• Tianjia Zhang's avatar
    KEYS: asymmetric: enforce SM2 signature use pkey algo · 0815291a
    Tianjia Zhang authored
    The signature verification of SM2 needs to add the Za value and
    recalculate sig->digest, which requires the detection of the pkey_algo
    in public_key_verify_signature(). As Eric Biggers said, the pkey_algo
    field in sig is attacker-controlled and should be use pkey->pkey_algo
    instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it
    will also cause signature verification failure.
    
    The software_key_determine_akcipher() already forces the algorithms
    are matched, so the SM3 algorithm is enforced in the SM2 signature,
    although this has been checked, we still avoid using any algorithm
    information in the signature as input.
    
    Fixes: 21552563 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
    Reported-by: default avatarEric Biggers <ebiggers@google.com>
    Cc: stable@vger.kernel.org # v5.10+
    Signed-off-by: default avatarTianjia Zhang <tianjia.zhang@linux.alibaba.com>
    Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
    Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
    0815291a
public_key.c 12 KB