linux-toradex.git/security/keys/encrypted-keys, branch v3.2.73 Linux kernel for Apalis and Colibri modules KEYS: Fix stale key registration at error path 2015-02-20T00:49:29+00:00 Takashi Iwai tiwai@suse.de 2014-12-04T17:25:19+00:00 655f4c99e1b105fe481f254ed1cb7af0ba64f550 commit b26bdde5bb27f3f900e25a95e33a0c476c8c2c48 upstream. When loading encrypted-keys module, if the last check of aes_get_sizes() in init_encrypted() fails, the driver just returns an error without unregistering its key type. This results in the stale entry in the list. In addition to memory leaks, this leads to a kernel crash when registering a new key type later. This patch fixes the problem by swapping the calls of aes_get_sizes() and register_key_type(), and releasing resources properly at the error paths. Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=908163 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 
commit b26bdde5bb27f3f900e25a95e33a0c476c8c2c48 upstream.

When loading encrypted-keys module, if the last check of
aes_get_sizes() in init_encrypted() fails, the driver just returns an
error without unregistering its key type.  This results in the stale
entry in the list.  In addition to memory leaks, this leads to a kernel
crash when registering a new key type later.

This patch fixes the problem by swapping the calls of aes_get_sizes()
and register_key_type(), and releasing resources properly at the error
paths.

Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=908163
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
encrypted-keys: module build fixes 2011-11-16T19:23:14+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2011-10-16T23:17:48+00:00 9c69898783a0121399ec078d40d4ccc00e3cb0df Encrypted keys are encrypted/decrypted using either a trusted or user-defined key type, which is referred to as the 'master' key. The master key may be of type trusted iff the trusted key is builtin or both the trusted key and encrypted keys are built as modules. This patch resolves the build dependency problem. - Use "masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS)" construct to encapsulate the above logic. (Suggested by Dimtry Kasatkin.) - Fixing the encrypted-keys Makefile, results in a module name change from encrypted.ko to encrypted-keys.ko. - Add module dependency for request_trusted_key() definition Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 
Encrypted keys are encrypted/decrypted using either a trusted or
user-defined key type, which is referred to as the 'master' key.
The master key may be of type trusted iff the trusted key is
builtin or both the trusted key and encrypted keys are built as
modules.  This patch resolves the build dependency problem.

- Use "masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS)" construct
to encapsulate the above logic. (Suggested by Dimtry Kasatkin.)
- Fixing the encrypted-keys Makefile, results in a module name change
from encrypted.ko to encrypted-keys.ko.
- Add module dependency for request_trusted_key() definition

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
encrypted-keys: fix error return code 2011-11-16T19:23:13+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2011-10-24T12:17:42+00:00 f4a0d5abef14562c37dee5a1d49180f494106230 Fix request_master_key() error return code. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 
Fix request_master_key() error return code.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
security: follow rename pack_hex_byte() to hex_byte_pack() 2011-11-01T00:30:56+00:00 Andy Shevchenko andriy.shevchenko@linux.intel.com 2011-11-01T00:12:55+00:00 02473119bc54b0b239c2501064c7a37314347f87 There is no functional change. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Mimi Zohar <zohar@us.ibm.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
There is no functional change.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Mimi Zohar <zohar@us.ibm.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
encrypted-keys: check hex2bin result 2011-09-21T03:26:44+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2011-09-20T15:23:55+00:00 2b3ff6319e2312656fbefe0209bef02d58b6836a For each hex2bin call in encrypted keys, check that the ascii hex string is valid. On failure, return -EINVAL. Changelog v1: - hex2bin now returns an int Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com> 
For each hex2bin call in encrypted keys, check that the ascii hex string
is valid.  On failure, return -EINVAL.

Changelog v1:
- hex2bin now returns an int

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
encrypted-keys: IS_ERR need include/err.h 2011-09-15T21:37:24+00:00 Stephen Rothwell sfr@canb.auug.org.au 2011-09-15T07:07:15+00:00 cc100551b4d92f47abebfa7c7918b2be71263b4a Fixes this build error: security/keys/encrypted-keys/masterkey_trusted.c: In function 'request_trusted_key': security/keys/encrypted-keys/masterkey_trusted.c:35:2: error: implicit declaration of function 'IS_ERR' Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 
Fixes this build error:

security/keys/encrypted-keys/masterkey_trusted.c: In function 'request_trusted_key':
security/keys/encrypted-keys/masterkey_trusted.c:35:2: error: implicit declaration of function 'IS_ERR'

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
encrypted-keys: remove trusted-keys dependency 2011-09-14T19:23:49+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2011-08-28T02:21:26+00:00 982e617a313b57abee3bcfa53381c356d00fd64a Encrypted keys are decrypted/encrypted using either a trusted-key or, for those systems without a TPM, a user-defined key. This patch removes the trusted-keys and TCG_TPM dependencies. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 
Encrypted keys are decrypted/encrypted using either a trusted-key or,
for those systems without a TPM, a user-defined key.  This patch
removes the trusted-keys and TCG_TPM dependencies.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
encrypted-keys: create encrypted-keys directory 2011-09-14T19:22:26+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2011-09-14T19:06:00+00:00 61cf45d0199041df1a8ba334b6bf4a3a13b7f904 Move all files associated with encrypted keys to keys/encrypted-keys. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 
Move all files associated with encrypted keys to keys/encrypted-keys.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>