[Skiboot] [PATCH v3] secvar/backend: require sha256 in our PKCS#7 messages
Nayna
nayna at linux.vnet.ibm.com
Fri Jun 25 08:49:22 AEST 2021
On 6/24/21 4:43 AM, Daniel Axtens wrote:
> We only handle sha256 hashes in auth structures.
>
> In the process of verifying an auth structure, we extract the pkcs7
> message and we calculate the hopefully-matching hash, which is
> sha256(name || vendor guid || attributes || timestamp || newcontent)
> We then verify that the PKCS#7 signature matches that calculated hash.
>
> However, at no point do we check that the PKCS#7 hash algorithm is
> sha256. So if the PKCS#7 message says that it is a signature on a sha512,
> mbedtls will compare 64 bytes of hash from the signature with 64 bytes
> from our hash, resulting in a 32 byte overread.
>
> Verify that the hash algorithm in the PKCS#7 message is sha256.
>
> Add a test.
>
> Signed-off-by: Daniel Axtens <dja at axtens.net>
Thanks Daniel !! Tested on hardware.
Reviewed-by: Nayna Jain <nayna at linux.ibm.com>
Tested-by: Nayna Jain <nayna at linux.ibm.com>
More information about the Skiboot
mailing list