails to set the 'sig' variable correctly, so it actually verifies the last signature seen. That will only be the SignerInfo's signature if the certificate chain is empty; otherwise it will actually be the last certificate's signature. This is not by itself a security problem, since verifying any of the certificates in the chain should be sufficient to verify the SignerInfo. Still, it's not working as intended so it should be fixed. Fix it by setting 'sig' correctly for the direct verification case. Fixes: 757932e6da6d ("PKCS#7: Handle PKCS#7 messages that contain no X.509 certs") Signed-off-by: Eric Biggers --- crypto/asymmetric_keys/pkcs7_trust.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c index 1f4e25f10049..598906b1e28d 100644 --- a/crypto/asymmetric_keys/pkcs7_trust.c +++ b/crypto/asymmetric_keys/pkcs7_trust.c @@ -106,6 +106,7 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, pr_devel("sinfo %u: Direct signer is key %x\n", sinfo->index, key_serial(key)); x509 = NULL; + sig = sinfo->sig; goto matched; } if (PTR_ERR(key) != -ENOKEY)