KEYS: Do not trust certs with missing auth IDs
diff mbox

Message ID 20160711215729.18614-1-mathew.j.martineau@linux.intel.com
State New
Headers show

Commit Message

Mat Martineau July 11, 2016, 9:57 p.m. UTC
restrict_link_by_signature should return -ENOKEY (no matching parent
certificate found) if the certificate being evaluated has no authority
key identifiers, instead of bypassing signature checks and returning 0
(new certificate accepted).

Reported-by: Petko Manolov <petkan@mip-labs.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
---
 crypto/asymmetric_keys/restrict.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

David Howells July 14, 2016, 3:15 p.m. UTC | #1
Mat Martineau <mathew.j.martineau@linux.intel.com> wrote:

> -		return 0;
> +		return -ENOKEY;

This is the same as your patch ensubjected:

	KEYS: Fix for erroneous trust of incorrectly signed X.509 certs

right?

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Mat Martineau July 14, 2016, 4:39 p.m. UTC | #2
On Thu, 14 Jul 2016, David Howells wrote:

> Mat Martineau <mathew.j.martineau@linux.intel.com> wrote:
>
>> -		return 0;
>> +		return -ENOKEY;
>
> This is the same as your patch ensubjected:
>
> 	KEYS: Fix for erroneous trust of incorrectly signed X.509 certs
>
> right?

Right.

--
Mat Martineau
Intel OTC
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c
index ac4bddf..19d1afb9 100644
--- a/crypto/asymmetric_keys/restrict.c
+++ b/crypto/asymmetric_keys/restrict.c
@@ -87,7 +87,7 @@  int restrict_link_by_signature(struct key *trust_keyring,
 
 	sig = payload->data[asym_auth];
 	if (!sig->auth_ids[0] && !sig->auth_ids[1])
-		return 0;
+		return -ENOKEY;
 
 	if (ca_keyid && !asymmetric_key_id_partial(sig->auth_ids[1], ca_keyid))
 		return -EPERM;