[PATCH 0/3] KEYS: Fixes

[PATCH 0/3] KEYS: Fixes

[David Howells]

Hi James,

Can you pull these patches into your next tree please?  They include the
following:

 (1) Fix sign-file for use with libressl.

 (2) Fix error production in request_master_key().

 (3) Explicitly zero-out secret data before freeing it in case gcc
     optimises memset() away in future.

I don't think there's anything urgent enough here to warrant handing
directly to Linus.

The patches can be found here also:

	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes

Tagged thusly:

	git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
	keys-fixes-20170209

David
---
Dan Carpenter (2):
      KEYS: Fix an error code in request_master_key()
      KEYS: Use memzero_explicit() for secret data

Felix Fietkau (1):
      sign-file: fix build error in sign-file.c with libressl


 scripts/sign-file.c                      |    4 +++-
 security/keys/encrypted-keys/encrypted.c |    4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

[PATCH 1/3] sign-file: fix build error in sign-file.c with libressl

[David Howells]

From: Felix Fietkau <nbd@nbd.name>

The sign-file tool failed to build against libressl. Fix this by extending
the PKCS7 check and thus making sign-file link against libressl without an
error.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: David Howells <dhowells@redhat.com>
---

 scripts/sign-file.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 19ec468b1168..fbd34b8e8f57 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -41,7 +41,9 @@
  * signing with anything other than SHA1 - so we're stuck with that if such is
  * the case.
  */
-#if OPENSSL_VERSION_NUMBER < 0x10000000L || defined(OPENSSL_NO_CMS)
+#if defined(LIBRESSL_VERSION_NUMBER) || \
+	OPENSSL_VERSION_NUMBER < 0x10000000L || \
+	defined(OPENSSL_NO_CMS)
 #define USE_PKCS7
 #endif
 #ifndef USE_PKCS7

[PATCH 2/3] KEYS: Fix an error code in request_master_key()

[David Howells]

From: Dan Carpenter <dan.carpenter@oracle.com>

This function has two callers and neither are able to handle a NULL
return.  Really, -EINVAL is the correct thing return here anyway.  This
fixes some static checker warnings like:

	security/keys/encrypted-keys/encrypted.c:709 encrypted_key_decrypt()
	error: uninitialized symbol 'master_key'.

Fixes: 7e70cb497850 ("keys: add new key-type encrypted")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---

 security/keys/encrypted-keys/encrypted.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 17a06105ccb6..d7a4969b2dd3 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -437,7 +437,7 @@ static struct skcipher_request *init_skcipher_req(const u8 *key,
 static struct key *request_master_key(struct encrypted_key_payload *epayload,
 				      const u8 **master_key, size_t *master_keylen)
 {
-	struct key *mkey = NULL;
+	struct key *mkey = ERR_PTR(-EINVAL);
 
 	if (!strncmp(epayload->master_desc, KEY_TRUSTED_PREFIX,
 		     KEY_TRUSTED_PREFIX_LEN)) {

[PATCH 3/3] KEYS: Use memzero_explicit() for secret data

[David Howells]

From: Dan Carpenter <dan.carpenter@oracle.com>

I don't think GCC has figured out how to optimize the memset() away, but
they might eventually so let's future proof this code a bit.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---

 security/keys/encrypted-keys/encrypted.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index d7a4969b2dd3..4fb315cddf5b 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -985,7 +985,7 @@ static void encrypted_destroy(struct key *key)
 	if (!epayload)
 		return;
 
-	memset(epayload->decrypted_data, 0, epayload->decrypted_datalen);
+	memzero_explicit(epayload->decrypted_data, epayload->decrypted_datalen);
 	kfree(key->payload.data[0]);
 }
 

Re: [PATCH 0/3] KEYS: Fixes

[James Morris]

On Thu, 9 Feb 2017, David Howells wrote:

> 
> Hi James,
> 
> Can you pull these patches into your next tree please?  They include the
> following:
> 
>  (1) Fix sign-file for use with libressl.
> 
>  (2) Fix error production in request_master_key().
> 
>  (3) Explicitly zero-out secret data before freeing it in case gcc
>      optimises memset() away in future.
> 
> I don't think there's anything urgent enough here to warrant handing
> directly to Linus.
> 
> The patches can be found here also:
> 
> 	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
> 
> Tagged thusly:
> 
> 	git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
> 	keys-fixes-20170209

I'm getting this:

$ git pull 
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-fixes-20170209
fatal: Couldn't find remote ref keys-fixes-20170209


-- 
James Morris
<jmorris@namei.org>

Re: [PATCH 0/3] KEYS: Fixes

[David Howells]

James Morris <jmorris@namei.org> wrote:

> > Tagged thusly:
> > 
> > 	git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
> > 	keys-fixes-20170209
> 
> I'm getting this:
> 
> $ git pull 
> git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-fixes-20170209
> fatal: Couldn't find remote ref keys-fixes-20170209

Ummm...  I can see it in the web interface for the branch:

	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes

and the tag itself:

	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/tag/?h=keys-fixes-20170209

It works for me:

	warthog>git pull git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-fixes-20170209
	remote: Counting objects: 17, done.
	remote: Compressing objects: 100% (11/11), done.
	remote: Total 17 (delta 13), reused 10 (delta 6)
	Unpacking objects: 100% (17/17), done.
	From git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
	 * tag               keys-fixes-20170209 -> FETCH_HEAD
	Merge made by the 'recursive' strategy.
	 scripts/sign-file.c                      | 4 +++-
	 security/keys/encrypted-keys/encrypted.c | 4 ++--
	 2 files changed, 5 insertions(+), 3 deletions(-)

David

Re: [PATCH 0/3] KEYS: Fixes

[James Morris]

On Thu, 9 Feb 2017, David Howells wrote:

> James Morris <jmorris@namei.org> wrote:
> 
> > > Tagged thusly:
> > > 
> > > 	git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
> > > 	keys-fixes-20170209
> > 
> > I'm getting this:
> > 
> > $ git pull 
> > git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-fixes-20170209
> > fatal: Couldn't find remote ref keys-fixes-20170209
> 
> Ummm...  I can see it in the web interface for the branch:
> 
> 	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
> 
> and the tag itself:
> 
> 	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/tag/?h=keys-fixes-20170209

It works for me on a different vm with a newer version of git, which may 
be the issue (I'm using 1.7.1).


-- 
James Morris
<jmorris@namei.org>

Re: [PATCH 0/3] KEYS: Fixes

[James Morris]

On Thu, 9 Feb 2017, David Howells wrote:

> 
> Hi James,
> 
> Can you pull these patches into your next tree please?  They include the
> following:
> 
>  (1) Fix sign-file for use with libressl.
> 
>  (2) Fix error production in request_master_key().
> 
>  (3) Explicitly zero-out secret data before freeing it in case gcc
>      optimises memset() away in future.
> 

Applied.


-- 
James Morris
<jmorris@namei.org>

Re: [PATCH 0/3] KEYS: Fixes

[David Howells]

James Morris <jmorris@namei.org> wrote:

> It works for me on a different vm with a newer version of git, which may 
> be the issue (I'm using 1.7.1).

I'm using git-2.7.4

David

[PATCH 0/3] KEYS: Fixes

[David Howells]

Hi James,

Can you pass these patches onto Linus, please?

 (1) Disallow keyrings whose name begins with a '.' to be joined
     [CVE-2016-9604].

 (2) Change the name of the dead type to ".dead" to prevent user access
     [CVE-2017-6951].

 (3) Fix keyctl_set_reqkey_keyring() to not leak thread keyrings
     [CVE-2017-7472].

The patches can be found here also:

	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes

Tagged thusly:

	git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
	keys-fixes-20170419

David
---
David Howells (2):
      KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
      KEYS: Change the name of the dead type to ".dead" to prevent user access

Eric Biggers (1):
      KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings


 security/keys/gc.c           |    2 +-
 security/keys/keyctl.c       |   20 +++++++++++--------
 security/keys/process_keys.c |   44 ++++++++++++++++++++++++++----------------
 3 files changed, 39 insertions(+), 27 deletions(-)

Re: [PATCH 0/3] KEYS: Fixes

[David Howells]

Let me try this again, this time with the correct email addresses...

David

[PATCH 0/3] KEYS: Fixes

[David Howells]

Hi James,

Can you pass these patches onto Linus, please?

 (1) Disallow keyrings whose name begins with a '.' to be joined
     [CVE-2016-9604].

 (2) Change the name of the dead type to ".dead" to prevent user access
     [CVE-2017-6951].

 (3) Fix keyctl_set_reqkey_keyring() to not leak thread keyrings
     [CVE-2017-7472].

The patches can be found here also:

	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes

Tagged thusly:

	git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
	keys-fixes-20170419

David
---
David Howells (2):
      KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
      KEYS: Change the name of the dead type to ".dead" to prevent user access

Eric Biggers (1):
      KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings


 security/keys/gc.c           |    2 +-
 security/keys/keyctl.c       |   20 +++++++++++--------
 security/keys/process_keys.c |   44 ++++++++++++++++++++++++++----------------
 3 files changed, 39 insertions(+), 27 deletions(-)

[PATCH 0/3] KEYS: Fixes

[David Howells]

Hi James,

Can you pull these patches please and pass them on to Linus?  They include
the following:

 (1) Fix a buffer overflow when displaying /proc/keys [CVE-2016-7042].

 (2) Fix broken initialisation in the big_key implementation that can
     result in an oops.

 (3) Make big_key depend on having a random number generator available in
     Kconfig.

The patches can be found here also:

	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes

Tagged thusly:

	git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
	keys-fixes-20161026

David
---
Artem Savkov (1):
      security/keys: make BIG_KEYS dependent on stdrng.

David Howells (2):
      KEYS: Fix short sprintf buffer in /proc/keys show function
      KEYS: Sort out big_key initialisation


 security/keys/Kconfig   |    2 +-
 security/keys/big_key.c |   59 +++++++++++++++++++++++++----------------------
 security/keys/proc.c    |    2 +-
 3 files changed, 34 insertions(+), 29 deletions(-)