Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3311027imu; Sun, 11 Nov 2018 12:07:13 -0800 (PST) X-Google-Smtp-Source: AJdET5dN0hsdIsJsKiaqiiPc2iYbtboAPZPMB4f9kmLhwlv8RTJHaA0aF46DTCF6mU5XMdUnqSx0 X-Received: by 2002:aa7:8685:: with SMTP id d5-v6mr17115470pfo.58.1541966833509; Sun, 11 Nov 2018 12:07:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541966833; cv=none; d=google.com; s=arc-20160816; b=PTEEgrq42tfM40Qh4L3aj8KzJcI0fcelPhKC1v4t/7yrrNZfvJq1+sFvPZy8EQ/eyp hs+JPxQVs8MJsGHJ4JXgY7fTlA+2ZSNA5Ub2mLeGlM5GVbgmzoJR4EeTlCDDXB34gDU6 ol/akRwXUrPVteOBeNr+wvO8U+yD29d03KvRl4tUJv4pXxhPmGWUaPkcPSUItvtGvtbA pzl11DiWL5pKJFvHX7DlKB7azMzFovJ0sKPxB6n4tKLucSBR0BCj3dpAxmII4rOhG17e aKUSbioQtYdjDA/zHCbKRcG59/GCEdLusiSexv9K62CiYauiryMGe34NR0GTTp6YTeqI U3Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=62XtlBHx8U6dnbiUeecEX5bXYaRYiUH8ZFMohBW1GXs=; b=M5vungKpva5K5eSgGD8mMfG4tKmroZDV/4XBODvv2PFJyXfz0gemhvMHfkCUFMtnrQ N9kmft6PUupugxkt8/vGc6fvN2IN3CA79yBY1g8V4EEHbAhrcyeyxKxjC0ShN3+yN/wh NwOjGx04gXokF/Peyk2loX3Y5P9XbI9l7zwxCcmqX/Rvozir/8syqYSeBDx8EfiOH9Az smULmcvQGlzgh2joP3DIsfFgv6okfJIYRJ07bTPp8YUykZbGz8x6x97Oy2S0wTbDHqLm g/jHEXdrSFCGJxno2mYtDooUAKvNGTjpMKe8mAhcj4st+uxkU7NH2WGekf3xnjEcmnET n7Iw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m7si14185695pgi.547.2018.11.11.12.06.58; Sun, 11 Nov 2018 12:07:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731229AbeKLF4H (ORCPT + 99 others); Mon, 12 Nov 2018 00:56:07 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:51998 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728613AbeKLF4H (ORCPT ); Mon, 12 Nov 2018 00:56:07 -0500 Received: from [192.168.4.242] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1gLvsx-0000lF-Mt; Sun, 11 Nov 2018 19:59:07 +0000 Received: from ben by deadeye with local (Exim 4.91) (envelope-from ) id 1gLvsU-0001dU-BW; Sun, 11 Nov 2018 19:58:38 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "James Morris" , "Maciej S. Szmigiero" Date: Sun, 11 Nov 2018 19:49:05 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 197/366] X.509: unpack RSA signatureValue field from BIT STRING In-Reply-To: X-SA-Exim-Connect-IP: 192.168.4.242 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.61-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: "Maciej S. Szmigiero" commit b65c32ec5a942ab3ada93a048089a938918aba7f upstream. The signatureValue field of a X.509 certificate is encoded as a BIT STRING. For RSA signatures this BIT STRING is of so-called primitive subtype, which contains a u8 prefix indicating a count of unused bits in the encoding. We have to strip this prefix from signature data, just as we already do for key data in x509_extract_key_data() function. This wasn't noticed earlier because this prefix byte is zero for RSA key sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero prefixes has no bearing on its value. The signature length, however was incorrect, which is a problem for RSA implementations that need it to be exactly correct (like AMD CCP). Signed-off-by: Maciej S. Szmigiero Fixes: c26fd69fa009 ("X.509: Add a crypto key parser for binary (DER) X.509 certificates") Signed-off-by: James Morris [bwh: Backported to 3.16: - x509_certificate::sig is a structure, not a pointer - public_key_signature::pkey_algo is an enumeration type, not a string] Signed-off-by: Ben Hutchings --- crypto/asymmetric_keys/x509_cert_parser.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -205,6 +205,15 @@ int x509_note_signature(void *context, s return -EINVAL; } + if (ctx->cert->sig.pkey_algo == PKEY_ALGO_RSA) { + /* Discard the BIT STRING metadata */ + if (vlen < 1 || *(const u8 *)value != 0) + return -EBADMSG; + + value++; + vlen--; + } + ctx->cert->raw_sig = value; ctx->cert->raw_sig_size = vlen; return 0;