On Wed, Jun 04, 2025 at 05:56:40PM -0400, Zhuoying Cai wrote:
> From: Collin Walling <wall...@linux.ibm.com>
>
> DIAG 508 subcode 1 performs signature-verification on signed components.
> A signed component may be a Linux kernel image, or any other signed
> binary. **Verification of initrd is not supported.**
>
> The instruction call expects two item-pairs: an address of a device
> component, an address of the analogous signature file (in PKCS#7 format),
> and their respective lengths. All of this data should be encapsulated
> within a Diag508SignatureVerificationBlock, with the CertificateStoreInfo
> fields ignored. The DIAG handler will read from the provided addresses
> to retrieve the necessary data, parse the signature file, then
> perform the signature-verification. Because there is no way to
> correlate a specific certificate to a component, each certificate
> in the store is tried until either verification succeeds, or all
> certs have been exhausted.
>
> The subcode value is denoted by setting the second-to-left-most bit of
> a 2-byte field.
>
> A return code of 1 indicates success, and the index and length of the
> corresponding certificate will be set in the CertificateStoreInfo
> portion of the SigVerifBlock. The following values indicate failure:
>
> 0x0202: component data is invalid
> 0x0302: signature is not in PKCS#7 format
> 0x0402: signature-verification failed
>
> Signed-off-by: Collin Walling <wall...@linux.ibm.com>
> Signed-off-by: Zhuoying Cai <zy...@linux.ibm.com>
> diff --git a/target/s390x/diag.c b/target/s390x/diag.c
> index 1ef1eb5299..ca7dd0f2e6 100644
> --- a/target/s390x/diag.c
> +++ b/target/s390x/diag.c
> @@ -526,9 +526,81 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1,
> uint64_t r3, uintptr_t ra)
> env->regs[r1 + 1] = rc;
> }
>
> +static int handle_diag508_sig_verif(uint64_t addr, size_t csi_size, size_t
> svb_size,
> + S390IPLCertificateStore *qcs)
> +{
> + int rc;
> + int verified;
> + Error *err;
> + uint64_t comp_len, comp_addr;
> + uint64_t sig_len, sig_addr;
> + g_autofree uint8_t *svb_comp;
> + g_autofree uint8_t *svb_sig;
> + g_autofree Diag508SignatureVerificationBlock *svb;
All g_auto* variables must be initialized to NULL at time
of declaration. As written this results in freeing of
unitialized data if a 'return' is hit before these are
initialized.
> +
> + if (!qcs || !qcs->count) {
> + return DIAG_508_RC_NO_CERTS;
> + }
> +
> + svb = g_new0(Diag508SignatureVerificationBlock, 1);
> + cpu_physical_memory_read(addr, svb, svb_size);
> +
> + comp_len = be64_to_cpu(svb->comp_len);
> + comp_addr = be64_to_cpu(svb->comp_addr);
> + sig_len = be64_to_cpu(svb->sig_len);
> + sig_addr = be64_to_cpu(svb->sig_addr);
> +
> + if (!comp_len || !comp_addr) {
> + return DIAG_508_RC_INVAL_COMP_DATA;
> + }
> +
> + if (!sig_len || !sig_addr) {
> + return DIAG_508_RC_INVAL_PKCS7_SIG;
> + }
> +
> + svb_comp = g_malloc0(comp_len);
> + cpu_physical_memory_read(comp_addr, svb_comp, comp_len);
> +
> + svb_sig = g_malloc0(sig_len);
> + cpu_physical_memory_read(sig_addr, svb_sig, sig_len);
> +
> + rc = DIAG_508_RC_FAIL_VERIF;
> + /*
> + * It is uncertain which certificate contains
> + * the analogous key to verify the signed data
> + */
> + for (int i = 0; i < qcs->count; i++) {
> + err = NULL;
> + verified = qcrypto_verify_x509_cert((uint8_t *)qcs->certs[i].raw,
> + qcs->certs[i].size,
> + svb_comp, comp_len,
> + svb_sig, sig_len, &err);
> +
> + /* return early if GNUTLS is not enabled */
> + if (verified == -ENOTSUP) {
> + break;
> + }
All errors must be honoured not merely missing gnutls, and this code
leaks 'err' too
> +
> + if (verified == 0) {
> + svb->csi.idx = i;
> + svb->csi.len = cpu_to_be64(qcs->certs[i].size);
> + cpu_physical_memory_write(addr, &svb->csi,
> be32_to_cpu(csi_size));
> + rc = DIAG_508_RC_OK;
> + break;
> + }
> + }
> +
> + return rc;
> +}
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
