Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp2887208rwb; Mon, 15 Aug 2022 13:20:09 -0700 (PDT) X-Google-Smtp-Source: AA6agR4PVhpwq6pXDFZrECi97DOGNDN9AVp21SSqDlmBZJLVrYfo1BV8a5vI/v/ix087hg8JeA9s X-Received: by 2002:a17:907:2856:b0:730:df57:1249 with SMTP id el22-20020a170907285600b00730df571249mr11448846ejc.536.1660594809273; Mon, 15 Aug 2022 13:20:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660594809; cv=none; d=google.com; s=arc-20160816; b=DdCHMKURnSGoOkOzNolsVM3w85QNrry9UT6yzQvV0fR6B2Uk1HmpNiF5CG4YRiOqyq lTnbTc8bwdHdXWWCmjVc1JKm6IPxElebKH0RE8zX2DXdzOLUJSxrrPmk/crxgClztIzk UwzrdRJ7O3XhsazFjD0SwPq2LHmwE9RutLIAkMQchXPzng9MUdLbNQRouEHHBiwHyPg1 NiYiYxHFJ/2/397XJ6EE2Nt9aFp26ao3cmAiOb2ELx47Y/fgROKGJNl7MsLc0w8nARR9 SOpgsJGC4vKpoopps0VWldqn3mbmzknc2DRiW2LgvkAaj0nYVyEvH8TR8EjOaVWV8pra 1VbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=eG0tq9aJ7MAttmERqjxGzsF7AWjEkNq96z4XuNem62g=; b=legJM1WIq7h3qL8ouiPvlQYYpjjRA1ZxvDvbsxATId39tCF70eGISNYbduX7QXWduO DL0qGucfBe9d9cjzQVY+zCmWbVc4ebPtKChrgYW24hKmsjrRxrKAHeFE8/7sAubibhvk W6FeoIDqDonByeG4tc2iXPwaFVZgs4+Man1gwKtc+7DQgMCMlaWzNl/6FiWEexHoKd2U rcYVgzqvGDU5g2IXEQlXk4nEH4O7XLKspVmUvUZSPWOvIzilAysAlSkX6n15JLPwQUzq 19/vcC9yNIgtWoaaNY4Gs12GUbnVVZyca8VApvS15qADlPuA+loh5o9/MeQ+/cUXBCoT dqVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=1YpEdVdY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j9-20020a05640211c900b0043bfc5f6a21si10612213edw.260.2022.08.15.13.19.41; Mon, 15 Aug 2022 13:20:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=1YpEdVdY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232005AbiHOT6s (ORCPT + 99 others); Mon, 15 Aug 2022 15:58:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345973AbiHOT4r (ORCPT ); Mon, 15 Aug 2022 15:56:47 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 715457694A; Mon, 15 Aug 2022 11:52:41 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id A198CB810A6; Mon, 15 Aug 2022 18:52:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E4BD2C433D6; Mon, 15 Aug 2022 18:52:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1660589553; bh=kxzoYOEPOH9+Y+3lO+DaaJftUEo51nXgjw+Ns0g0fJM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=1YpEdVdY6rh9wDsl+Djmr7sWCsbvzWX45GNMYxJSvOnqNPn4AsVMpHY1V0/TyZOr5 yIFROq7w9ZvxyXsTTq63to8rjUu8Zx/EowE+7rll2asKLNHLv3e0AmGg2TcW04wbcV 9VTZkwN5Ln/MyuLEcGtk+Kx86kC6+IBiiEzl7qro= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Tianjia Zhang , Jarkko Sakkinen , Sasha Levin Subject: [PATCH 5.15 754/779] KEYS: asymmetric: enforce SM2 signature use pkey algo Date: Mon, 15 Aug 2022 20:06:38 +0200 Message-Id: <20220815180409.709757173@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220815180337.130757997@linuxfoundation.org> References: <20220815180337.130757997@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tianjia Zhang [ Upstream commit 0815291a8fd66cdcf7db1445d4d99b0d16065829 ] The signature verification of SM2 needs to add the Za value and recalculate sig->digest, which requires the detection of the pkey_algo in public_key_verify_signature(). As Eric Biggers said, the pkey_algo field in sig is attacker-controlled and should be use pkey->pkey_algo instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it will also cause signature verification failure. The software_key_determine_akcipher() already forces the algorithms are matched, so the SM3 algorithm is enforced in the SM2 signature, although this has been checked, we still avoid using any algorithm information in the signature as input. Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification") Reported-by: Eric Biggers Cc: stable@vger.kernel.org # v5.10+ Signed-off-by: Tianjia Zhang Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen Signed-off-by: Sasha Levin --- crypto/asymmetric_keys/public_key.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 7c9e6be35c30..2f8352e88860 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -304,6 +304,10 @@ static int cert_sig_digest_update(const struct public_key_signature *sig, BUG_ON(!sig->data); + /* SM2 signatures always use the SM3 hash algorithm */ + if (!sig->hash_algo || strcmp(sig->hash_algo, "sm3") != 0) + return -EINVAL; + ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, SM2_DEFAULT_USERID_LEN, dgst); if (ret) @@ -414,8 +418,7 @@ int public_key_verify_signature(const struct public_key *pkey, if (ret) goto error_free_key; - if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 && - sig->data_size) { + if (strcmp(pkey->pkey_algo, "sm2") == 0 && sig->data_size) { ret = cert_sig_digest_update(sig, tfm); if (ret) goto error_free_key; -- 2.35.1