* [PATCH 0/3] KEYS: Fixes
@ 2017-02-09 17:17 David Howells
2017-02-09 17:17 ` [PATCH 1/3] sign-file: fix build error in sign-file.c with libressl David Howells
` (5 more replies)
0 siblings, 6 replies; 13+ messages in thread
From: David Howells @ 2017-02-09 17:17 UTC (permalink / raw)
To: jmorris; +Cc: dhowells, linux-security-module, keyrings, linux-kernel
Hi James,
Can you pull these patches into your next tree please? They include the
following:
(1) Fix sign-file for use with libressl.
(2) Fix error production in request_master_key().
(3) Explicitly zero-out secret data before freeing it in case gcc
optimises memset() away in future.
I don't think there's anything urgent enough here to warrant handing
directly to Linus.
The patches can be found here also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
Tagged thusly:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
keys-fixes-20170209
David
---
Dan Carpenter (2):
KEYS: Fix an error code in request_master_key()
KEYS: Use memzero_explicit() for secret data
Felix Fietkau (1):
sign-file: fix build error in sign-file.c with libressl
scripts/sign-file.c | 4 +++-
security/keys/encrypted-keys/encrypted.c | 4 ++--
2 files changed, 5 insertions(+), 3 deletions(-)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/3] sign-file: fix build error in sign-file.c with libressl
2017-02-09 17:17 [PATCH 0/3] KEYS: Fixes David Howells
@ 2017-02-09 17:17 ` David Howells
2017-02-09 17:17 ` [PATCH 2/3] KEYS: Fix an error code in request_master_key() David Howells
` (4 subsequent siblings)
5 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2017-02-09 17:17 UTC (permalink / raw)
To: jmorris
Cc: linux-kernel, dhowells, linux-security-module, keyrings,
John Crispin, Felix Fietkau
From: Felix Fietkau <nbd@nbd.name>
The sign-file tool failed to build against libressl. Fix this by extending
the PKCS7 check and thus making sign-file link against libressl without an
error.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: David Howells <dhowells@redhat.com>
---
scripts/sign-file.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 19ec468b1168..fbd34b8e8f57 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -41,7 +41,9 @@
* signing with anything other than SHA1 - so we're stuck with that if such is
* the case.
*/
-#if OPENSSL_VERSION_NUMBER < 0x10000000L || defined(OPENSSL_NO_CMS)
+#if defined(LIBRESSL_VERSION_NUMBER) || \
+ OPENSSL_VERSION_NUMBER < 0x10000000L || \
+ defined(OPENSSL_NO_CMS)
#define USE_PKCS7
#endif
#ifndef USE_PKCS7
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 2/3] KEYS: Fix an error code in request_master_key()
2017-02-09 17:17 [PATCH 0/3] KEYS: Fixes David Howells
2017-02-09 17:17 ` [PATCH 1/3] sign-file: fix build error in sign-file.c with libressl David Howells
@ 2017-02-09 17:17 ` David Howells
2017-02-09 17:18 ` [PATCH 3/3] KEYS: Use memzero_explicit() for secret data David Howells
` (3 subsequent siblings)
5 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2017-02-09 17:17 UTC (permalink / raw)
To: jmorris
Cc: linux-kernel, dhowells, linux-security-module, keyrings,
Mimi Zohar, Dan Carpenter
From: Dan Carpenter <dan.carpenter@oracle.com>
This function has two callers and neither are able to handle a NULL
return. Really, -EINVAL is the correct thing return here anyway. This
fixes some static checker warnings like:
security/keys/encrypted-keys/encrypted.c:709 encrypted_key_decrypt()
error: uninitialized symbol 'master_key'.
Fixes: 7e70cb497850 ("keys: add new key-type encrypted")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
security/keys/encrypted-keys/encrypted.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 17a06105ccb6..d7a4969b2dd3 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -437,7 +437,7 @@ static struct skcipher_request *init_skcipher_req(const u8 *key,
static struct key *request_master_key(struct encrypted_key_payload *epayload,
const u8 **master_key, size_t *master_keylen)
{
- struct key *mkey = NULL;
+ struct key *mkey = ERR_PTR(-EINVAL);
if (!strncmp(epayload->master_desc, KEY_TRUSTED_PREFIX,
KEY_TRUSTED_PREFIX_LEN)) {
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 3/3] KEYS: Use memzero_explicit() for secret data
2017-02-09 17:17 [PATCH 0/3] KEYS: Fixes David Howells
2017-02-09 17:17 ` [PATCH 1/3] sign-file: fix build error in sign-file.c with libressl David Howells
2017-02-09 17:17 ` [PATCH 2/3] KEYS: Fix an error code in request_master_key() David Howells
@ 2017-02-09 17:18 ` David Howells
2017-02-09 23:07 ` [PATCH 0/3] KEYS: Fixes James Morris
` (2 subsequent siblings)
5 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2017-02-09 17:18 UTC (permalink / raw)
To: jmorris
Cc: linux-kernel, dhowells, linux-security-module, keyrings,
Mimi Zohar, Dan Carpenter
From: Dan Carpenter <dan.carpenter@oracle.com>
I don't think GCC has figured out how to optimize the memset() away, but
they might eventually so let's future proof this code a bit.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
security/keys/encrypted-keys/encrypted.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index d7a4969b2dd3..4fb315cddf5b 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -985,7 +985,7 @@ static void encrypted_destroy(struct key *key)
if (!epayload)
return;
- memset(epayload->decrypted_data, 0, epayload->decrypted_datalen);
+ memzero_explicit(epayload->decrypted_data, epayload->decrypted_datalen);
kfree(key->payload.data[0]);
}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 0/3] KEYS: Fixes
2017-02-09 17:17 [PATCH 0/3] KEYS: Fixes David Howells
` (2 preceding siblings ...)
2017-02-09 17:18 ` [PATCH 3/3] KEYS: Use memzero_explicit() for secret data David Howells
@ 2017-02-09 23:07 ` James Morris
2017-02-09 23:55 ` David Howells
2017-02-10 1:07 ` James Morris
5 siblings, 0 replies; 13+ messages in thread
From: James Morris @ 2017-02-09 23:07 UTC (permalink / raw)
To: David Howells; +Cc: linux-security-module, keyrings, linux-kernel
On Thu, 9 Feb 2017, David Howells wrote:
>
> Hi James,
>
> Can you pull these patches into your next tree please? They include the
> following:
>
> (1) Fix sign-file for use with libressl.
>
> (2) Fix error production in request_master_key().
>
> (3) Explicitly zero-out secret data before freeing it in case gcc
> optimises memset() away in future.
>
> I don't think there's anything urgent enough here to warrant handing
> directly to Linus.
>
> The patches can be found here also:
>
> http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
>
> Tagged thusly:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
> keys-fixes-20170209
I'm getting this:
$ git pull
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-fixes-20170209
fatal: Couldn't find remote ref keys-fixes-20170209
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/3] KEYS: Fixes
2017-02-09 17:17 [PATCH 0/3] KEYS: Fixes David Howells
` (3 preceding siblings ...)
2017-02-09 23:07 ` [PATCH 0/3] KEYS: Fixes James Morris
@ 2017-02-09 23:55 ` David Howells
2017-02-10 1:05 ` James Morris
2017-02-10 8:45 ` David Howells
2017-02-10 1:07 ` James Morris
5 siblings, 2 replies; 13+ messages in thread
From: David Howells @ 2017-02-09 23:55 UTC (permalink / raw)
To: James Morris; +Cc: dhowells, linux-security-module, keyrings, linux-kernel
James Morris <jmorris@namei.org> wrote:
> > Tagged thusly:
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
> > keys-fixes-20170209
>
> I'm getting this:
>
> $ git pull
> git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-fixes-20170209
> fatal: Couldn't find remote ref keys-fixes-20170209
Ummm... I can see it in the web interface for the branch:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
and the tag itself:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/tag/?h=keys-fixes-20170209
It works for me:
warthog>git pull git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-fixes-20170209
remote: Counting objects: 17, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 17 (delta 13), reused 10 (delta 6)
Unpacking objects: 100% (17/17), done.
From git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
* tag keys-fixes-20170209 -> FETCH_HEAD
Merge made by the 'recursive' strategy.
scripts/sign-file.c | 4 +++-
security/keys/encrypted-keys/encrypted.c | 4 ++--
2 files changed, 5 insertions(+), 3 deletions(-)
David
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/3] KEYS: Fixes
2017-02-09 23:55 ` David Howells
@ 2017-02-10 1:05 ` James Morris
2017-02-10 8:45 ` David Howells
1 sibling, 0 replies; 13+ messages in thread
From: James Morris @ 2017-02-10 1:05 UTC (permalink / raw)
To: David Howells; +Cc: linux-security-module, keyrings, linux-kernel
On Thu, 9 Feb 2017, David Howells wrote:
> James Morris <jmorris@namei.org> wrote:
>
> > > Tagged thusly:
> > >
> > > git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
> > > keys-fixes-20170209
> >
> > I'm getting this:
> >
> > $ git pull
> > git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-fixes-20170209
> > fatal: Couldn't find remote ref keys-fixes-20170209
>
> Ummm... I can see it in the web interface for the branch:
>
> http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
>
> and the tag itself:
>
> http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/tag/?h=keys-fixes-20170209
It works for me on a different vm with a newer version of git, which may
be the issue (I'm using 1.7.1).
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/3] KEYS: Fixes
2017-02-09 17:17 [PATCH 0/3] KEYS: Fixes David Howells
` (4 preceding siblings ...)
2017-02-09 23:55 ` David Howells
@ 2017-02-10 1:07 ` James Morris
5 siblings, 0 replies; 13+ messages in thread
From: James Morris @ 2017-02-10 1:07 UTC (permalink / raw)
To: David Howells; +Cc: linux-security-module, keyrings, linux-kernel
On Thu, 9 Feb 2017, David Howells wrote:
>
> Hi James,
>
> Can you pull these patches into your next tree please? They include the
> following:
>
> (1) Fix sign-file for use with libressl.
>
> (2) Fix error production in request_master_key().
>
> (3) Explicitly zero-out secret data before freeing it in case gcc
> optimises memset() away in future.
>
Applied.
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/3] KEYS: Fixes
2017-02-09 23:55 ` David Howells
2017-02-10 1:05 ` James Morris
@ 2017-02-10 8:45 ` David Howells
1 sibling, 0 replies; 13+ messages in thread
From: David Howells @ 2017-02-10 8:45 UTC (permalink / raw)
To: James Morris; +Cc: dhowells, linux-security-module, keyrings, linux-kernel
James Morris <jmorris@namei.org> wrote:
> It works for me on a different vm with a newer version of git, which may
> be the issue (I'm using 1.7.1).
I'm using git-2.7.4
David
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 0/3] KEYS: Fixes
@ 2017-04-19 16:11 David Howells
0 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2017-04-19 16:11 UTC (permalink / raw)
To: jmorris
Cc: dhowells, keyrings, torvalds, linux-kernel, linux-security-modules
Hi James,
Can you pass these patches onto Linus, please?
(1) Disallow keyrings whose name begins with a '.' to be joined
[CVE-2016-9604].
(2) Change the name of the dead type to ".dead" to prevent user access
[CVE-2017-6951].
(3) Fix keyctl_set_reqkey_keyring() to not leak thread keyrings
[CVE-2017-7472].
The patches can be found here also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
Tagged thusly:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
keys-fixes-20170419
David
---
David Howells (2):
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
KEYS: Change the name of the dead type to ".dead" to prevent user access
Eric Biggers (1):
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
security/keys/gc.c | 2 +-
security/keys/keyctl.c | 20 +++++++++++--------
security/keys/process_keys.c | 44 ++++++++++++++++++++++++++----------------
3 files changed, 39 insertions(+), 27 deletions(-)
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/3] KEYS: Fixes
2017-04-19 16:08 David Howells
@ 2017-04-19 16:10 ` David Howells
0 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2017-04-19 16:10 UTC (permalink / raw)
To: jmorris; +Cc: dhowells, keyrings, torvalds, linux-kernel
Let me try this again, this time with the correct email addresses...
David
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 0/3] KEYS: Fixes
@ 2017-04-19 16:08 David Howells
2017-04-19 16:10 ` David Howells
0 siblings, 1 reply; 13+ messages in thread
From: David Howells @ 2017-04-19 16:08 UTC (permalink / raw)
To: jmorris; +Cc: dhowells, keyrings, torvalds, linux-kernel, linux-kernel-modules
Hi James,
Can you pass these patches onto Linus, please?
(1) Disallow keyrings whose name begins with a '.' to be joined
[CVE-2016-9604].
(2) Change the name of the dead type to ".dead" to prevent user access
[CVE-2017-6951].
(3) Fix keyctl_set_reqkey_keyring() to not leak thread keyrings
[CVE-2017-7472].
The patches can be found here also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
Tagged thusly:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
keys-fixes-20170419
David
---
David Howells (2):
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
KEYS: Change the name of the dead type to ".dead" to prevent user access
Eric Biggers (1):
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
security/keys/gc.c | 2 +-
security/keys/keyctl.c | 20 +++++++++++--------
security/keys/process_keys.c | 44 ++++++++++++++++++++++++++----------------
3 files changed, 39 insertions(+), 27 deletions(-)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 0/3] KEYS: Fixes
@ 2016-10-26 14:01 David Howells
0 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2016-10-26 14:01 UTC (permalink / raw)
To: jmorris; +Cc: dhowells, linux-security-module, keyrings, linux-kernel
Hi James,
Can you pull these patches please and pass them on to Linus? They include
the following:
(1) Fix a buffer overflow when displaying /proc/keys [CVE-2016-7042].
(2) Fix broken initialisation in the big_key implementation that can
result in an oops.
(3) Make big_key depend on having a random number generator available in
Kconfig.
The patches can be found here also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
Tagged thusly:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
keys-fixes-20161026
David
---
Artem Savkov (1):
security/keys: make BIG_KEYS dependent on stdrng.
David Howells (2):
KEYS: Fix short sprintf buffer in /proc/keys show function
KEYS: Sort out big_key initialisation
security/keys/Kconfig | 2 +-
security/keys/big_key.c | 59 +++++++++++++++++++++++++----------------------
security/keys/proc.c | 2 +-
3 files changed, 34 insertions(+), 29 deletions(-)
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2017-04-19 16:12 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-09 17:17 [PATCH 0/3] KEYS: Fixes David Howells
2017-02-09 17:17 ` [PATCH 1/3] sign-file: fix build error in sign-file.c with libressl David Howells
2017-02-09 17:17 ` [PATCH 2/3] KEYS: Fix an error code in request_master_key() David Howells
2017-02-09 17:18 ` [PATCH 3/3] KEYS: Use memzero_explicit() for secret data David Howells
2017-02-09 23:07 ` [PATCH 0/3] KEYS: Fixes James Morris
2017-02-09 23:55 ` David Howells
2017-02-10 1:05 ` James Morris
2017-02-10 8:45 ` David Howells
2017-02-10 1:07 ` James Morris
-- strict thread matches above, loose matches on Subject: below --
2017-04-19 16:11 David Howells
2017-04-19 16:08 David Howells
2017-04-19 16:10 ` David Howells
2016-10-26 14:01 David Howells
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).