1. 12 Nov, 2015 1 commit
    • David Howells's avatar
      X.509: Fix the time validation [ver #2] · cc25b994
      David Howells authored
      This fixes CVE-2015-5327.  It affects kernels from 4.3-rc1 onwards.
      Fix the X.509 time validation to use month number-1 when looking up the
      number of days in that month.  Also put the month number validation before
      doing the lookup so as not to risk overrunning the array.
      This can be tested by doing the following:
      cat <<EOF | openssl x509 -outform DER | keyctl padd asymmetric "" @s
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----
      If it works, it emit a key ID; if it fails, it should give a bad message
      Reported-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Tested-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      Acked-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
  2. 02 Nov, 2015 1 commit
  3. 21 Oct, 2015 1 commit
    • David Howells's avatar
      KEYS: Merge the type-specific data with the payload data · 146aa8b1
      David Howells authored
      Merge the type-specific data with the payload data into one four-word chunk
      as it seems pointless to keep them separate.
      Use user_key_payload() for accessing the payloads of overloaded
      user-defined keys.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: linux-cifs@vger.kernel.org
      cc: ecryptfs@vger.kernel.org
      cc: linux-ext4@vger.kernel.org
      cc: linux-f2fs-devel@lists.sourceforge.net
      cc: linux-nfs@vger.kernel.org
      cc: ceph-devel@vger.kernel.org
      cc: linux-ima-devel@lists.sourceforge.net
  4. 20 Oct, 2015 3 commits
  5. 15 Oct, 2015 4 commits
  6. 14 Oct, 2015 3 commits
  7. 13 Oct, 2015 1 commit
  8. 01 Oct, 2015 2 commits
  9. 25 Sep, 2015 1 commit
    • David Howells's avatar
      X.509: Don't strip leading 00's from key ID when constructing key description · e7c87bef
      David Howells authored
      Don't strip leading zeros from the crypto key ID when using it to construct
      the struct key description as the signature in kernels up to and including
      4.2 matched this aspect of the key.  This means that 1 in 256 keys won't
      actually match if their key ID begins with 00.
      The key ID is stored in the module signature as binary and so must be
      converted to text in order to invoke request_key() - but it isn't stripped
      at this point.
      Something like this is likely to be observed in dmesg when the key is loaded:
      [    1.572423] Loaded X.509 cert 'Build time autogenerated kernel
          key: 62a7c3d2da278be024da4af8652c071f3fea33'
      followed by this when we try and use it:
        [    1.646153] Request for unknown module key 'Build time autogenerated
          kernel key: 0062a7c3d2da278be024da4af8652c071f3fea33' err -11
      The 'Loaded' line should show an extra '00' on the front of the hex string.
      This problem should not affect 4.3-rc1 and onwards because there the key
      should be matched on one of its auxiliary identities rather than the key
      struct's description string.
      Reported-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      Reported-by: default avatarAndy Whitcroft <apw@canonical.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
  10. 21 Sep, 2015 3 commits
    • tim's avatar
      crypto: x86/sha - Add build support for Intel SHA Extensions optimized SHA1 and SHA256 · e38b6b7f
      tim authored
      This patch provides the configuration and build support to
      include and build the optimized SHA1 and SHA256 update transforms
      for the kernel's crypto library.
      Originally-by: default avatarChandramouli Narayanan <mouli_7982@yahoo.com>
      Signed-off-by: default avatarTim Chen <tim.c.chen@linux.intel.com>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    • sudip's avatar
      crypto: asymmetric_keys - remove always false comparison · 4dd17c9c
      sudip authored
      hour, min and sec are unsigned int and they can never be less than zero.
      Signed-off-by: default avatarSudip Mukherjee <sudip@vectorindia.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    • Horia Geant?'s avatar
      crypto: tcrypt - avoid mapping from module image addresses · f074f7b1
      Horia Geant? authored
      The output buffer in test_ahash_speed will point to an address located
      within the tcrypt module image.
      This causes problems when trying to DMA map the buffer.
      For e.g. on ARM-based LS1021A, a page fault occurs within the
      DMA API when trying to access the struct page returned by
      insmod tcrypt.ko mode=403
      testing speed of async sha1 (sha1-caam)
      test  0 (   16 byte blocks,   16 bytes per update,   1 updates):
      Unable to handle kernel paging request at virtual address f07e9080
      pgd = e58d0e00
      [f07e9080] *pgd=80000080007003, *pmd=00000000
      Internal error: Oops: 206 [#1] SMP THUMB2
      Modules linked in: tcrypt(+)
      CPU: 1 PID: 1119 Comm: insmod Not tainted 4.2.0-rc1-256134-gbf433416 #1
      Hardware name: Freescale LS1021A
      task: ea063900 ti: e5a34000 task.ti: e5a34000
      PC is at dma_cache_maint_page+0x38/0xd0
      LR is at __dma_page_cpu_to_dev+0x15/0x64
      pc : [<800155a0>]    lr : [<8001564d>]    psr: 000f0033
      sp : e5a35ca0  ip : 8063df00  fp : f07e9080
      r10: 00000cd0  r9 : 8063df00  r8 : 805a2f04
      r7 : 0017f804  r6 : 00000002  r5 : ee7f9000  r4 : 00000014
      r3 : 80612d40  r2 : 01ff0080  r1 : 00000380  r0 : ee7f9000
      Flags: nzcv  IRQs on  FIQs on  Mode SVC_32  ISA Thumb  Segment user
      Control: 70c5387d  Table: e58d0e00  DAC: 9b7ede70
      Process insmod (pid: 1119, stack limit = 0xe5a34210)
      Stack: (0xe5a35ca0 to 0xe5a36000)
      [<800155a0>] (dma_cache_maint_page) from [<8001564d>] (__dma_page_cpu_to_dev+0x15/0x64)
      [<8001564d>] (__dma_page_cpu_to_dev) from [<800156eb>] (arm_dma_map_page+0x1f/0x44)
      [<800156eb>] (arm_dma_map_page) from [<802935e3>] (ahash_digest+0x35f/0x510)
      [<802935e3>] (ahash_digest) from [<7f800d03>] (test_ahash_speed.constprop.6+0x24a/0x4e4 [tcrypt])
      [<7f800d03>] (test_ahash_speed.constprop.6 [tcrypt]) from [<7f802fd5>] (do_test+0x1898/0x2058 [tcrypt])
      [<7f802fd5>] (do_test [tcrypt]) from [<7f80802f>] (tcrypt_mod_init+0x2e/0x63 [tcrypt])
      [<7f80802f>] (tcrypt_mod_init [tcrypt]) from [<80009517>] (do_one_initcall+0xb3/0x134)
      [<80009517>] (do_one_initcall) from [<80351ec7>] (do_init_module+0x3b/0x13c)
      [<80351ec7>] (do_init_module) from [<8005cc3f>] (load_module+0x97b/0x9dc)
      [<8005cc3f>] (load_module) from [<8005cd8d>] (SyS_finit_module+0x35/0x3e)
      [<8005cd8d>] (SyS_finit_module) from [<8000d101>] (ret_fast_syscall+0x1/0x4c)
      Code: 1aba 0152 eb00 0b02 (5882) 0f92
      addr2line -f -i -e vmlinux 800155a0
      Signed-off-by: default avatarHoria Geant? <horia.geanta@freescale.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
  11. 11 Sep, 2015 1 commit
  12. 31 Aug, 2015 1 commit
  13. 25 Aug, 2015 1 commit
  14. 21 Aug, 2015 2 commits
  15. 19 Aug, 2015 1 commit
  16. 17 Aug, 2015 14 commits