Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
KEYS: asymmetric: enforce SM2 signature use pkey algo
The signature verification of SM2 needs to add the Za value and recalculate sig->digest, which requires the detection of the pkey_algo in public_key_verify_signature(). As Eric Biggers said, the pkey_algo field in sig is attacker-controlled and should be use pkey->pkey_algo instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it will also cause signature verification failure. The software_key_determine_akcipher() already forces the algorithms are matched, so the SM3 algorithm is enforced in the SM2 signature, although this has been checked, we still avoid using any algorithm information in the signature as input. Fixes: 2155256 ("X.509: support OSCCA SM2-with-SM3 certificate verification") Reported-by: Eric Biggers <[email protected]> Cc: [email protected] # v5.10+ Signed-off-by: Tianjia Zhang <[email protected]> Reviewed-by: Jarkko Sakkinen <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]>
- Loading branch information