Re: [PATCH v3 02/10] certs: Fix blacklisted hexadecimal hash string check

[PATCH v3 00/10] Enable root to update the blacklist keyring · Mickaël Salaün <mic@digikod.net> · 2021-01-14
[PATCH v3 04/10] certs: Fix blacklist flag type confusion · Mickaël Salaün <mic@digikod.net> · 2021-01-14
Re: [PATCH v3 04/10] certs: Fix blacklist flag type confusion · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-20
Re: [PATCH v3 04/10] certs: Fix blacklist flag type confusion · Mickaël Salaün <mic@digikod.net> · 2021-01-20
Re: [PATCH v3 04/10] certs: Fix blacklist flag type confusion · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-21
[PATCH v3 07/10] certs: Factor out the blacklist hash creation · Mickaël Salaün <mic@digikod.net> · 2021-01-14
[PATCH v3 08/10] certs: Check that builtin blacklist hashes are valid · Mickaël Salaün <mic@digikod.net> · 2021-01-14
Re: [PATCH v3 08/10] certs: Check that builtin blacklist hashes are valid · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-20
Re: [PATCH v3 08/10] certs: Check that builtin blacklist hashes are valid · Mickaël Salaün <mic@digikod.net> · 2021-01-20
Re: [PATCH v3 08/10] certs: Check that builtin blacklist hashes are valid · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-21
Re: [PATCH v3 08/10] certs: Check that builtin blacklist hashes are valid · Mickaël Salaün <mic@digikod.net> · 2021-01-21
Re: [PATCH v3 08/10] certs: Check that builtin blacklist hashes are valid · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-21
[PATCH v3 06/10] certs: Make blacklist_vet_description() more strict · Mickaël Salaün <mic@digikod.net> · 2021-01-14
Re: [PATCH v3 06/10] certs: Make blacklist_vet_description() more strict · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-20
Re: [PATCH v3 06/10] certs: Make blacklist_vet_description() more strict · Mickaël Salaün <mic@digikod.net> · 2021-01-20
[PATCH v3 01/10] certs/blacklist: fix kernel doc interface issue · Mickaël Salaün <mic@digikod.net> · 2021-01-14
Re: [PATCH v3 01/10] certs/blacklist: fix kernel doc interface issue · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-20
[PATCH v3 03/10] PKCS#7: Fix missing include · Mickaël Salaün <mic@digikod.net> · 2021-01-14
Re: [PATCH v3 03/10] PKCS#7: Fix missing include · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-20
[PATCH v3 05/10] certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID · Mickaël Salaün <mic@digikod.net> · 2021-01-14
Re: [PATCH v3 05/10] certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-20
Re: [PATCH v3 05/10] certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID · Mickaël Salaün <mic@digikod.net> · 2021-01-20
Re: [PATCH v3 05/10] certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-21
[PATCH v3 09/10] certs: Allow root user to append signed hashes to the blacklist keyring · Mickaël Salaün <mic@digikod.net> · 2021-01-14
Re: [PATCH v3 09/10] certs: Allow root user to append signed hashes to the blacklist keyring · Mimi Zohar <zohar@linux.ibm.com> · 2021-01-15
Re: [PATCH v3 09/10] certs: Allow root user to append signed hashes to the blacklist keyring · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-20
Re: [PATCH v3 09/10] certs: Allow root user to append signed hashes to the blacklist keyring · Mickaël Salaün <mic@digikod.net> · 2021-01-20
[PATCH v3 10/10] tools/certs: Add print-cert-tbs-hash.sh · Mickaël Salaün <mic@digikod.net> · 2021-01-14
[PATCH v3 02/10] certs: Fix blacklisted hexadecimal hash string check · Mickaël Salaün <mic@digikod.net> · 2021-01-14
Re: [PATCH v3 02/10] certs: Fix blacklisted hexadecimal hash string check · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-20
Re: [PATCH v3 02/10] certs: Fix blacklisted hexadecimal hash string check · Mickaël Salaün <mic@digikod.net> · 2021-01-20
Re: [PATCH v3 02/10] certs: Fix blacklisted hexadecimal hash string check · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-21
Re: [PATCH v3 00/10] Enable root to update the blacklist keyring · Jarkko Sakkinen <jarkko@kernel.org> · 2021-01-15

From: Jarkko Sakkinen <jarkko@kernel.org>
Date: 2021-01-21 06:39:48
Also in: keyrings, linux-crypto, linux-integrity, linux-security-module

On Wed, Jan 20, 2021 at 12:12:50PM +0100, Mickaël Salaün wrote:

On 20/01/2021 04:43, Jarkko Sakkinen wrote:

quoted

On Thu, Jan 14, 2021 at 04:19:01PM +0100, Mickaël Salaün wrote:

quoted

From: Mickaël Salaün <redacted>

When looking for a blacklisted hash, bin2hex() is used to transform a
binary hash to an ascii (lowercase) hexadecimal string.  This string is
then search for in the description of the keys from the blacklist
keyring.  When adding a key to the blacklist keyring,
blacklist_vet_description() checks the hash prefix and the hexadecimal
string, but not that this string is lowercase.  It is then valid to set
hashes with uppercase hexadecimal, which will be silently ignored by the
kernel.

Add an additional check to blacklist_vet_description() to check that
hexadecimal strings are in lowercase.

Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Mickaël Salaün <redacted>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Ben Boeckel <redacted>
---

Changes since v2:
* Cherry-pick v1 patch from
  https://lore.kernel.org/lkml/2659836.1607940186@warthog.procyon.org.uk/ (local)
  to rebase on v5.11-rc3.
* Rearrange Cc order.
---
 certs/blacklist.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/certs/blacklist.c b/certs/blacklist.c
index 2719fb2fbc1c..a888b934a1cd 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c

@@ -37,7 +37,7 @@ static int blacklist_vet_description(const char *desc)
 found_colon:
 	desc++;
 	for (; *desc; desc++) {
-		if (!isxdigit(*desc))
+		if (!isxdigit(*desc) || isupper(*desc))
 			return -EINVAL;
 		n++;
 	}

-- 
2.30.0

Shouldn't this rather convert the upper case to lower case? I don't like
the ABI break that this causes.

It doesn't break the ABI because keys loaded in the blacklist keyring
can only happen with builtin hashes.  Moreover these builtin hashes will
be checked by patch 10/10 at build time.

Right the patches are just out of order then.

/Jarkko

This patch is also important to remove a false sense of security and
warns about mis-blacklisted certificates or binaries:
https://lore.kernel.org/lkml/c9664a67-61b7-6b4a-86d7-5aca9ff06fa5@digikod.net/ (local)

Hot-patching keys doesn't seem a good idea, especially when these keys
are signed. Moreover, it would bring additional complexity and will
require to change the core of the key management.

quoted

/Jarkko

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help