From 5b52d7e4da04a5fa1e458b53f69c39f17b759833 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 1 Jul 2018 13:44:56 +0200 Subject: [PATCH] drop a 4.4 and 3.18 crypto patch --- queue-3.18/series | 1 - ...signaturevalue-field-from-bit-string.patch | 51 ------------------- queue-4.4/series | 1 - ...signaturevalue-field-from-bit-string.patch | 51 ------------------- 4 files changed, 104 deletions(-) delete mode 100644 queue-3.18/x.509-unpack-rsa-signaturevalue-field-from-bit-string.patch delete mode 100644 queue-4.4/x.509-unpack-rsa-signaturevalue-field-from-bit-string.patch diff --git a/queue-3.18/series b/queue-3.18/series index 278a157e3e8..6a9a77ac8c1 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -69,4 +69,3 @@ mips-bcm47xx-enable-74k-core-externalsync-for-pcie-erratum.patch pci-pciehp-clear-presence-detect-and-data-link-layer-status-changed-on-resume.patch mips-io-add-barrier-after-register-read-in-inx.patch time-make-sure-jiffies_to_msecs-preserves-non-zero-time-periods.patch -x.509-unpack-rsa-signaturevalue-field-from-bit-string.patch diff --git a/queue-3.18/x.509-unpack-rsa-signaturevalue-field-from-bit-string.patch b/queue-3.18/x.509-unpack-rsa-signaturevalue-field-from-bit-string.patch deleted file mode 100644 index 86ef72468d5..00000000000 --- a/queue-3.18/x.509-unpack-rsa-signaturevalue-field-from-bit-string.patch +++ /dev/null @@ -1,51 +0,0 @@ -From b65c32ec5a942ab3ada93a048089a938918aba7f Mon Sep 17 00:00:00 2001 -From: "Maciej S. Szmigiero" -Date: Sat, 19 May 2018 14:23:54 +0200 -Subject: X.509: unpack RSA signatureValue field from BIT STRING - -From: Maciej S. Szmigiero - -commit b65c32ec5a942ab3ada93a048089a938918aba7f upstream. - -The signatureValue field of a X.509 certificate is encoded as a BIT STRING. -For RSA signatures this BIT STRING is of so-called primitive subtype, which -contains a u8 prefix indicating a count of unused bits in the encoding. - -We have to strip this prefix from signature data, just as we already do for -key data in x509_extract_key_data() function. - -This wasn't noticed earlier because this prefix byte is zero for RSA key -sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero -prefixes has no bearing on its value. - -The signature length, however was incorrect, which is a problem for RSA -implementations that need it to be exactly correct (like AMD CCP). - -Signed-off-by: Maciej S. Szmigiero -Fixes: c26fd69fa009 ("X.509: Add a crypto key parser for binary (DER) X.509 certificates") -Cc: stable@vger.kernel.org -Signed-off-by: James Morris -Signed-off-by: Greg Kroah-Hartman - ---- - crypto/asymmetric_keys/x509_cert_parser.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - ---- a/crypto/asymmetric_keys/x509_cert_parser.c -+++ b/crypto/asymmetric_keys/x509_cert_parser.c -@@ -221,6 +221,15 @@ int x509_note_signature(void *context, s - return -EINVAL; - } - -+ if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) { -+ /* Discard the BIT STRING metadata */ -+ if (vlen < 1 || *(const u8 *)value != 0) -+ return -EBADMSG; -+ -+ value++; -+ vlen--; -+ } -+ - ctx->cert->raw_sig = value; - ctx->cert->raw_sig_size = vlen; - return 0; diff --git a/queue-4.4/series b/queue-4.4/series index b29e03ad1d1..6510a6e844e 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -58,6 +58,5 @@ mips-bcm47xx-enable-74k-core-externalsync-for-pcie-erratum.patch pci-pciehp-clear-presence-detect-and-data-link-layer-status-changed-on-resume.patch mips-io-add-barrier-after-register-read-in-inx.patch time-make-sure-jiffies_to_msecs-preserves-non-zero-time-periods.patch -x.509-unpack-rsa-signaturevalue-field-from-bit-string.patch btrfs-fix-clone-vs-chattr-nodatasum-race.patch iio-buffer-make-length-types-match-kfifo-types.patch diff --git a/queue-4.4/x.509-unpack-rsa-signaturevalue-field-from-bit-string.patch b/queue-4.4/x.509-unpack-rsa-signaturevalue-field-from-bit-string.patch deleted file mode 100644 index 0f812ce9c2c..00000000000 --- a/queue-4.4/x.509-unpack-rsa-signaturevalue-field-from-bit-string.patch +++ /dev/null @@ -1,51 +0,0 @@ -From b65c32ec5a942ab3ada93a048089a938918aba7f Mon Sep 17 00:00:00 2001 -From: "Maciej S. Szmigiero" -Date: Sat, 19 May 2018 14:23:54 +0200 -Subject: X.509: unpack RSA signatureValue field from BIT STRING - -From: Maciej S. Szmigiero - -commit b65c32ec5a942ab3ada93a048089a938918aba7f upstream. - -The signatureValue field of a X.509 certificate is encoded as a BIT STRING. -For RSA signatures this BIT STRING is of so-called primitive subtype, which -contains a u8 prefix indicating a count of unused bits in the encoding. - -We have to strip this prefix from signature data, just as we already do for -key data in x509_extract_key_data() function. - -This wasn't noticed earlier because this prefix byte is zero for RSA key -sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero -prefixes has no bearing on its value. - -The signature length, however was incorrect, which is a problem for RSA -implementations that need it to be exactly correct (like AMD CCP). - -Signed-off-by: Maciej S. Szmigiero -Fixes: c26fd69fa009 ("X.509: Add a crypto key parser for binary (DER) X.509 certificates") -Cc: stable@vger.kernel.org -Signed-off-by: James Morris -Signed-off-by: Greg Kroah-Hartman - ---- - crypto/asymmetric_keys/x509_cert_parser.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - ---- a/crypto/asymmetric_keys/x509_cert_parser.c -+++ b/crypto/asymmetric_keys/x509_cert_parser.c -@@ -239,6 +239,15 @@ int x509_note_signature(void *context, s - return -EINVAL; - } - -+ if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) { -+ /* Discard the BIT STRING metadata */ -+ if (vlen < 1 || *(const u8 *)value != 0) -+ return -EBADMSG; -+ -+ value++; -+ vlen--; -+ } -+ - ctx->cert->raw_sig = value; - ctx->cert->raw_sig_size = vlen; - return 0; -- 2.47.3