Commit 2c62068a authored by David Howells's avatar David Howells
Browse files

x509: Separately calculate sha256 for blacklist 



Calculate the SHA256 hash for blacklisting purposes independently of the
signature hash (which may be something other than SHA256).

This is necessary because when ML-DSA is used, no digest is calculated.

Note that this represents a change of behaviour in that the hash used for
the blacklist check would previously have been whatever digest was used
for, say, RSA-based signatures.  It may be that this is inadvisable.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
cc: Lukas Wunner <lukas@wunner.de>
cc: Ignat Korchagin <ignat@cloudflare.com>
cc: Stephan Mueller <smueller@chronox.de>
cc: Eric Biggers <ebiggers@kernel.org>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
parent d3b6dd90

crypto/asymmetric_keys/x509_parser.h

+2 −0
Original line number Diff line number Diff line
@@ -9,12 +9,14 @@ 
#include <linux/time.h>

#include <crypto/public_key.h>

#include <keys/asymmetric-type.h>

#include <crypto/sha2.h>



struct x509_certificate {

	struct x509_certificate *next;

	struct x509_certificate *signer;	/* Certificate that signed this one */

	struct public_key *pub;			/* Public key details */

	struct public_key_signature *sig;	/* Signature parameters */

	u8		sha256[SHA256_DIGEST_SIZE]; /* Hash for blacklist purposes */

	char		*issuer;		/* Name of certificate issuer */

	char		*subject;		/* Name of certificate subject */

	struct asymmetric_key_id *id;		/* Issuer + Serial number */

crypto/asymmetric_keys/x509_public_key.c

+13 −9
Original line number Diff line number Diff line
@@ -31,6 +31,19 @@ int x509_get_sig_params(struct x509_certificate *cert) 


	pr_devel("==>%s()\n", __func__);



	/* Calculate a SHA256 hash of the TBS and check it against the

	 * blacklist.

	 */

	sha256(cert->tbs, cert->tbs_size, cert->sha256);

	ret = is_hash_blacklisted(cert->sha256, sizeof(cert->sha256),

				  BLACKLIST_HASH_X509_TBS);

	if (ret == -EKEYREJECTED) {

		pr_err("Cert %*phN is blacklisted\n",

		       (int)sizeof(cert->sha256), cert->sha256);

		cert->blacklisted = true;

		ret = 0;

	}



	sig->s = kmemdup(cert->raw_sig, cert->raw_sig_size, GFP_KERNEL);

	if (!sig->s)

		return -ENOMEM;
@@ -69,15 +82,6 @@ int x509_get_sig_params(struct x509_certificate *cert) 
	if (ret < 0)

		goto error_2;



	ret = is_hash_blacklisted(sig->digest, sig->digest_size,

				  BLACKLIST_HASH_X509_TBS);

	if (ret == -EKEYREJECTED) {

		pr_err("Cert %*phN is blacklisted\n",

		       sig->digest_size, sig->digest);

		cert->blacklisted = true;

		ret = 0;

	}



error_2:

	kfree(desc);

error: