KEYS: asymmetric: enforce SM2 signature use pkey algo (0815291a) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux

Commit 0815291a authored Jun 28, 2022 by

Tianjia Zhang Committed by Jarkko Sakkinen Aug 03, 2022

KEYS: asymmetric: enforce SM2 signature use pkey algo

The signature verification of SM2 needs to add the Za value and
recalculate sig->digest, which requires the detection of the pkey_algo
in public_key_verify_signature(). As Eric Biggers said, the pkey_algo
field in sig is attacker-controlled and should be use pkey->pkey_algo
instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it
will also cause signature verification failure.

The software_key_determine_akcipher() already forces the algorithms
are matched, so the SM3 algorithm is enforced in the SM2 signature,
although this has been checked, we still avoid using any algorithm
information in the signature as input.

Fixes: 21552563

 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
Reported-by: Eric Biggers <ebiggers@google.com>
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

parent d35f42ca

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 84075af9
· Aug 18, 2022

mentioned in commit 84075af9

mentioned in commit 84075af9fb4a895cb6c9a880107a8ee0476afb08

Toggle commit list
mirror @mirror
mentioned in commit f8b4a294
· Aug 18, 2022

mentioned in commit f8b4a294

mentioned in commit f8b4a29481582bea75d57c1742a5200dbd27e8ef

Toggle commit list
mirror @mirror
mentioned in commit 26ad6b0a
· Aug 18, 2022

mentioned in commit 26ad6b0a

mentioned in commit 26ad6b0aef0c807cfc738e23339f4ce2aab7be95

Toggle commit list
mirror @mirror
mentioned in commit 0e48eaf7
· Aug 22, 2022

mentioned in commit 0e48eaf7

mentioned in commit 0e48eaf75d18e70fed6c0f35388b484bcae1e31e

Toggle commit list

Please register or to comment