X.509: fix comparisons of ->pkey_algo

->pkey_algo used to be an enum, but was changed to a string by commit 4e8ae72a75aa ("X.509: Make algo identifiers text instead of enum"). But two comparisons were not updated. Fix them to use strcmp(). This bug broke signature verification in certain configurations, depending on whether the string constants were deduplicated or not. Fixes: 4e8ae72a75aa ("X.509: Make algo identifiers text instead of enum") Cc: <stable@vger.kernel.org> # v4.6+ Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com>
author: Eric Biggers <ebiggers@google.com> 2017-12-08 10:13:29 -0500
committer: David Howells <dhowells@redhat.com> 2017-12-08 10:13:29 -0500
commit: 54c1fb39fe0495f846539ab765925b008f86801c (patch)
tree: a51540c72011481c6eda43a13b06c02ea2f72845
parent: 18026d866801d0c52e5550210563222bd6c7191d (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 255e84abdc69..39e6de0c2761 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -147,7 +147,7 @@ static int pkcs7_find_key(struct pkcs7_message *pkcs7,
                pr_devel("Sig %u: Found cert serial match X.509[%u]\n",
                         sinfo->index, certix);
-                if (x509->pub->pkey_algo != sinfo->sig->pkey_algo) {
+                if (strcmp(x509->pub->pkey_algo, sinfo->sig->pkey_algo) != 0) {
                        pr_warn("Sig %u: X.509 algo and PKCS#7 sig algo don't match\n",
                                sinfo->index);
                        continue;
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index e67fd29fbd11..9338b4558cdc 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -131,7 +131,7 @@ int x509_check_for_self_signed(struct x509_certificate *cert)
        }
        ret = -EKEYREJECTED;
-        if (cert->pub->pkey_algo != cert->sig->pkey_algo)
+        if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0)
                goto out;
        ret = public_key_verify_signature(cert->pub, cert->sig);
author	Eric Biggers <ebiggers@google.com>	2017-12-08 10:13:29 -0500
committer	David Howells <dhowells@redhat.com>	2017-12-08 10:13:29 -0500
commit	54c1fb39fe0495f846539ab765925b008f86801c (patch)
tree	a51540c72011481c6eda43a13b06c02ea2f72845
parent	18026d866801d0c52e5550210563222bd6c7191d (diff)

diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c index 255e84abdc69..39e6de0c2761 100644 --- a/crypto/asymmetric_keys/pkcs7_verify.c +++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -147,7 +147,7 @@ static int pkcs7_find_key(struct pkcs7_message *pkcs7,
147	pr_devel("Sig %u: Found cert serial match X.509[%u]\n",	147	pr_devel("Sig %u: Found cert serial match X.509[%u]\n",
148	sinfo->index, certix);	148	sinfo->index, certix);
149		149
150	if (x509->pub->pkey_algo != sinfo->sig->pkey_algo) {	150	if (strcmp(x509->pub->pkey_algo, sinfo->sig->pkey_algo) != 0) {
151	pr_warn("Sig %u: X.509 algo and PKCS#7 sig algo don't match\n",	151	pr_warn("Sig %u: X.509 algo and PKCS#7 sig algo don't match\n",
152	sinfo->index);	152	sinfo->index);
153	continue;	153	continue;


diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index e67fd29fbd11..9338b4558cdc 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -131,7 +131,7 @@ int x509_check_for_self_signed(struct x509_certificate *cert)
131	}	131	}
132		132
133	ret = -EKEYREJECTED;	133	ret = -EKEYREJECTED;
134	if (cert->pub->pkey_algo != cert->sig->pkey_algo)	134	if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0)
135	goto out;	135	goto out;
136		136
137	ret = public_key_verify_signature(cert->pub, cert->sig);	137	ret = public_key_verify_signature(cert->pub, cert->sig);