PKCS#7: fix direct verification of SignerInfo signature
authorEric Biggers <ebiggers@google.com>
Thu, 22 Feb 2018 14:38:33 +0000 (14:38 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 30 May 2018 05:50:29 +0000 (07:50 +0200)
commit4d7388a1895b5b06c8f625abc782b1b9a0ffbea9
treedcf2e0deba461f0a6477f623715894df2da776fe
parentf18fb14521dd9d46b9d02bf7caf25ac100ff09f9
PKCS#7: fix direct verification of SignerInfo signature

[ Upstream commit 6459ae386699a5fe0dc52cf30255f75274fa43a4 ]

If none of the certificates in a SignerInfo's certificate chain match a
trusted key, nor is the last certificate signed by a trusted key, then
pkcs7_validate_trust_one() tries to check whether the SignerInfo's
signature was made directly by a trusted key.  But, it actually fails to
set the 'sig' variable correctly, so it actually verifies the last
signature seen.  That will only be the SignerInfo's signature if the
certificate chain is empty; otherwise it will actually be the last
certificate's signature.

This is not by itself a security problem, since verifying any of the
certificates in the chain should be sufficient to verify the SignerInfo.
Still, it's not working as intended so it should be fixed.

Fix it by setting 'sig' correctly for the direct verification case.

Fixes: 757932e6da6d ("PKCS#7: Handle PKCS#7 messages that contain no X.509 certs")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto/asymmetric_keys/pkcs7_trust.c