[Skiboot] [PATCH v2] secvar/backend: require sha256 in our PKCS#7 messages

Nayna nayna at linux.vnet.ibm.com
Thu Jun 24 04:04:50 AEST 2021

On 6/22/21 10:51 PM, Daniel Axtens wrote:
> We only handle sha256 hashes in auth structures.
> In the process of verifying an auth structure, we extract the pkcs7
> message and we calculate the hopefully-matching hash, which is
> sha256(name || vendor guid || attributes || timestamp || newcontent)
> We then verify that the PKCS#7 signature matches that calculated hash.
> However, at no point do we check that the PKCS#7 hash algorithm is
> sha256. So if the PKCS#7 message says that it is a signature on a sha512,
> mbedtls will compare 64 bytes of hash from the signature with 64 bytes
> from our hash, resulting in a 32 byte overread.
> Verify that the hash algorithm in the PKCS#7 message is sha256.
> Signed-off-by: Daniel Axtens <dja at axtens.net>
> ---
> This is the minimal fix for the underlying bug. It should probably
> go in ahead of any potential future reworking of the area.
> v2: thanks Nick and Nayna for your feedback. Added error messages
>      and properly cleaned up the pkcs7 structure.
> As always, compile tested only because I don't have access to a box
> set up to test this.

I think it would be good if you can update edk2 testcases as well for 
this fix. I am referring to - libstb/secvar/test/secvar-test-edk2-compat.c

These can be used to verify the fixes in absence of real setup.

Thanks & Regards,

      - Nayna

More information about the Skiboot mailing list