WSL2-Linux-Kernel/crypto/asymmetric_keys
Tianjia Zhang 84075af9fb KEYS: asymmetric: enforce SM2 signature use pkey algo
[ Upstream commit 0815291a8f ]

The signature verification of SM2 needs to add the Za value and
recalculate sig->digest, which requires the detection of the pkey_algo
in public_key_verify_signature(). As Eric Biggers said, the pkey_algo
field in sig is attacker-controlled and should be use pkey->pkey_algo
instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it
will also cause signature verification failure.

The software_key_determine_akcipher() already forces the algorithms
are matched, so the SM3 algorithm is enforced in the SM2 signature,
although this has been checked, we still avoid using any algorithm
information in the signature as input.

Fixes: 2155256396 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
Reported-by: Eric Biggers <ebiggers@google.com>
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-08-17 14:24:28 +02:00
..
Kconfig crypto: asymmetric_keys - select CRYPTO_HASH where needed 2019-06-27 14:28:01 +08:00
Makefile X.509: Fix modular build of public_key_sm2 2020-10-08 16:39:14 +11:00
asym_tpm.c crypto: asym_tpm: correct zero out potential secrets 2020-12-31 10:48:53 +01:00
asymmetric_keys.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
asymmetric_type.c KEYS: asymmetric: Fix kerneldoc 2021-01-21 16:16:09 +00:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
mscode_parser.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs7_key_type.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
pkcs7_parser.c certs: Add support for using elliptic curve keys for signing modules 2021-08-23 19:55:42 +03:00
pkcs7_parser.h crypto: asymmetric_keys: fix some comments in pkcs7_parser.h 2021-01-21 16:16:09 +00:00
pkcs7_trust.c PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one 2021-01-21 16:16:09 +00:00
pkcs7_verify.c KEYS: asymmetric: enforce that sig algo matches key algo 2022-04-08 14:22:51 +02:00
pkcs8.asn1 KEYS: Implement PKCS#8 RSA Private Key parser [ver #2] 2018-10-26 09:30:46 +01:00
pkcs8_parser.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
public_key.c KEYS: asymmetric: enforce SM2 signature use pkey algo 2022-08-17 14:24:28 +02:00
restrict.c keys: Update comment for restrict_link_by_key_or_keyring_chain 2021-02-16 10:40:27 +02:00
signature.c docs: crypto: convert asymmetric-keys.txt to ReST 2020-06-19 14:03:46 -06:00
tpm.asn1 KEYS: Add parser for TPM-based keys [ver #2] 2018-10-26 09:30:46 +01:00
tpm_parser.c KEYS: Add parser for TPM-based keys [ver #2] 2018-10-26 09:30:46 +01:00
verify_pefile.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
verify_pefile.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
x509.asn1 X.509: parse public key parameters from x509 for akcipher 2019-04-18 22:15:02 +08:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c x509: Add OID for NIST P384 and extend parser for it 2021-03-26 19:41:59 +11:00
x509_parser.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
x509_public_key.c KEYS: asymmetric: enforce that sig algo matches key algo 2022-04-08 14:22:51 +02:00