tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Revert "crypto: pkcs7 - remove sha1 support"

This reverts commit 16ab7cb5825fc3425c16ad2c6e53d827f382d7c6 because it
broke iwd. iwd uses the KEYCTL_PKEY_* UAPIs via its dependency libell,
and apparently it is relying on SHA-1 signature support. These UAPIs
are fairly obscure, and their documentation does not mention which
algorithms they support. iwd really should be using a properly
supported userspace crypto library instead. Regardless, since something
broke we have to revert the change.

It may be possible that some parts of this commit can be reinstated
without breaking iwd (e.g. probably the removal of MODULE_SIG_SHA1), but
for now this just does a full revert to get things working again.

Reported-by: Karel Balej <balejk@matfyz.cz>
Closes: https://lore.kernel.org/r/CZSHRUIJ4RKL.34T4EASV5DNJM@matfyz.cz
Cc: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Tested-by: Karel Balej <balejk@matfyz.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Eric Biggers and committed by
Herbert Xu 203a6763 6a8dbd71

+107 -2
+3
crypto/asymmetric_keys/mscode_parser.c
··· 75 75 76 76 oid = look_up_OID(value, vlen); 77 77 switch (oid) { 78 + case OID_sha1: 79 + ctx->digest_algo = "sha1"; 80 + break; 78 81 case OID_sha256: 79 82 ctx->digest_algo = "sha256"; 80 83 break;
+4
crypto/asymmetric_keys/pkcs7_parser.c
··· 227 227 struct pkcs7_parse_context *ctx = context; 228 228 229 229 switch (ctx->last_oid) { 230 + case OID_sha1: 231 + ctx->sinfo->sig->hash_algo = "sha1"; 232 + break; 230 233 case OID_sha256: 231 234 ctx->sinfo->sig->hash_algo = "sha256"; 232 235 break; ··· 281 278 ctx->sinfo->sig->pkey_algo = "rsa"; 282 279 ctx->sinfo->sig->encoding = "pkcs1"; 283 280 break; 281 + case OID_id_ecdsa_with_sha1: 284 282 case OID_id_ecdsa_with_sha224: 285 283 case OID_id_ecdsa_with_sha256: 286 284 case OID_id_ecdsa_with_sha384:
+2 -1
crypto/asymmetric_keys/public_key.c
··· 115 115 */ 116 116 if (!hash_algo) 117 117 return -EINVAL; 118 - if (strcmp(hash_algo, "sha224") != 0 && 118 + if (strcmp(hash_algo, "sha1") != 0 && 119 + strcmp(hash_algo, "sha224") != 0 && 119 120 strcmp(hash_algo, "sha256") != 0 && 120 121 strcmp(hash_algo, "sha384") != 0 && 121 122 strcmp(hash_algo, "sha512") != 0 &&
+1 -1
crypto/asymmetric_keys/signature.c
··· 115 115 * Sign the specified data blob using the private key specified by params->key. 116 116 * The signature is wrapped in an encoding if params->encoding is specified 117 117 * (eg. "pkcs1"). If the encoding needs to know the digest type, this can be 118 - * passed through params->hash_algo (eg. "sha512"). 118 + * passed through params->hash_algo (eg. "sha1"). 119 119 * 120 120 * Returns the length of the data placed in the signature buffer or an error. 121 121 */
+8
crypto/asymmetric_keys/x509_cert_parser.c
··· 198 198 default: 199 199 return -ENOPKG; /* Unsupported combination */ 200 200 201 + case OID_sha1WithRSAEncryption: 202 + ctx->cert->sig->hash_algo = "sha1"; 203 + goto rsa_pkcs1; 204 + 201 205 case OID_sha256WithRSAEncryption: 202 206 ctx->cert->sig->hash_algo = "sha256"; 203 207 goto rsa_pkcs1; ··· 217 213 case OID_sha224WithRSAEncryption: 218 214 ctx->cert->sig->hash_algo = "sha224"; 219 215 goto rsa_pkcs1; 216 + 217 + case OID_id_ecdsa_with_sha1: 218 + ctx->cert->sig->hash_algo = "sha1"; 219 + goto ecdsa; 220 220 221 221 case OID_id_rsassa_pkcs1_v1_5_with_sha3_256: 222 222 ctx->cert->sig->hash_algo = "sha3-256";
+80
crypto/testmgr.h
··· 653 653 static const struct akcipher_testvec ecdsa_nist_p192_tv_template[] = { 654 654 { 655 655 .key = 656 + "\x04\xf7\x46\xf8\x2f\x15\xf6\x22\x8e\xd7\x57\x4f\xcc\xe7\xbb\xc1" 657 + "\xd4\x09\x73\xcf\xea\xd0\x15\x07\x3d\xa5\x8a\x8a\x95\x43\xe4\x68" 658 + "\xea\xc6\x25\xc1\xc1\x01\x25\x4c\x7e\xc3\x3c\xa6\x04\x0a\xe7\x08" 659 + "\x98", 660 + .key_len = 49, 661 + .params = 662 + "\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48" 663 + "\xce\x3d\x03\x01\x01", 664 + .param_len = 21, 665 + .m = 666 + "\xcd\xb9\xd2\x1c\xb7\x6f\xcd\x44\xb3\xfd\x63\xea\xa3\x66\x7f\xae" 667 + "\x63\x85\xe7\x82", 668 + .m_size = 20, 669 + .algo = OID_id_ecdsa_with_sha1, 670 + .c = 671 + "\x30\x35\x02\x19\x00\xba\xe5\x93\x83\x6e\xb6\x3b\x63\xa0\x27\x91" 672 + "\xc6\xf6\x7f\xc3\x09\xad\x59\xad\x88\x27\xd6\x92\x6b\x02\x18\x10" 673 + "\x68\x01\x9d\xba\xce\x83\x08\xef\x95\x52\x7b\xa0\x0f\xe4\x18\x86" 674 + "\x80\x6f\xa5\x79\x77\xda\xd0", 675 + .c_size = 55, 676 + .public_key_vec = true, 677 + .siggen_sigver_test = true, 678 + }, { 679 + .key = 656 680 "\x04\xb6\x4b\xb1\xd1\xac\xba\x24\x8f\x65\xb2\x60\x00\x90\xbf\xbd" 657 681 "\x78\x05\x73\xe9\x79\x1d\x6f\x7c\x0b\xd2\xc3\x93\xa7\x28\xe1\x75" 658 682 "\xf7\xd5\x95\x1d\x28\x10\xc0\x75\x50\x5c\x1a\x4f\x3f\x8f\xa5\xee" ··· 779 755 780 756 static const struct akcipher_testvec ecdsa_nist_p256_tv_template[] = { 781 757 { 758 + .key = 759 + "\x04\xb9\x7b\xbb\xd7\x17\x64\xd2\x7e\xfc\x81\x5d\x87\x06\x83\x41" 760 + "\x22\xd6\x9a\xaa\x87\x17\xec\x4f\x63\x55\x2f\x94\xba\xdd\x83\xe9" 761 + "\x34\x4b\xf3\xe9\x91\x13\x50\xb6\xcb\xca\x62\x08\xe7\x3b\x09\xdc" 762 + "\xc3\x63\x4b\x2d\xb9\x73\x53\xe4\x45\xe6\x7c\xad\xe7\x6b\xb0\xe8" 763 + "\xaf", 764 + .key_len = 65, 765 + .params = 766 + "\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48" 767 + "\xce\x3d\x03\x01\x07", 768 + .param_len = 21, 769 + .m = 770 + "\xc2\x2b\x5f\x91\x78\x34\x26\x09\x42\x8d\x6f\x51\xb2\xc5\xaf\x4c" 771 + "\x0b\xde\x6a\x42", 772 + .m_size = 20, 773 + .algo = OID_id_ecdsa_with_sha1, 774 + .c = 775 + "\x30\x46\x02\x21\x00\xf9\x25\xce\x9f\x3a\xa6\x35\x81\xcf\xd4\xe7" 776 + "\xb7\xf0\x82\x56\x41\xf7\xd4\xad\x8d\x94\x5a\x69\x89\xee\xca\x6a" 777 + "\x52\x0e\x48\x4d\xcc\x02\x21\x00\xd7\xe4\xef\x52\x66\xd3\x5b\x9d" 778 + "\x8a\xfa\x54\x93\x29\xa7\x70\x86\xf1\x03\x03\xf3\x3b\xe2\x73\xf7" 779 + "\xfb\x9d\x8b\xde\xd4\x8d\x6f\xad", 780 + .c_size = 72, 781 + .public_key_vec = true, 782 + .siggen_sigver_test = true, 783 + }, { 782 784 .key = 783 785 "\x04\x8b\x6d\xc0\x33\x8e\x2d\x8b\x67\xf5\xeb\xc4\x7f\xa0\xf5\xd9" 784 786 "\x7b\x03\xa5\x78\x9a\xb5\xea\x14\xe4\x23\xd0\xaf\xd7\x0e\x2e\xa0" ··· 916 866 917 867 static const struct akcipher_testvec ecdsa_nist_p384_tv_template[] = { 918 868 { 869 + .key = /* secp384r1(sha1) */ 870 + "\x04\x89\x25\xf3\x97\x88\xcb\xb0\x78\xc5\x72\x9a\x14\x6e\x7a\xb1" 871 + "\x5a\xa5\x24\xf1\x95\x06\x9e\x28\xfb\xc4\xb9\xbe\x5a\x0d\xd9\x9f" 872 + "\xf3\xd1\x4d\x2d\x07\x99\xbd\xda\xa7\x66\xec\xbb\xea\xba\x79\x42" 873 + "\xc9\x34\x89\x6a\xe7\x0b\xc3\xf2\xfe\x32\x30\xbe\xba\xf9\xdf\x7e" 874 + "\x4b\x6a\x07\x8e\x26\x66\x3f\x1d\xec\xa2\x57\x91\x51\xdd\x17\x0e" 875 + "\x0b\x25\xd6\x80\x5c\x3b\xe6\x1a\x98\x48\x91\x45\x7a\x73\xb0\xc3" 876 + "\xf1", 877 + .key_len = 97, 878 + .params = 879 + "\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04" 880 + "\x00\x22", 881 + .param_len = 18, 882 + .m = 883 + "\x12\x55\x28\xf0\x77\xd5\xb6\x21\x71\x32\x48\xcd\x28\xa8\x25\x22" 884 + "\x3a\x69\xc1\x93", 885 + .m_size = 20, 886 + .algo = OID_id_ecdsa_with_sha1, 887 + .c = 888 + "\x30\x66\x02\x31\x00\xf5\x0f\x24\x4c\x07\x93\x6f\x21\x57\x55\x07" 889 + "\x20\x43\x30\xde\xa0\x8d\x26\x8e\xae\x63\x3f\xbc\x20\x3a\xc6\xf1" 890 + "\x32\x3c\xce\x70\x2b\x78\xf1\x4c\x26\xe6\x5b\x86\xcf\xec\x7c\x7e" 891 + "\xd0\x87\xd7\xd7\x6e\x02\x31\x00\xcd\xbb\x7e\x81\x5d\x8f\x63\xc0" 892 + "\x5f\x63\xb1\xbe\x5e\x4c\x0e\xa1\xdf\x28\x8c\x1b\xfa\xf9\x95\x88" 893 + "\x74\xa0\x0f\xbf\xaf\xc3\x36\x76\x4a\xa1\x59\xf1\x1c\xa4\x58\x26" 894 + "\x79\x12\x2a\xb7\xc5\x15\x92\xc5", 895 + .c_size = 104, 896 + .public_key_vec = true, 897 + .siggen_sigver_test = true, 898 + }, { 919 899 .key = /* secp384r1(sha224) */ 920 900 "\x04\x69\x6c\xcf\x62\xee\xd0\x0d\xe5\xb5\x2f\x70\x54\xcf\x26\xa0" 921 901 "\xd9\x98\x8d\x92\x2a\xab\x9b\x11\xcb\x48\x18\xa1\xa9\x0d\xd5\x18"
+4
include/linux/oid_registry.h
··· 17 17 * build_OID_registry.pl to generate the data for look_up_OID(). 18 18 */ 19 19 enum OID { 20 + OID_id_dsa_with_sha1, /* 1.2.840.10030.4.3 */ 20 21 OID_id_dsa, /* 1.2.840.10040.4.1 */ 21 22 OID_id_ecPublicKey, /* 1.2.840.10045.2.1 */ 22 23 OID_id_prime192v1, /* 1.2.840.10045.3.1.1 */ 23 24 OID_id_prime256v1, /* 1.2.840.10045.3.1.7 */ 25 + OID_id_ecdsa_with_sha1, /* 1.2.840.10045.4.1 */ 24 26 OID_id_ecdsa_with_sha224, /* 1.2.840.10045.4.3.1 */ 25 27 OID_id_ecdsa_with_sha256, /* 1.2.840.10045.4.3.2 */ 26 28 OID_id_ecdsa_with_sha384, /* 1.2.840.10045.4.3.3 */ ··· 30 28 31 29 /* PKCS#1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)} */ 32 30 OID_rsaEncryption, /* 1.2.840.113549.1.1.1 */ 31 + OID_sha1WithRSAEncryption, /* 1.2.840.113549.1.1.5 */ 33 32 OID_sha256WithRSAEncryption, /* 1.2.840.113549.1.1.11 */ 34 33 OID_sha384WithRSAEncryption, /* 1.2.840.113549.1.1.12 */ 35 34 OID_sha512WithRSAEncryption, /* 1.2.840.113549.1.1.13 */ ··· 67 64 OID_PKU2U, /* 1.3.5.1.5.2.7 */ 68 65 OID_Scram, /* 1.3.6.1.5.5.14 */ 69 66 OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */ 67 + OID_sha1, /* 1.3.14.3.2.26 */ 70 68 OID_id_ansip384r1, /* 1.3.132.0.34 */ 71 69 OID_sha256, /* 2.16.840.1.101.3.4.2.1 */ 72 70 OID_sha384, /* 2.16.840.1.101.3.4.2.2 */
+5
kernel/module/Kconfig
··· 236 236 possible to load a signed module containing the algorithm to check 237 237 the signature on that module. 238 238 239 + config MODULE_SIG_SHA1 240 + bool "Sign modules with SHA-1" 241 + select CRYPTO_SHA1 242 + 239 243 config MODULE_SIG_SHA256 240 244 bool "Sign modules with SHA-256" 241 245 select CRYPTO_SHA256 ··· 269 265 config MODULE_SIG_HASH 270 266 string 271 267 depends on MODULE_SIG || IMA_APPRAISE_MODSIG 268 + default "sha1" if MODULE_SIG_SHA1 272 269 default "sha256" if MODULE_SIG_SHA256 273 270 default "sha384" if MODULE_SIG_SHA384 274 271 default "sha512" if MODULE_SIG_SHA512