Eric Biggers <ebigge...@gmail.com> wrote:
> The X.509 parser mishandles the case where the certificate's signature's
> hash algorithm is not available in the crypto API. In this case,
> x509_get_sig_params() doesn't allocate the cert->sig->digest buffer; this
> part seems to be intentional.
Well, yes, that would be intentional: we can't digest the digestibles without
access to a hash algorithm to do so and we can't allocate a digest buffer
without knowing how big it should be.
> Fix this by making public_key_verify_signature() return -ENOPKG if the
> hash buffer has not been allocated.
Hmmm... I'm not sure that this is the right place to do this, since it
obscures a potential invalid argument within the kernel.
I'm more inclined that the users of X.509 certs should check
x509->unsupported_sig (pkcs7_verify_sig_chain() does this already partially).