From: Vitaly Chikunov <vt@altlinux.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH v5 01/11] ima-evm-utils: Make sure sig buffer is always MAX_SIGNATURE_SIZE
Date: Sun, 23 Jun 2019 11:36:19 +0300 [thread overview]
Message-ID: <20190623083619.xsavyj2ghp4mttl6@altlinux.org> (raw)
In-Reply-To: <1561122236.4057.107.camel@linux.ibm.com>
Mimi,
On Fri, Jun 21, 2019 at 09:03:56AM -0400, Mimi Zohar wrote:
> On Fri, 2019-06-21 at 15:28 +0300, Vitaly Chikunov wrote:
> > On Fri, Jun 21, 2019 at 07:27:30AM -0400, Mimi Zohar wrote:
> > > On Fri, 2019-06-21 at 14:22 +0300, Vitaly Chikunov wrote:
> > > > On Fri, Jun 21, 2019 at 07:08:12AM -0400, Mimi Zohar wrote:
> > > > > On Fri, 2019-06-21 at 09:59 +0300, Vitaly Chikunov wrote:
> > > > > > On Thu, Jun 20, 2019 at 05:42:18PM -0400, Mimi Zohar wrote:
> > > > > > > On Tue, 2019-06-18 at 16:56 +0300, Vitaly Chikunov wrote:
> > > > > > > > Fix off-by-one error of the output buffer passed to sign_hash().
> > > > > > > >
> > > > > > > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> > > > > > > > ---
> > > > > > > > src/evmctl.c | 4 ++--
> > > > > > > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > > > > > > >
> > > > > > > > diff --git a/src/evmctl.c b/src/evmctl.c
> > > > > > > > index 15a7226..03f41fe 100644
> > > > > > > > --- a/src/evmctl.c
> > > > > > > > +++ b/src/evmctl.c
> > > > > > > > @@ -510,7 +510,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> > > > > > > > static int sign_evm(const char *file, const char *key)
> > > > > > > > {
> > > > > > > > unsigned char hash[MAX_DIGEST_SIZE];
> > > > > > > > - unsigned char sig[MAX_SIGNATURE_SIZE];
> > > > > > > > + unsigned char sig[MAX_SIGNATURE_SIZE + 1];
> > > > > > > > int len, err;
> > > > > > > >
> > > > > > > > len = calc_evm_hash(file, hash);
> > > > > > > > @@ -519,7 +519,7 @@ static int sign_evm(const char *file, const char *key)
> > > > > > > > return len;
> > > > > > > >
> > > > > > > > len = sign_hash(params.hash_algo, hash, len, key, NULL, sig + 1);
> > > > > > > > - assert(len < sizeof(sig));
> > > > > > > > + assert(len <= MAX_SIGNATURE_SIZE);
> > > > > > > > if (len <= 1)
> > > > > > > > return len;
> > > > > > > >
> > > > > > >
> > > > > > > A similar problem occurs in sign_ima. Without these changes
> > > > > > > sign_hash() succeeds, returning a length of 520 for
> > > > > > > sha256/streebog256.
> > > > > >
> > > > > > I will add it. Also, I found more similar errors and will fix them together.
> > > > >
> > > > > The first byte of sig is reserved for the type of signature. The
> > > > > remaining buffer is for the signature itself. The existing
> > > > > "assert(len < sizeof(sig))" is therefore correct. The sig size being
> > > > > returned is less than 1023, so why is this change needed?
> > > >
> > > > Well, it looked more straightforward to check explicit
> > > > MAX_SIGNATURE_SIZE instead of relying on that '<' accounts for
> > > > that additional byte.
> > > >
> > > > Main fix is of course this:
> > > >
> > > > > > > > - unsigned char sig[MAX_SIGNATURE_SIZE];
> > > > > > > > + unsigned char sig[MAX_SIGNATURE_SIZE + 1];
> > >
> > > That is the question. Why does the buffer need to be
> > > "MAX_SIGNATURE_SIZE + 1", making it 1025 bytes? MAX_SIGNATURE_SIZE -
> > > 1 is large enough for the signature.
> >
> > Because maximum signature size is supposed to be MAX_SIGNATURE_SIZE,
> > isn't it? Why in reality it should be some other value?
>
> No, I think it was chosen as an upper bound, simply used for buffer
> bounds checking. I wouldn't make sig 1025. If you want to make
> MAX_SIGNATuRE_SIZE 1023 and keep the + 1, that would be fine.
I will rework these 'fixes' with my new understanding.
> > That give me idea to add check if a generated signature will fit into
> > `sig` (assuming it's of MAX_SIGNATURE_SIZE) in sign_hash_v2() before we
> > call EVP_PKEY_sign().
>
> Yes, a call to EVP_PKEY_sign(), without providing the "sig", will
> return the length. evmctl can be called recursively (-r). I would
> hope that EVP_PKEY_sign() would check the buffer size before
> calculating the sig. If it does, then checking is duplication. I'm a
> bit concerned about the performance impact of checking the sig size
> each time.
You are right, EVP_PKEY_sign() is already checking the buffer size. So,
proposed check would be redundant.
Thanks,
next prev parent reply other threads:[~2019-06-23 8:36 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-18 13:56 [PATCH v5 00/11] ima-evm-utils: Convert sign v2 from RSA to EVP_PKEY API Vitaly Chikunov
2019-06-18 13:56 ` [PATCH v5 01/11] ima-evm-utils: Make sure sig buffer is always MAX_SIGNATURE_SIZE Vitaly Chikunov
2019-06-20 21:42 ` Mimi Zohar
2019-06-21 6:59 ` Vitaly Chikunov
2019-06-21 11:08 ` Mimi Zohar
2019-06-21 11:22 ` Vitaly Chikunov
2019-06-21 11:27 ` Mimi Zohar
2019-06-21 12:28 ` Vitaly Chikunov
2019-06-21 13:03 ` Mimi Zohar
2019-06-23 8:36 ` Vitaly Chikunov [this message]
2019-06-18 13:56 ` [PATCH v5 02/11] ima-evm-utils: Change read_pub_key to use EVP_PKEY API Vitaly Chikunov
2019-06-18 13:56 ` [PATCH v5 03/11] ima-evm-utils: Change read_priv_key " Vitaly Chikunov
2019-06-18 13:56 ` [PATCH v5 04/11] ima-evm-utils: Start converting calc keyid v2 to " Vitaly Chikunov
2019-06-19 11:56 ` Mimi Zohar
2019-06-18 13:56 ` [PATCH v5 05/11] ima-evm-utils: Convert cmd_import to use " Vitaly Chikunov
2019-06-18 13:56 ` [PATCH v5 06/11] ima-evm-utils: Start converting find_keyid " Vitaly Chikunov
2019-06-19 12:26 ` Mimi Zohar
2019-06-19 15:43 ` Vitaly Chikunov
2019-06-19 16:46 ` Mimi Zohar
2019-06-20 1:07 ` Vitaly Chikunov
2019-06-20 13:21 ` Mimi Zohar
2019-06-20 13:40 ` Mimi Zohar
2019-06-20 14:23 ` Vitaly Chikunov
2019-06-18 13:56 ` [PATCH v5 07/11] ima-evm-utils: Convert verify_hash_v2 to " Vitaly Chikunov
2019-06-18 13:56 ` [PATCH v5 08/11] ima-evm-utils: Finish conversion of find_keyid " Vitaly Chikunov
2019-06-18 13:56 ` [PATCH v5 09/11] ima-evm-utils: Convert sign_hash_v2 to use " Vitaly Chikunov
2019-06-18 13:56 ` [PATCH v5 10/11] ima-evm-utils: Finish converting calc keyid v2 to " Vitaly Chikunov
2019-06-18 13:56 ` [PATCH v5 11/11] ima-evm-utils: Remove RSA_ASN1_templates Vitaly Chikunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190623083619.xsavyj2ghp4mttl6@altlinux.org \
--to=vt@altlinux.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.