| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1452010098.2772.169.camel@linux.vnet.ibm.com>
Date: Tue, 05 Jan 2016 11:08:18 -0500
From: Mimi Zohar <zohar@...ux.vnet.ibm.com>
To: David Howells <dhowells@...hat.com>
Cc: dwmw2@...radead.org, David Woodhouse <David.Woodhouse@...el.com>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
Petko Manolov <petkan@...-labs.com>
Subject: Re: [RFC PATCH] X.509: Don't check the signature on apparently
self-signed keys [ver #2]
On Tue, 2016-01-05 at 15:47 +0000, David Howells wrote:
> If a certificate is self-signed, don't bother checking the validity of the
> signature. The cert cannot be checked by validation against the next one
> in the chain as this is the root of the chain. Trust for this certificate
> can only be determined by whether we obtained it from a trusted location
> (ie. it was built into the kernel at compile time).
>
> This also fixes a bug whereby certificates were being assumed to be
> self-signed if they had neither AKID nor SKID, the symptoms of which show
> up as an attempt to load a certificate failing with -ERANGE or -EBADMSG.
> This is produced from the RSA module when the result of calculating "m =
> s^e mod n" is checked.
>
> Signed-off-by: David Howells <dhowells@...hat.com>
> cc: David Woodhouse <David.Woodhouse@...el.com>
> cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>
> ---
>
> crypto/asymmetric_keys/x509_public_key.c | 25 ++++++++++++++++---------
> 1 file changed, 16 insertions(+), 9 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
> index 2a44b3752471..26e1937af7f4 100644
> --- a/crypto/asymmetric_keys/x509_public_key.c
> +++ b/crypto/asymmetric_keys/x509_public_key.c
> @@ -255,6 +255,9 @@ static int x509_validate_trust(struct x509_certificate *cert,
> struct key *key;
> int ret = 1;
>
> + if (!cert->akid_id || !cert->akid_skid)
> + return 1;
> +
> if (!trust_keyring)
> return -EOPNOTSUPP;
>
> @@ -312,17 +315,21 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
> cert->pub->algo = pkey_algo[cert->pub->pkey_algo];
> cert->pub->id_type = PKEY_ID_X509;
>
> - /* Check the signature on the key if it appears to be self-signed */
> - if ((!cert->akid_skid && !cert->akid_id) ||
> - asymmetric_key_id_same(cert->skid, cert->akid_skid) ||
> - asymmetric_key_id_same(cert->id, cert->akid_id)) {
> - ret = x509_check_signature(cert->pub, cert); /* self-signed */
> - if (ret < 0)
> - goto error_free_cert;
> - } else if (!prep->trusted) {
> + /* See if we can derive the trustability of this certificate.
> + *
> + * When it comes to self-signed certificates, we cannot evaluate
> + * trustedness except by the fact that we obtained it from a trusted
> + * location. So we just rely on x509_validate_trust() failing in this
> + * case.
> + *
> + * Note that there's a possibility of a self-signed cert matching a
> + * cert that we have (most likely a duplicate that we already trust) -
> + * in which case it will be marked trusted.
> + */
> + if (!prep->trusted) {
> ret = x509_validate_trust(cert, get_system_trusted_keyring());
> if (!ret)
> - prep->trusted = 1;
> + prep->trusted = true;
> }
You're missing Petko's patch:
41c89b6 IMA: create machine owner and blacklist keyrings
Mimi
>
> /* Propose a description */
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists