From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752149AbcAEQIf (ORCPT ); Tue, 5 Jan 2016 11:08:35 -0500 Received: from e28smtp01.in.ibm.com ([125.16.236.1]:54210 "EHLO e28smtp01.in.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751587AbcAEQId (ORCPT ); Tue, 5 Jan 2016 11:08:33 -0500 X-IBM-Helo: d28dlp03.in.ibm.com X-IBM-MailFrom: zohar@linux.vnet.ibm.com X-IBM-RcptTo: keyrings@vger.kernel.org;linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org Message-ID: <1452010098.2772.169.camel@linux.vnet.ibm.com> Subject: Re: [RFC PATCH] X.509: Don't check the signature on apparently self-signed keys [ver #2] From: Mimi Zohar To: David Howells Cc: dwmw2@infradead.org, David Woodhouse , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, Petko Manolov Date: Tue, 05 Jan 2016 11:08:18 -0500 In-Reply-To: <20160105154703.31650.95150.stgit@warthog.procyon.org.uk> References: <20160105154703.31650.95150.stgit@warthog.procyon.org.uk> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16010516-4790-0000-0000-00000C85CC31 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2016-01-05 at 15:47 +0000, David Howells wrote: > If a certificate is self-signed, don't bother checking the validity of the > signature. The cert cannot be checked by validation against the next one > in the chain as this is the root of the chain. Trust for this certificate > can only be determined by whether we obtained it from a trusted location > (ie. it was built into the kernel at compile time). > > This also fixes a bug whereby certificates were being assumed to be > self-signed if they had neither AKID nor SKID, the symptoms of which show > up as an attempt to load a certificate failing with -ERANGE or -EBADMSG. > This is produced from the RSA module when the result of calculating "m = > s^e mod n" is checked. > > Signed-off-by: David Howells > cc: David Woodhouse > cc: Mimi Zohar > --- > > crypto/asymmetric_keys/x509_public_key.c | 25 ++++++++++++++++--------- > 1 file changed, 16 insertions(+), 9 deletions(-) > > diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c > index 2a44b3752471..26e1937af7f4 100644 > --- a/crypto/asymmetric_keys/x509_public_key.c > +++ b/crypto/asymmetric_keys/x509_public_key.c > @@ -255,6 +255,9 @@ static int x509_validate_trust(struct x509_certificate *cert, > struct key *key; > int ret = 1; > > + if (!cert->akid_id || !cert->akid_skid) > + return 1; > + > if (!trust_keyring) > return -EOPNOTSUPP; > > @@ -312,17 +315,21 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) > cert->pub->algo = pkey_algo[cert->pub->pkey_algo]; > cert->pub->id_type = PKEY_ID_X509; > > - /* Check the signature on the key if it appears to be self-signed */ > - if ((!cert->akid_skid && !cert->akid_id) || > - asymmetric_key_id_same(cert->skid, cert->akid_skid) || > - asymmetric_key_id_same(cert->id, cert->akid_id)) { > - ret = x509_check_signature(cert->pub, cert); /* self-signed */ > - if (ret < 0) > - goto error_free_cert; > - } else if (!prep->trusted) { > + /* See if we can derive the trustability of this certificate. > + * > + * When it comes to self-signed certificates, we cannot evaluate > + * trustedness except by the fact that we obtained it from a trusted > + * location. So we just rely on x509_validate_trust() failing in this > + * case. > + * > + * Note that there's a possibility of a self-signed cert matching a > + * cert that we have (most likely a duplicate that we already trust) - > + * in which case it will be marked trusted. > + */ > + if (!prep->trusted) { > ret = x509_validate_trust(cert, get_system_trusted_keyring()); > if (!ret) > - prep->trusted = 1; > + prep->trusted = true; > } You're missing Petko's patch: 41c89b6 IMA: create machine owner and blacklist keyrings Mimi > > /* Propose a description */ >