Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp3004707imm;
        Sun, 1 Jul 2018 10:07:15 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpdZ5WtF2ihDJriPDCWmzJr7oZYNgw94M9WQ3mfAsqzaKEKmLXyU6+E8BmHGsYKC5Q3D+0MD
X-Received: by 2002:a62:fe19:: with SMTP id z25-v6mr21841675pfh.167.1530464835588;
        Sun, 01 Jul 2018 10:07:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1530464835; cv=none;
        d=google.com; s=arc-20160816;
        b=GilpDnTZgRT92r+OUA3MLQCEDwmQLX0fpowqRaGyHBfwWQOEpTxdzMhmb5baBow8kC
         UA9JMj/KNCc5xe7BzI7ilpUB/rDeMZktfAgdBlKEVpCPhCYS66gLnU6bpGyXzTIcOaTE
         beRIfiCe5dV065iPZWgNkVdGBTPdAirmlsl8cjZR908pXg1SksiJBjkqCBgPmUS1IZ+h
         9Q+F9tvzAeTkaSiabdAeLHZEHr21OVUht1q768VPG+vM4pTLexIZ8fMh4fBFLMrE2PFr
         pZ57OX2PX4IkQvJSVM7lLUkY2CkV0E2m9nBq//vrbm4G/iF3ZYDYvLqkCT9+TTwwlLBH
         +M+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=Vu5YHMx9pvLyujv2Drl8Lzwwn4tTELhYHHpi3fXTJ3g=;
        b=c25tm9PJi8uyM0LXqSfJk5nfThzRjnRATw0pKEe1GfuFDnEGo/b5eZSItQpzsyLE5K
         Uq0/zX1pu7gJsqYQk37B3WkX94+mo/gssZyGxMgNRu5D8Ne/nHlQdsjrqCJtuuhXHq4b
         VAE9EkxI7gPBVgS1GrFSZAC2NRuk/WzCBD5zbTeADCtY4nsPS0Bhzp4tU7Tk18qqr+nW
         sjbqn3flB7zhgVYXj2yX3DtDQavfjqiBN/muntIiOC29upHzBS2DsC1pOfv4gY0LLCwe
         07uZQ72S6fTko7VwnyEG1NJrGv7reDyAZiBpBDGQy0+42j6biEuDtaS4wj6+Kb+G8uH+
         BJ2A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a5-v6si3447738pll.412.2018.07.01.10.07.01;
        Sun, 01 Jul 2018 10:07:15 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753681AbeGARGU (ORCPT <rfc822;deadfox.tw@gmail.com>
        + 99 others); Sun, 1 Jul 2018 13:06:20 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:37616 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1032159AbeGAQmV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 1 Jul 2018 12:42:21 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 394B2A73;
        Sun,  1 Jul 2018 16:42:20 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>,
        James Morris <james.morris@microsoft.com>
Subject: [PATCH 4.17 127/220] X.509: unpack RSA signatureValue field from BIT STRING
Date:   Sun,  1 Jul 2018 18:22:31 +0200
Message-Id: <20180701160913.643888802@linuxfoundation.org>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180701160908.272447118@linuxfoundation.org>
References: <20180701160908.272447118@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.17-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Maciej S. Szmigiero <mail@maciej.szmigiero.name>

commit b65c32ec5a942ab3ada93a048089a938918aba7f upstream.

The signatureValue field of a X.509 certificate is encoded as a BIT STRING.
For RSA signatures this BIT STRING is of so-called primitive subtype, which
contains a u8 prefix indicating a count of unused bits in the encoding.

We have to strip this prefix from signature data, just as we already do for
key data in x509_extract_key_data() function.

This wasn't noticed earlier because this prefix byte is zero for RSA key
sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero
prefixes has no bearing on its value.

The signature length, however was incorrect, which is a problem for RSA
implementations that need it to be exactly correct (like AMD CCP).

Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Fixes: c26fd69fa009 ("X.509: Add a crypto key parser for binary (DER) X.509 certificates")
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/asymmetric_keys/x509_cert_parser.c |    9 +++++++++
 1 file changed, 9 insertions(+)

--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -249,6 +249,15 @@ int x509_note_signature(void *context, s
 		return -EINVAL;
 	}
 
+	if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) {
+		/* Discard the BIT STRING metadata */
+		if (vlen < 1 || *(const u8 *)value != 0)
+			return -EBADMSG;
+
+		value++;
+		vlen--;
+	}
+
 	ctx->cert->raw_sig = value;
 	ctx->cert->raw_sig_size = vlen;
 	return 0;