1
linux/crypto/asymmetric_keys
Tianjia Zhang 0815291a8f KEYS: asymmetric: enforce SM2 signature use pkey algo
The signature verification of SM2 needs to add the Za value and
recalculate sig->digest, which requires the detection of the pkey_algo
in public_key_verify_signature(). As Eric Biggers said, the pkey_algo
field in sig is attacker-controlled and should be use pkey->pkey_algo
instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it
will also cause signature verification failure.

The software_key_determine_akcipher() already forces the algorithms
are matched, so the SM3 algorithm is enforced in the SM2 signature,
although this has been checked, we still avoid using any algorithm
information in the signature as input.

Fixes: 2155256396 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
Reported-by: Eric Biggers <ebiggers@google.com>
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2022-08-03 23:56:20 +03:00
..
asymmetric_keys.h
asymmetric_type.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
Kconfig certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
Makefile certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
mscode_parser.c
mscode.asn1
pkcs7_key_type.c
pkcs7_parser.c pkcs7: support EC-RDSA/streebog in SignerInfo 2022-08-03 23:56:20 +03:00
pkcs7_parser.h crypto: asymmetric_keys: fix some comments in pkcs7_parser.h 2021-01-21 16:16:09 +00:00
pkcs7_trust.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
pkcs7_verify.c KEYS: asymmetric: enforce that sig algo matches key algo 2022-03-10 01:46:59 +02:00
pkcs7.asn1
pkcs8_parser.c
pkcs8.asn1
public_key.c KEYS: asymmetric: enforce SM2 signature use pkey algo 2022-08-03 23:56:20 +03:00
restrict.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
selftest.c certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
signature.c crypto: cleanup comments 2022-03-03 10:49:20 +12:00
verify_pefile.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
verify_pefile.h
x509_akid.asn1
x509_cert_parser.c X.509: Support parsing certificate using SM2 algorithm 2022-08-03 23:56:20 +03:00
x509_loader.c certs: Move load_certificate_list() to be with the asymmetric keys code 2022-06-21 16:05:06 +01:00
x509_parser.h certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
x509_public_key.c certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
x509.asn1 KEYS: x509: clearly distinguish between key and signature algorithms 2022-03-08 10:33:18 +02:00