Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp3113694rwb; Mon, 15 Aug 2022 18:26:25 -0700 (PDT) X-Google-Smtp-Source: AA6agR5+1Hwh2yQfBDmDpx/bYE8DZwrv30IBq44NNA6mldjNJ3mN78jqXzkcggbxi4KaHsJbPTT0 X-Received: by 2002:a65:4bc9:0:b0:41d:692e:e9f8 with SMTP id p9-20020a654bc9000000b0041d692ee9f8mr15638349pgr.462.1660613185699; Mon, 15 Aug 2022 18:26:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660613185; cv=none; d=google.com; s=arc-20160816; b=yJI+shGWW5nJjtXsTG2vATNLm1HyEzA2aR1eXCOq6WrC41Qn0ASs7T1g55o+YdPgFF wbyBzl596LjVdqM/2HHhjuCrJz6mco5Yk+NmccyqcLfVOsLdhQoYo5ZVbCMFXLSHnSfu 1+O7nxufwz8DYlxPYNUsbsa8KUYYd7UbQE4NdvE+ng3zQeTWrYuM22fwK26DX+Cslrrt FE9cn33k3OIGA7RRZodmoafjv301WpiNdc7nUkko1OjdCTbplT6HJg++st71WNUXGU03 yUR8R/9L+1OxyAU6fVf1SZf7WM8JXQuGPbinc8KngVsbMA3Sr9tUa8JI6RC4rS+jbH2+ ZArw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=eG0tq9aJ7MAttmERqjxGzsF7AWjEkNq96z4XuNem62g=; b=j5HAog5IvjI9JGjA3DMbw+fpd2ThFxl7gm7O0+mEnfb6OY0c2BHXce85Ol2Ksyhif9 +JGssaM77HBiSYRCfIdD9eMcLh21GLhLypGTue5tX5Yz9mm6/kUDtHm6N0BQXtSlMLGs 6kFxHmmaWtOV+MvMFqaOr/jpUxB+Mmo7i7/JNyKXBAheFBTZFdrGOF1VIQHa8BA/QfuS lqHXmS4noJ7rtNNoMUUZwFK+fbQybEx+VA5C8Cr38DG6S/bGdivVnFi8M30IFdwrI8ok Nes/oi45QBBse9TLS25OCvCdN7cvjOeCSmmJnN31M4Gxmp0sbY8thr6ElRwC99jXycFf MIyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PBaGZb9l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f7-20020a056a00228700b005184183372csi12000454pfe.350.2022.08.15.18.26.00; Mon, 15 Aug 2022 18:26:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PBaGZb9l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353935AbiHOXkA (ORCPT + 99 others); Mon, 15 Aug 2022 19:40:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353929AbiHOXg5 (ORCPT ); Mon, 15 Aug 2022 19:36:57 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C72A152411; Mon, 15 Aug 2022 13:09:34 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E67E260DE3; Mon, 15 Aug 2022 20:09:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CB6EBC433D7; Mon, 15 Aug 2022 20:09:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1660594173; bh=kxzoYOEPOH9+Y+3lO+DaaJftUEo51nXgjw+Ns0g0fJM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PBaGZb9ljwf2AccU0achhb3OJLG65Ratxl1Qt4XGE/5N6r8aTM6Yq4BXBW8QpWXVM i96k1fOTu/2Zj00wiPgPpFvNSvFj6QtlTfKOFrIfMinl4L97xIaJ3ARxUzQKnlIA4k HKiPliBgkuGWZKEgrKgWWNtLoGWWWUzcTLF5I1K4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Tianjia Zhang , Jarkko Sakkinen , Sasha Levin Subject: [PATCH 5.18 1067/1095] KEYS: asymmetric: enforce SM2 signature use pkey algo Date: Mon, 15 Aug 2022 20:07:46 +0200 Message-Id: <20220815180513.186363638@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220815180429.240518113@linuxfoundation.org> References: <20220815180429.240518113@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tianjia Zhang [ Upstream commit 0815291a8fd66cdcf7db1445d4d99b0d16065829 ] The signature verification of SM2 needs to add the Za value and recalculate sig->digest, which requires the detection of the pkey_algo in public_key_verify_signature(). As Eric Biggers said, the pkey_algo field in sig is attacker-controlled and should be use pkey->pkey_algo instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it will also cause signature verification failure. The software_key_determine_akcipher() already forces the algorithms are matched, so the SM3 algorithm is enforced in the SM2 signature, although this has been checked, we still avoid using any algorithm information in the signature as input. Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification") Reported-by: Eric Biggers Cc: stable@vger.kernel.org # v5.10+ Signed-off-by: Tianjia Zhang Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen Signed-off-by: Sasha Levin --- crypto/asymmetric_keys/public_key.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 7c9e6be35c30..2f8352e88860 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -304,6 +304,10 @@ static int cert_sig_digest_update(const struct public_key_signature *sig, BUG_ON(!sig->data); + /* SM2 signatures always use the SM3 hash algorithm */ + if (!sig->hash_algo || strcmp(sig->hash_algo, "sm3") != 0) + return -EINVAL; + ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, SM2_DEFAULT_USERID_LEN, dgst); if (ret) @@ -414,8 +418,7 @@ int public_key_verify_signature(const struct public_key *pkey, if (ret) goto error_free_key; - if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 && - sig->data_size) { + if (strcmp(pkey->pkey_algo, "sm2") == 0 && sig->data_size) { ret = cert_sig_digest_update(sig, tfm); if (ret) goto error_free_key; -- 2.35.1