Patch "KEYS: asymmetric: Fix sign/verify on pkcs1pad without a hash" has been added to the 6.5-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sat, 21 Oct 2023 22:01:41 +0200

This is a note to let you know that I've just added the patch titled

    KEYS: asymmetric: Fix sign/verify on pkcs1pad without a hash

to the 6.5-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     keys-asymmetric-fix-sign-verify-on-pkcs1pad-without-a-hash.patch
and it can be found in the queue-6.5 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From b11950356c4b416d2e87941f3aa7a8bf089db72b Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Oct 2023 16:35:36 +0800
Subject: KEYS: asymmetric: Fix sign/verify on pkcs1pad without a hash

From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

commit b11950356c4b416d2e87941f3aa7a8bf089db72b upstream.

The new sign/verify code broke the case of pkcs1pad without a
hash algorithm.  Fix it by setting issig correctly for this case.

Fixes: 63ba4d67594a ("KEYS: asymmetric: Use new crypto interface without scatterlists")
Cc: stable@xxxxxxxxxxxxxxx # v6.5
Reported-by: Denis Kenzior <denkenz@xxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Tested-by: Denis Kenzior <denkenz@xxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 crypto/asymmetric_keys/public_key.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index abeecb8329b3..1dcab27986a6 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -81,14 +81,13 @@ software_key_determine_akcipher(const struct public_key *pkey,
 		 * RSA signatures usually use EMSA-PKCS1-1_5 [RFC3447 sec 8.2].
 		 */
 		if (strcmp(encoding, "pkcs1") == 0) {
+			*sig = op == kernel_pkey_sign ||
+			       op == kernel_pkey_verify;
 			if (!hash_algo) {
-				*sig = false;
 				n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
 					     "pkcs1pad(%s)",
 					     pkey->pkey_algo);
 			} else {
-				*sig = op == kernel_pkey_sign ||
-				       op == kernel_pkey_verify;
 				n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
 					     "pkcs1pad(%s,%s)",
 					     pkey->pkey_algo, hash_algo);
-- 
2.42.0



Patches currently in stable-queue which might be from herbert@xxxxxxxxxxxxxxxxxxx are

queue-6.5/xfrm-fix-a-data-race-in-xfrm_gen_index.patch
queue-6.5/keys-asymmetric-fix-sign-verify-on-pkcs1pad-without-a-hash.patch






