From: Herbert Xu <herbert@gondor.apana.org.au>
To: Denis Kenzior <denkenz@gmail.com>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Marcel Holtmann <marcel@holtmann.org>,
James Prestwood <prestwoj@gmail.com>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org, Jarkko Sakkinen <jarkko@kernel.org>
Subject: [PATCH] KEYS: asymmetric: Fix sign/verify on pkcs1pad without a hash
Date: Mon, 16 Oct 2023 16:35:36 +0800 [thread overview]
Message-ID: <ZSz12KHsfJmZGjKz@gondor.apana.org.au> (raw)
In-Reply-To: <c917020d-0cb0-4289-a2e3-d9a0fa28151a@gmail.com>
On Thu, Oct 12, 2023 at 10:08:46AM -0500, Denis Kenzior wrote:
>
> Looks like something took out the ability to run sign/verify without a hash
> on asymmetric keys.
Indeed this is what it was. Please try this patch. Thanks!
---8<---
The new sign/verify code broke the case of pkcs1pad without a
hash algorithm. Fix it by setting issig correctly for this case.
Fixes: 63ba4d67594a ("KEYS: asymmetric: Use new crypto interface without scatterlists")
Cc: stable@vger.kernel.org # v6.5
Reported-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index abeecb8329b3..2f9181c4cd59 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -81,14 +81,13 @@ software_key_determine_akcipher(const struct public_key *pkey,
* RSA signatures usually use EMSA-PKCS1-1_5 [RFC3447 sec 8.2].
*/
if (strcmp(encoding, "pkcs1") == 0) {
+ *sig = op == kernel_pkey_sign ||
+ op == kernel_pkey_verify;
if (!hash_algo) {
- *sig = false;
n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
"pkcs1pad(%s)",
pkey->pkey_algo);
} else {
- *sig = op == kernel_pkey_sign ||
- op == kernel_pkey_verify;
n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
"pkcs1pad(%s,%s)",
pkey->pkey_algo, hash_algo);
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
next parent reply other threads:[~2023-10-16 8:35 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <ab4d8025-a4cc-48c6-a6f0-1139e942e1db@gmail.com>
[not found] ` <ZSc/9nUuF/d24iO6@gondor.apana.org.au>
[not found] ` <ZSda3l7asdCr06kA@gondor.apana.org.au>
[not found] ` <be96d2e7-592e-467e-9ad2-3f69a69cf844@gmail.com>
[not found] ` <ZSdn29PDrs6hzjV9@gondor.apana.org.au>
[not found] ` <1d22cd18-bc2a-4273-8087-e74030fbf373@gmail.com>
[not found] ` <ZSgChGwi1r9CILPI@gondor.apana.org.au>
[not found] ` <c917020d-0cb0-4289-a2e3-d9a0fa28151a@gmail.com>
2023-10-16 8:35 ` Herbert Xu [this message]
2023-10-16 19:37 ` [PATCH] KEYS: asymmetric: Fix sign/verify on pkcs1pad without a hash Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZSz12KHsfJmZGjKz@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=denkenz@gmail.com \
--cc=dhowells@redhat.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=prestwoj@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).