Eric Biggers 590bfb57b2 KEYS: asymmetric: properly validate hash_algo and encoding ... It is insecure to allow arbitrary hash algorithms and signature encodings to be used with arbitrary signature algorithms. Notably, ECDSA, ECRDSA, and SM2 all sign/verify raw hash values and don't disambiguate between different hash algorithms like RSA PKCS#1 v1.5 padding does. Therefore, they need to be restricted to certain sets of hash algorithms (ideally just one, but in practice small sets are used). Additionally, the encoding is an integral part of modern signature algorithms, and is not supposed to vary. Therefore, tighten the checks of hash_algo and encoding done by software_key_determine_akcipher(). Also rearrange the parameters to software_key_determine_akcipher() to put the public_key first, as this is the most important parameter and it often determines everything else. Fixes: 299f561a66 ("x509: Add support for parsing x509 certs with ECDSA keys") Fixes: 2155256396 ("X.509: support OSCCA SM2-with-SM3 certificate verification") Fixes: 0d7a78643f ("crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm") Cc: stable@vger.kernel.org Tested-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Vitaly Chikunov <vt@altlinux.org> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>		2022-03-10 01:47:13 +02:00
..
asymmetric_keys	KEYS: asymmetric: properly validate hash_algo and encoding	2022-03-10 01:47:13 +02:00
async_tx	async_xor: check src_offs is not NULL before updating it	2021-06-10 19:40:14 -07:00
842.c
acompress.c
adiantum.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
aead.c
aegis.h	crypto: aegis128 - Move simd prototypes into aegis.h	2021-03-19 21:59:45 +11:00
aegis128-core.c	crypto: aegis128 - Move simd prototypes into aegis.h	2021-03-19 21:59:45 +11:00
aegis128-neon-inner.c	crypto: aegis128/neon - move final tag check to SIMD domain	2020-11-27 17:13:40 +11:00
aegis128-neon.c	crypto: aegis128 - Move simd prototypes into aegis.h	2021-03-19 21:59:45 +11:00
aes_generic.c
aes_ti.c
af_alg.c	crypto: af_alg - get rid of alg_memory_allocated	2022-02-15 14:29:04 +00:00
ahash.c	crypto: ahash - Add init_tfm/exit_tfm	2020-08-28 16:58:28 +10:00
akcipher.c
algapi.c	crypto: api - Move cryptomgr soft dependency into algapi	2022-02-05 15:10:07 +11:00
algboss.c	exit: Rename module_put_and_exit to module_put_and_kthread_exit	2021-12-13 12:04:45 -06:00
algif_aead.c	crypto: algif_aead - Do not set MAY_BACKLOG on the async path	2020-08-21 14:45:27 +10:00
algif_hash.c
algif_rng.c	crypto: af_alg - add extra parameters for DRBG interface	2020-09-25 17:48:52 +10:00
algif_skcipher.c	crypto: algif_skcipher - EBUSY on aio should be an error	2020-08-21 14:45:26 +10:00
ansi_cprng.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
anubis.c
api.c	crypto: api - Move cryptomgr soft dependency into algapi	2022-02-05 15:10:07 +11:00
arc4.c	crypto: arc4 - mark ecb(arc4) skcipher as obsolete	2020-09-11 14:39:16 +10:00
authenc.c
authencesn.c
blake2b_generic.c	crypto: blake2b - update file comment	2021-01-03 08:41:39 +11:00
blake2s_generic.c	lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI	2022-02-04 19:22:32 +01:00
blowfish_common.c
blowfish_generic.c	crypto: blowfish - use unaligned accessors instead of alignmask	2021-02-10 17:55:56 +11:00
camellia_generic.c	crypto: camellia - use unaligned accessors instead of alignmask	2021-02-10 17:55:56 +11:00
cast5_generic.c	crypto: cast5 - use unaligned accessors instead of alignmask	2021-02-10 17:55:56 +11:00
cast6_generic.c	crypto: cast6 - use unaligned accessors instead of alignmask	2021-02-10 17:55:56 +11:00
cast_common.c
cbc.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
ccm.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
cfb.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
chacha20poly1305.c
chacha_generic.c
cipher.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
cmac.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
compress.c
crc32_generic.c	crypto: crc32-generic - Use SPDX-License-Identifier	2021-04-16 21:24:27 +10:00
crc32c_generic.c	crypto: crc32c_generic - delete and fix duplicated words	2020-08-21 14:45:25 +10:00
crct10dif_common.c
crct10dif_generic.c	crypto: crct10dif_generic - fix duplicated words	2020-08-21 14:45:25 +10:00
cryptd.c
crypto_engine.c	crypto: engine - Add KPP Support to Crypto Engine	2021-10-29 21:04:03 +08:00
crypto_null.c
crypto_user_base.c
crypto_user_stat.c
ctr.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
cts.c
curve25519-generic.c
deflate.c
des_generic.c
dh.c	crypto: dh - remove duplicate includes	2021-12-11 16:48:05 +11:00
dh_helper.c
drbg.c	crypto: drbg - ignore jitterentropy errors if not in FIPS mode	2021-12-11 16:48:06 +11:00
ecb.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
ecc.c	crypto: ecc - Export additional helper functions	2021-10-29 21:04:03 +08:00
ecc_curve_defs.h	Merge branch 'ecc'	2021-03-26 19:55:55 +11:00
ecdh.c	crypto: ecc - Move ecc.h to include/crypto/internal	2021-10-29 21:04:03 +08:00
ecdh_helper.c	crypto: ecdh - move curve_id of ECDH from the key to algorithm name	2021-03-13 00:04:03 +11:00
ecdsa.c	crypto: ecc - Move ecc.h to include/crypto/internal	2021-10-29 21:04:03 +08:00
ecdsasignature.asn1	crypto: ecdsa - Add support for ECDSA signature verification	2021-03-26 19:41:58 +11:00
echainiv.c
ecrdsa.c	crypto: ecc - Move ecc.h to include/crypto/internal	2021-10-29 21:04:03 +08:00
ecrdsa_defs.h	crypto: ecc - Move ecc.h to include/crypto/internal	2021-10-29 21:04:03 +08:00
ecrdsa_params.asn1
ecrdsa_pub_key.asn1
essiv.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
fcrypt.c	crypto: fcrypt - Remove 'do while(0)' loop for single statement macro	2021-04-02 18:28:13 +11:00
fips.c
gcm.c
geniv.c
gf128mul.c
ghash-generic.c
hash_info.c
hmac.c
internal.h	crypto: api - Fix built-in testing dependency failures	2021-09-24 16:03:05 +08:00
jitterentropy-kcapi.c	crypto: jitter - don't limit ->health_failure check to FIPS mode	2021-12-11 16:48:06 +11:00
jitterentropy.c	crypto: jitter - add oversampling of noise source	2021-12-31 18:10:54 +11:00
jitterentropy.h	crypto: jitter - don't limit ->health_failure check to FIPS mode	2021-12-11 16:48:06 +11:00
Kconfig	lib/crypto: add prompts back to crypto libraries	2022-01-18 13:03:55 +01:00
kdf_sp800108.c	crypto: kdf - add SP800-108 counter key derivation function	2021-11-26 16:25:17 +11:00
keywrap.c	crypto: keywrap - Remove else after break statement	2021-04-02 18:28:13 +11:00
khazad.c	crypto: khazad,wp512 - remove leading spaces before tabs	2021-05-28 15:11:44 +08:00
kpp.c
lrw.c
lz4.c
lz4hc.c
lzo-rle.c
lzo.c
Makefile	crypto: kdf - add SP800-108 counter key derivation function	2021-11-26 16:25:17 +11:00
md4.c
md5.c
memneq.c
michael_mic.c	crypto: michael_mic - fix broken misalignment handling	2021-02-10 17:55:55 +11:00
nhpoly1305.c
ofb.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
pcbc.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
pcrypt.c	crypto: pcrypt - Delay write to padata->info	2021-10-29 21:04:04 +08:00
poly1305_generic.c
proc.c	crypto: proc - Removing some useless only space lines	2020-09-25 17:48:15 +10:00
ripemd.h	crypto: rmd320 - remove RIPE-MD 320 hash algorithm	2021-01-29 16:07:04 +11:00
rmd160.c
rng.c	crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS	2021-04-02 18:28:12 +11:00
rsa-pkcs1pad.c	crypto: algapi - Remove skbuff.h inclusion	2020-08-20 14:04:28 +10:00
rsa.c	crypto: rsa - limit key size to 2048 in FIPS mode	2021-11-26 16:25:18 +11:00
rsa_helper.c
rsaprivkey.asn1
rsapubkey.asn1
scatterwalk.c
scompress.c
seed.c	crypto: seed - remove trailing semicolon in macro definition	2020-12-04 18:13:16 +11:00
seqiv.c
serpent_generic.c	crypto: serpent - Fix sparse byte order warnings	2021-03-07 15:13:15 +11:00
sha1_generic.c	crypto: sha - split sha.h into sha1.h and sha2.h	2020-11-20 14:45:33 +11:00
sha3_generic.c
sha256_generic.c	crypto: sha256 - remove duplicate generic hash init function	2021-12-31 18:10:54 +11:00
sha512_generic.c	crypto: sha512 - remove imaginary and mystifying clearing of variables	2021-08-27 16:30:19 +08:00
shash.c	crypto: shash - avoid comparing pointers to exported functions under CFI	2021-06-17 15:07:31 +08:00
simd.c
skcipher.c	crypto: skcipher - in_irq() cleanup	2021-08-21 15:44:58 +08:00
sm2.c	crypto: sm2 - fix a memory leak in sm2	2021-06-11 15:03:30 +08:00
sm2signature.asn1	crypto: sm2 - introduce OSCCA SM2 asymmetric cipher algorithm	2020-09-25 17:48:54 +10:00
sm3_generic.c	crypto: sm3 - export crypto_sm3_final function	2020-09-25 17:48:53 +10:00
sm4_generic.c	crypto: arm64/sm4-ce - Make dependent on sm4 library instead of sm4-generic	2021-07-30 10:58:30 +08:00
streebog_generic.c
tcrypt.c	crypto: tcrypt - fix skcipher multi-buffer tests for 1420B blocks	2021-10-22 20:25:03 +08:00
tcrypt.h	crypto: tcrypt - Add support for hash speed testing with keys	2020-08-21 14:45:27 +10:00
tea.c
testmgr.c	crypto: des - disallow des3 in FIPS mode	2021-11-26 16:25:18 +11:00
testmgr.h	crypto: testmgr - Fix wrong test case of RSA	2021-11-20 15:02:08 +11:00
twofish_common.c
twofish_generic.c	crypto: twofish - use unaligned accessors instead of alignmask	2021-02-10 17:55:57 +11:00
vmac.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
wp512.c	crypto: wp512 - correct a non-kernel-doc comment	2021-08-12 19:32:17 +08:00
xcbc.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
xor.c	Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6	2021-02-21 17:23:56 -08:00
xts.c	crypto: remove cipher routines from public crypto API	2021-01-03 08:41:35 +11:00
xxhash_generic.c
zstd.c	lib: zstd: Add kernel-specific API	2021-11-08 16:55:21 -08:00