lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260120211232.GB2657@quark>
Date: Tue, 20 Jan 2026 13:12:32 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: David Howells <dhowells@...hat.com>
Cc: Lukas Wunner <lukas@...ner.de>, Ignat Korchagin <ignat@...udflare.com>,
	Jarkko Sakkinen <jarkko@...nel.org>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	Luis Chamberlain <mcgrof@...nel.org>,
	Petr Pavlu <petr.pavlu@...e.com>,
	Daniel Gomez <da.gomez@...nel.org>,
	Sami Tolvanen <samitolvanen@...gle.com>,
	"Jason A . Donenfeld" <Jason@...c4.com>,
	Ard Biesheuvel <ardb@...nel.org>,
	Stephan Mueller <smueller@...onox.de>, linux-crypto@...r.kernel.org,
	keyrings@...r.kernel.org, linux-modules@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v13 02/12] pkcs7: Allow the signing algo to calculate the
 digest itself

On Tue, Jan 20, 2026 at 02:50:48PM +0000, David Howells wrote:
> replace sig->digest with a copy of the contents of the
> authenticatedAttributes section and adjust the digest length to match.

As I mentioned on v11, it's misleading to start using the term digest
for something that isn't a digest.

Naturally, this confusing introduction of non-digest digests seems to
have already caused a bug: IMA calls pkcs7_get_digest() to calculate the
digest of the module.  But now that's no longer necessarily a digest.
It could be the entire signed attributes.

For security-critical code like this we need to have a clear design, not
just patch in hacks that overload existing code like this.

I'll also note that this commit doesn't fully implement "Allow the
signing algo to calculate the digest itself" as claimed, since only the
signed attributes case is handled.  It looks like the next patch is
intended to handle the other case.  But it's not made clear at all that
it's a two-part thing; this patch implies that it's complete.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ