From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752059AbdFUMtN (ORCPT ); Wed, 21 Jun 2017 08:49:13 -0400 Received: from mx1.redhat.com ([209.132.183.28]:47794 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751736AbdFUMtL (ORCPT ); Wed, 21 Jun 2017 08:49:11 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 21B9280B22 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=dhowells@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 21B9280B22 Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: References: <1495897525.3458.7.camel@HansenPartnership.com> <26151.1497974983@warthog.procyon.org.uk> To: Ard Biesheuvel Cc: dhowells@redhat.com, James Bottomley , keyrings@vger.kernel.org, linux-security-module , "linux-efi@vger.kernel.org" , linux-kernel Subject: Re: Problem with new X.509 is_hash_blacklisted() interface MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <8098.1498049349.1@warthog.procyon.org.uk> Date: Wed, 21 Jun 2017 13:49:09 +0100 Message-ID: <8099.1498049349@warthog.procyon.org.uk> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 21 Jun 2017 12:49:11 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Ard Biesheuvel wrote: > > This can be told to skip a particular algorithm for when the caller > > has one precalculated. The precalculated hash can be passed to > > is_hash_blacklisted(). This would typically be the case for a signed > > X.509 message. > > This last part seems a premature optimization to me. Is there a > performance concern preventing us from using (4) only? Crypto stuff is relatively slow - and in the case of X.509 and PKCS#7 the caller will already have calculated a hash. The most likely situation currently, I think, is that we will only have sha256 hashes in the blacklist, and whatever we're checking will have a sha256 hash also. Possibly, I could just pass the precalculated hash into is_data_blacklisted() and so avoid having to call is_hash_blacklisted() from outside. > In any case, the approach and the code look sound to me, although I > think adding a hash of a type that we don't know how to calculate > deserves a warning at least. There are two issues with that: (1) We don't know what hashes are available without checking to see what modules are available. However, to do this would involve loading the hash algorithm module - but we might not be in a position to do this yet (the blacklist is loaded before we start userspace). (2) A module implementing a hash algorithm might be blacklisted by the hash that we've been given to add to the blacklist. I think this is a more general problem - and might require us to restrict blacklisting to hash algorithms that are built in. David