All of lore.kernel.org
 help / color / mirror / Atom feed
* Patch "security/keys: make BIG_KEYS dependent on stdrng." has been added to the 4.8-stable tree
@ 2016-11-07 16:24 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-11-07 16:24 UTC (permalink / raw)
  To: asavkov, dhowells, gregkh, james.l.morris, k.marinushkin, smueller
  Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    security/keys: make BIG_KEYS dependent on stdrng.

to the 4.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     security-keys-make-big_keys-dependent-on-stdrng.patch
and it can be found in the queue-4.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 31e6ec4519c0fe0ee4a2f6ba3ab278e9506b9500 Mon Sep 17 00:00:00 2001
From: Artem Savkov <asavkov@redhat.com>
Date: Wed, 26 Oct 2016 15:02:09 +0100
Subject: security/keys: make BIG_KEYS dependent on stdrng.

From: Artem Savkov <asavkov@redhat.com>

commit 31e6ec4519c0fe0ee4a2f6ba3ab278e9506b9500 upstream.

Since BIG_KEYS can't be compiled as module it requires one of the "stdrng"
providers to be compiled into kernel. Otherwise big_key_crypto_init() fails
on crypto_alloc_rng step and next dereference of big_key_skcipher (e.g. in
big_key_preparse()) results in a NULL pointer dereference.

Fixes: 13100a72f40f5748a04017e0ab3df4cf27c809ef ('Security: Keys: Big keys stored encrypted')
Signed-off-by: Artem Savkov <asavkov@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Stephan Mueller <smueller@chronox.de>
cc: Kirill Marinushkin <k.marinushkin@gmail.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 security/keys/Kconfig |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -41,7 +41,7 @@ config BIG_KEYS
 	bool "Large payload keys"
 	depends on KEYS
 	depends on TMPFS
-	select CRYPTO
+	depends on (CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y)
 	select CRYPTO_AES
 	select CRYPTO_ECB
 	select CRYPTO_RNG


Patches currently in stable-queue which might be from asavkov@redhat.com are

queue-4.8/security-keys-make-big_keys-dependent-on-stdrng.patch
queue-4.8/keys-sort-out-big_key-initialisation.patch

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2016-11-07 16:26 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-11-07 16:24 Patch "security/keys: make BIG_KEYS dependent on stdrng." has been added to the 4.8-stable tree gregkh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.