1. 12 Nov, 2015 1 commit
    • David Howells's avatar
      X.509: Fix the time validation [ver #2] · cc25b994
      David Howells authored
      This fixes CVE-2015-5327.  It affects kernels from 4.3-rc1 onwards.
      
      Fix the X.509 time validation to use month number-1 when looking up the
      number of days in that month.  Also put the month number validation before
      doing the lookup so as not to risk overrunning the array.
      
      This can be tested by doing the following:
      
      cat <<EOF | openssl x509 -outform DER | keyctl padd asymmetric "" @s
      -----BEGIN CERTIFICATE-----
      MIIDbjCCAlagAwIBAgIJAN/lUld+VR4hMA0GCSqGSIb3DQEBCwUAMCkxETAPBgNV
      BAoMCGxvY2FsLWNhMRQwEgYDVQQDDAtzaWduaW5nIGtleTAeFw0xNTA5MDEyMTMw
      MThaFw0xNjA4MzEyMTMwMThaMCkxETAPBgNVBAoMCGxvY2FsLWNhMRQwEgYDVQQD
      DAtzaWduaW5nIGtleTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANrn
      crcMfMeG67nagX4+m02Xk9rkmsMKI5XTUxbikROe7GSUVJ27sPVPZp4mgzoWlvhh
      jfK8CC/qhEhwep8Pgg4EJZyWOjhZb7R97ckGvLIoUC6IO3FC2ZnR7WtmWDgo2Jcj
      VlXwJdHhKU1VZwulh81O61N8IBKqz2r/kDhIWiicUCUkI/Do/RMRfKAoDBcSh86m
      gOeIAGfq62vbiZhVsX5dOE8Oo2TK5weAvwUIOR7OuGBl5AqwFlPnXQolewiHzKry
      THg9e44HfzG4Mi6wUvcJxVaQT1h5SrKD779Z5+8+wf1JLaooetcEUArvWyuxCU59
      qxA4lsTjBwl4cmEki+cCAwEAAaOBmDCBlTAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
      AwIHgDAdBgNVHQ4EFgQUyND/eKUis7ep/hXMJ8iZMdUhI+IwWQYDVR0jBFIwUIAU
      yND/eKUis7ep/hXMJ8iZMdUhI+KhLaQrMCkxETAPBgNVBAoMCGxvY2FsLWNhMRQw
      EgYDVQQDDAtzaWduaW5nIGtleYIJAN/lUld+VR4hMA0GCSqGSIb3DQEBCwUAA4IB
      AQAMqm1N1yD5pimUELLhT5eO2lRdGUfTozljRxc7e2QT3RLk2TtGhg65JFFN6eml
      XS58AEPVcAsSLDlR6WpOpOLB2giM0+fV/eYFHHmh22yqTJl4YgkdUwyzPdCHNOZL
      hmSKeY9xliHb6PNrNWWtZwhYYvRaO2DX4GXOMR0Oa2O4vaYu6/qGlZOZv3U6qZLY
      wwHEJSrqeBDyMuwN+eANHpoSpiBzD77S4e+7hUDJnql4j6xzJ65+nWJ89fCrQypR
      4sN5R3aGeIh3QAQUIKpHilwek0CtEaYERgc5m+jGyKSc1rezJW62hWRTaitOc+d5
      G5hh+9YpnYcxQHEKnZ7rFNKJ
      -----END CERTIFICATE-----
      EOF
      
      If it works, it emit a key ID; if it fails, it should give a bad message
      error.
      Reported-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Tested-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      Acked-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      cc25b994
  2. 02 Nov, 2015 1 commit
  3. 21 Oct, 2015 1 commit
    • David Howells's avatar
      KEYS: Merge the type-specific data with the payload data · 146aa8b1
      David Howells authored
      Merge the type-specific data with the payload data into one four-word chunk
      as it seems pointless to keep them separate.
      
      Use user_key_payload() for accessing the payloads of overloaded
      user-defined keys.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: linux-cifs@vger.kernel.org
      cc: ecryptfs@vger.kernel.org
      cc: linux-ext4@vger.kernel.org
      cc: linux-f2fs-devel@lists.sourceforge.net
      cc: linux-nfs@vger.kernel.org
      cc: ceph-devel@vger.kernel.org
      cc: linux-ima-devel@lists.sourceforge.net
      146aa8b1
  4. 20 Oct, 2015 3 commits
  5. 15 Oct, 2015 4 commits
  6. 14 Oct, 2015 3 commits
  7. 13 Oct, 2015 1 commit
  8. 01 Oct, 2015 2 commits
  9. 25 Sep, 2015 1 commit
    • David Howells's avatar
      X.509: Don't strip leading 00's from key ID when constructing key description · e7c87bef
      David Howells authored
      Don't strip leading zeros from the crypto key ID when using it to construct
      the struct key description as the signature in kernels up to and including
      4.2 matched this aspect of the key.  This means that 1 in 256 keys won't
      actually match if their key ID begins with 00.
      
      The key ID is stored in the module signature as binary and so must be
      converted to text in order to invoke request_key() - but it isn't stripped
      at this point.
      
      Something like this is likely to be observed in dmesg when the key is loaded:
      
      [    1.572423] Loaded X.509 cert 'Build time autogenerated kernel
          key: 62a7c3d2da278be024da4af8652c071f3fea33'
      
      followed by this when we try and use it:
      
        [    1.646153] Request for unknown module key 'Build time autogenerated
          kernel key: 0062a7c3d2da278be024da4af8652c071f3fea33' err -11
      
      The 'Loaded' line should show an extra '00' on the front of the hex string.
      
      This problem should not affect 4.3-rc1 and onwards because there the key
      should be matched on one of its auxiliary identities rather than the key
      struct's description string.
      Reported-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      Reported-by: default avatarAndy Whitcroft <apw@canonical.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      e7c87bef
  10. 21 Sep, 2015 3 commits
    • tim's avatar
      crypto: x86/sha - Add build support for Intel SHA Extensions optimized SHA1 and SHA256 · e38b6b7f
      tim authored
      This patch provides the configuration and build support to
      include and build the optimized SHA1 and SHA256 update transforms
      for the kernel's crypto library.
      Originally-by: default avatarChandramouli Narayanan <mouli_7982@yahoo.com>
      Signed-off-by: default avatarTim Chen <tim.c.chen@linux.intel.com>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      e38b6b7f
    • sudip's avatar
      crypto: asymmetric_keys - remove always false comparison · 4dd17c9c
      sudip authored
      hour, min and sec are unsigned int and they can never be less than zero.
      Signed-off-by: default avatarSudip Mukherjee <sudip@vectorindia.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4dd17c9c
    • Horia Geant?'s avatar
      crypto: tcrypt - avoid mapping from module image addresses · f074f7b1
      Horia Geant? authored
      The output buffer in test_ahash_speed will point to an address located
      within the tcrypt module image.
      This causes problems when trying to DMA map the buffer.
      For e.g. on ARM-based LS1021A, a page fault occurs within the
      DMA API when trying to access the struct page returned by
      virt_to_page(output):
      
      insmod tcrypt.ko mode=403
      
      testing speed of async sha1 (sha1-caam)
      test  0 (   16 byte blocks,   16 bytes per update,   1 updates):
      Unable to handle kernel paging request at virtual address f07e9080
      pgd = e58d0e00
      [f07e9080] *pgd=80000080007003, *pmd=00000000
      Internal error: Oops: 206 [#1] SMP THUMB2
      Modules linked in: tcrypt(+)
      CPU: 1 PID: 1119 Comm: insmod Not tainted 4.2.0-rc1-256134-gbf433416 #1
      Hardware name: Freescale LS1021A
      task: ea063900 ti: e5a34000 task.ti: e5a34000
      PC is at dma_cache_maint_page+0x38/0xd0
      LR is at __dma_page_cpu_to_dev+0x15/0x64
      pc : [<800155a0>]    lr : [<8001564d>]    psr: 000f0033
      sp : e5a35ca0  ip : 8063df00  fp : f07e9080
      r10: 00000cd0  r9 : 8063df00  r8 : 805a2f04
      r7 : 0017f804  r6 : 00000002  r5 : ee7f9000  r4 : 00000014
      r3 : 80612d40  r2 : 01ff0080  r1 : 00000380  r0 : ee7f9000
      Flags: nzcv  IRQs on  FIQs on  Mode SVC_32  ISA Thumb  Segment user
      Control: 70c5387d  Table: e58d0e00  DAC: 9b7ede70
      Process insmod (pid: 1119, stack limit = 0xe5a34210)
      Stack: (0xe5a35ca0 to 0xe5a36000)
      [...]
      [<800155a0>] (dma_cache_maint_page) from [<8001564d>] (__dma_page_cpu_to_dev+0x15/0x64)
      [<8001564d>] (__dma_page_cpu_to_dev) from [<800156eb>] (arm_dma_map_page+0x1f/0x44)
      [<800156eb>] (arm_dma_map_page) from [<802935e3>] (ahash_digest+0x35f/0x510)
      [<802935e3>] (ahash_digest) from [<7f800d03>] (test_ahash_speed.constprop.6+0x24a/0x4e4 [tcrypt])
      [<7f800d03>] (test_ahash_speed.constprop.6 [tcrypt]) from [<7f802fd5>] (do_test+0x1898/0x2058 [tcrypt])
      [<7f802fd5>] (do_test [tcrypt]) from [<7f80802f>] (tcrypt_mod_init+0x2e/0x63 [tcrypt])
      [<7f80802f>] (tcrypt_mod_init [tcrypt]) from [<80009517>] (do_one_initcall+0xb3/0x134)
      [<80009517>] (do_one_initcall) from [<80351ec7>] (do_init_module+0x3b/0x13c)
      [<80351ec7>] (do_init_module) from [<8005cc3f>] (load_module+0x97b/0x9dc)
      [<8005cc3f>] (load_module) from [<8005cd8d>] (SyS_finit_module+0x35/0x3e)
      [<8005cd8d>] (SyS_finit_module) from [<8000d101>] (ret_fast_syscall+0x1/0x4c)
      Code: 1aba 0152 eb00 0b02 (5882) 0f92
      
      addr2line -f -i -e vmlinux 800155a0
      page_zonenum
      include/linux/mm.h:728
      page_zone
      include/linux/mm.h:881
      dma_cache_maint_page
      arch/arm/mm/dma-mapping.c:822
      Signed-off-by: default avatarHoria Geant? <horia.geanta@freescale.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      f074f7b1
  11. 11 Sep, 2015 1 commit
  12. 31 Aug, 2015 1 commit
  13. 25 Aug, 2015 1 commit
  14. 21 Aug, 2015 2 commits
  15. 19 Aug, 2015 1 commit
  16. 17 Aug, 2015 14 commits