From acddc72015e5bc8f640b02d38b36afd7841c9c14 Mon Sep 17 00:00:00 2001 From: Mat Martineau Date: Mon, 18 Jul 2016 00:10:55 +0100 Subject: KEYS: Fix for erroneous trust of incorrectly signed X.509 certs Arbitrary X.509 certificates without authority key identifiers (AKIs) can be added to "trusted" keyrings, including IMA or EVM certs loaded from the filesystem. Signature verification is currently bypassed for certs without AKIs. Trusted keys were recently refactored, and this bug is not present in 4.6. restrict_link_by_signature should return -ENOKEY (no matching parent certificate found) if the certificate being evaluated has no AKIs, instead of bypassing signature checks and returning 0 (new certificate accepted). Reported-by: Petko Manolov Signed-off-by: Mat Martineau Signed-off-by: David Howells Signed-off-by: James Morris --- crypto/asymmetric_keys/restrict.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/asymmetric_keys') diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c index ac4bddf669de..19d1afb9890f 100644 --- a/crypto/asymmetric_keys/restrict.c +++ b/crypto/asymmetric_keys/restrict.c @@ -87,7 +87,7 @@ int restrict_link_by_signature(struct key *trust_keyring, sig = payload->data[asym_auth]; if (!sig->auth_ids[0] && !sig->auth_ids[1]) - return 0; + return -ENOKEY; if (ca_keyid && !asymmetric_key_id_partial(sig->auth_ids[1], ca_keyid)) return -EPERM; -- cgit v1.2.3