linux-toradex.git/security/keys, branch v6.19 Linux kernel for Apalis and Colibri modules keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal 2026-01-25T17:03:45+00:00 Srish Srinivasan ssrish@linux.ibm.com 2026-01-23T16:55:03+00:00 6342969dafbc63597cfc221aa13c3b123c2800c5 TPM2_Unseal[1] expects the handle of a loaded data object, and not the handle of the parent key. But the tpm2_unseal_cmd provides the parent keyhandle instead of blob_handle for the session HMAC calculation. This causes unseal to fail. Fix this by passing blob_handle to tpm_buf_append_name(). References: [1] trustedcomputinggroup.org/wp-content/uploads/ Trusted-Platform-Module-2.0-Library-Part-3-Version-184_pub.pdf Fixes: 6e9722e9a7bf ("tpm2-sessions: Fix out of range indexing in name_size") Signed-off-by: Srish Srinivasan <ssrish@linux.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 
TPM2_Unseal[1] expects the handle of a loaded data object, and not the
handle of the parent key. But the tpm2_unseal_cmd provides the parent
keyhandle instead of blob_handle for the session HMAC calculation. This
causes unseal to fail.

Fix this by passing blob_handle to tpm_buf_append_name().

References:

[1] trustedcomputinggroup.org/wp-content/uploads/
    Trusted-Platform-Module-2.0-Library-Part-3-Version-184_pub.pdf

Fixes: 6e9722e9a7bf ("tpm2-sessions: Fix out of range indexing in name_size")
Signed-off-by: Srish Srinivasan <ssrish@linux.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
tpm2-sessions: Open code tpm_buf_append_hmac_session() 2025-12-05T04:42:51+00:00 Jarkko Sakkinen jarkko.sakkinen@opinsys.com 2025-09-30T20:44:19+00:00 b7960b90486139022d2d39caad90db252c469bab Open code 'tpm_buf_append_hmac_session_opt' to the call site, as it only masks a call sequence and does otherwise nothing particularly useful. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com> Reviewed-by: Jonathan McDowell <noodles@meta.com> 
Open code 'tpm_buf_append_hmac_session_opt' to the call site, as it only
masks a call sequence and does otherwise nothing particularly useful.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>
Reviewed-by: Jonathan McDowell <noodles@meta.com>
tpm2-sessions: Fix out of range indexing in name_size 2025-12-05T04:31:07+00:00 Jarkko Sakkinen jarkko@kernel.org 2025-11-30T19:07:12+00:00 6e9722e9a7bfe1bbad649937c811076acf86e1fd 'name_size' does not have any range checks, and it just directly indexes with TPM_ALG_ID, which could lead into memory corruption at worst. Address the issue by only processing known values and returning -EINVAL for unrecognized values. Make also 'tpm_buf_append_name' and 'tpm_buf_fill_hmac_session' fallible so that errors are detected before causing any spurious TPM traffic. End also the authorization session on failure in both of the functions, as the session state would be then by definition corrupted. Cc: stable@vger.kernel.org # v6.10+ Fixes: 1085b8276bb4 ("tpm: Add the rest of the session HMAC API") Reviewed-by: Jonathan McDowell <noodles@meta.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 
'name_size' does not have any range checks, and it just directly indexes
with TPM_ALG_ID, which could lead into memory corruption at worst.

Address the issue by only processing known values and returning -EINVAL for
unrecognized values.

Make also 'tpm_buf_append_name' and 'tpm_buf_fill_hmac_session' fallible so
that errors are detected before causing any spurious TPM traffic.

End also the authorization session on failure in both of the functions, as
the session state would be then by definition corrupted.

Cc: stable@vger.kernel.org # v6.10+
Fixes: 1085b8276bb4 ("tpm: Add the rest of the session HMAC API")
Reviewed-by: Jonathan McDowell <noodles@meta.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
KEYS: trusted: Use tpm_ret_to_err() in trusted_tpm2 2025-12-03T20:55:28+00:00 Jarkko Sakkinen jarkko.sakkinen@opinsys.com 2025-09-30T13:06:51+00:00 09b71a58ee355ae09f302bd0875a29ffbcbbe3ac Use tpm_ret_to_err() to transmute TPM return codes in trusted_tpm2. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com> Acked-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 
Use tpm_ret_to_err() to transmute TPM return codes in trusted_tpm2.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Merge tag 'v6.19-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2025-12-03T19:28:38+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-12-03T19:28:38+00:00 a619fe35ab41fded440d3762d4fbad84ff86a4d4 Pull crypto updates from Herbert Xu: "API: - Rewrite memcpy_sglist from scratch - Add on-stack AEAD request allocation - Fix partial block processing in ahash Algorithms: - Remove ansi_cprng - Remove tcrypt tests for poly1305 - Fix EINPROGRESS processing in authenc - Fix double-free in zstd Drivers: - Use drbg ctr helper when reseeding xilinx-trng - Add support for PCI device 0x115A to ccp - Add support of paes in caam - Add support for aes-xts in dthev2 Others: - Use likely in rhashtable lookup - Fix lockdep false-positive in padata by removing a helper" * tag 'v6.19-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (71 commits) crypto: zstd - fix double-free in per-CPU stream cleanup crypto: ahash - Zero positive err value in ahash_update_finish crypto: ahash - Fix crypto_ahash_import with partial block data crypto: lib/mpi - use min() instead of min_t() crypto: ccp - use min() instead of min_t() hwrng: core - use min3() instead of nested min_t() crypto: aesni - ctr_crypt() use min() instead of min_t() crypto: drbg - Delete unused ctx from struct sdesc crypto: testmgr - Add missing DES weak and semi-weak key tests Revert "crypto: scatterwalk - Move skcipher walk and use it for memcpy_sglist" crypto: scatterwalk - Fix memcpy_sglist() to always succeed crypto: iaa - Request to add Kanchana P Sridhar to Maintainers. crypto: tcrypt - Remove unused poly1305 support crypto: ansi_cprng - Remove unused ansi_cprng algorithm crypto: asymmetric_keys - fix uninitialized pointers with free attribute KEYS: Avoid -Wflex-array-member-not-at-end warning crypto: ccree - Correctly handle return of sg_nents_for_len crypto: starfive - Correctly handle return of sg_nents_for_len crypto: iaa - Fix incorrect return value in save_iaa_wq() crypto: zstd - Remove unnecessary size_t cast ... 
Pull crypto updates from Herbert Xu:
 "API:
   - Rewrite memcpy_sglist from scratch
   - Add on-stack AEAD request allocation
   - Fix partial block processing in ahash

  Algorithms:
   - Remove ansi_cprng
   - Remove tcrypt tests for poly1305
   - Fix EINPROGRESS processing in authenc
   - Fix double-free in zstd

  Drivers:
   - Use drbg ctr helper when reseeding xilinx-trng
   - Add support for PCI device 0x115A to ccp
   - Add support of paes in caam
   - Add support for aes-xts in dthev2

  Others:
   - Use likely in rhashtable lookup
   - Fix lockdep false-positive in padata by removing a helper"

* tag 'v6.19-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (71 commits)
  crypto: zstd - fix double-free in per-CPU stream cleanup
  crypto: ahash - Zero positive err value in ahash_update_finish
  crypto: ahash - Fix crypto_ahash_import with partial block data
  crypto: lib/mpi - use min() instead of min_t()
  crypto: ccp - use min() instead of min_t()
  hwrng: core - use min3() instead of nested min_t()
  crypto: aesni - ctr_crypt() use min() instead of min_t()
  crypto: drbg - Delete unused ctx from struct sdesc
  crypto: testmgr - Add missing DES weak and semi-weak key tests
  Revert "crypto: scatterwalk - Move skcipher walk and use it for memcpy_sglist"
  crypto: scatterwalk - Fix memcpy_sglist() to always succeed
  crypto: iaa - Request to add Kanchana P Sridhar to Maintainers.
  crypto: tcrypt - Remove unused poly1305 support
  crypto: ansi_cprng - Remove unused ansi_cprng algorithm
  crypto: asymmetric_keys - fix uninitialized pointers with free attribute
  KEYS: Avoid -Wflex-array-member-not-at-end warning
  crypto: ccree - Correctly handle return of sg_nents_for_len
  crypto: starfive - Correctly handle return of sg_nents_for_len
  crypto: iaa - Fix incorrect return value in save_iaa_wq()
  crypto: zstd - Remove unnecessary size_t cast
  ...
Merge tag 'keys-trusted-next-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd 2025-12-03T17:45:23+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-12-03T17:45:23+00:00 7fc2cd2e4b398c57c9cf961cfea05eadbf34c05c Pull trusted key updates from Jarkko Sakkinen: - Remove duplicate 'tpm2_hash_map' in favor of 'tpm2_find_hash_alg()' - Fix a memory leak on failure paths of 'tpm2_load_cmd' * tag 'keys-trusted-next-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: KEYS: trusted: Fix a memory leak in tpm2_load_cmd KEYS: trusted: Replace a redundant instance of tpm2_hash_map 
Pull trusted key updates from Jarkko Sakkinen:

 - Remove duplicate 'tpm2_hash_map' in favor of 'tpm2_find_hash_alg()'

 - Fix a memory leak on failure paths of 'tpm2_load_cmd'

* tag 'keys-trusted-next-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
  KEYS: trusted: Fix a memory leak in tpm2_load_cmd
  KEYS: trusted: Replace a redundant instance of tpm2_hash_map
Merge tag 'keys-next-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd 2025-12-03T17:41:04+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-12-03T17:41:04+00:00 b082c4b06056139b2f3e0a8a0fa3235e145fba80 Pull keys update from Jarkko Sakkinen: "This contains only three fixes" * tag 'keys-next-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: keys: Fix grammar and formatting in 'struct key_type' comments keys: Replace deprecated strncpy in ecryptfs_fill_auth_tok keys: Remove redundant less-than-zero checks 
Pull keys update from Jarkko Sakkinen:
 "This contains only three fixes"

* tag 'keys-next-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
  keys: Fix grammar and formatting in 'struct key_type' comments
  keys: Replace deprecated strncpy in ecryptfs_fill_auth_tok
  keys: Remove redundant less-than-zero checks
KEYS: trusted: Fix a memory leak in tpm2_load_cmd 2025-11-29T20:57:30+00:00 Jarkko Sakkinen jarkko@kernel.org 2025-10-18T10:30:36+00:00 62cd5d480b9762ce70d720a81fa5b373052ae05f 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper. Cc: stable@vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 
'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode'
but it is not freed in the failure paths. Address this by wrapping the blob
into with a cleanup helper.

Cc: stable@vger.kernel.org # v5.13+
Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
KEYS: trusted: Replace a redundant instance of tpm2_hash_map 2025-11-29T20:57:30+00:00 Jarkko Sakkinen jarkko@kernel.org 2025-10-18T17:41:36+00:00 127fa2ae9e2b1f9b9d876dfaa39fe3640cec5764 'trusted_tpm2' duplicates 'tpm2_hash_map' originally part of the TPN driver, which is suboptimal. Implement and export `tpm2_find_hash_alg()` in the driver, and substitute the redundant code in 'trusted_tpm2' with a call to the new function. Reviewed-by: Jonathan McDowell <noodles@meta.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 
'trusted_tpm2' duplicates 'tpm2_hash_map' originally part of the TPN
driver, which is suboptimal.

Implement and export `tpm2_find_hash_alg()` in the driver, and substitute
the redundant code in 'trusted_tpm2' with a call to the new function.

Reviewed-by: Jonathan McDowell <noodles@meta.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
keys: Replace deprecated strncpy in ecryptfs_fill_auth_tok 2025-11-27T21:50:20+00:00 Thorsten Blum thorsten.blum@linux.dev 2025-10-13T15:26:28+00:00 a0a76e3f8d9a0da679ea721decd26f8951eb2110 strncpy() is deprecated for NUL-terminated destination buffers; use strscpy_pad() instead to retain the NUL-padding behavior of strncpy(). The destination buffer is initialized using kzalloc() with a 'signature' size of ECRYPTFS_PASSWORD_SIG_SIZE + 1. strncpy() then copies up to ECRYPTFS_PASSWORD_SIG_SIZE bytes from 'key_desc', NUL-padding any remaining bytes if needed, but expects the last byte to be zero. strscpy_pad() also copies the source string to 'signature', and NUL-pads the destination buffer if needed, but ensures it's always NUL-terminated without relying on it being zero-initialized. strscpy_pad() automatically determines the size of the fixed-length destination buffer via sizeof() when the optional size argument is omitted, making an explicit size unnecessary. In encrypted_init(), the source string 'key_desc' is validated by valid_ecryptfs_desc() before calling ecryptfs_fill_auth_tok(), and is therefore NUL-terminated and satisfies the __must_be_cstr() requirement of strscpy_pad(). Link: https://github.com/KSPP/linux/issues/90 Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Reviewed-by: Kees Cook <kees@kernel.org> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 
strncpy() is deprecated for NUL-terminated destination buffers; use
strscpy_pad() instead to retain the NUL-padding behavior of strncpy().

The destination buffer is initialized using kzalloc() with a 'signature'
size of ECRYPTFS_PASSWORD_SIG_SIZE + 1. strncpy() then copies up to
ECRYPTFS_PASSWORD_SIG_SIZE bytes from 'key_desc', NUL-padding any
remaining bytes if needed, but expects the last byte to be zero.

strscpy_pad() also copies the source string to 'signature', and NUL-pads
the destination buffer if needed, but ensures it's always NUL-terminated
without relying on it being zero-initialized.

strscpy_pad() automatically determines the size of the fixed-length
destination buffer via sizeof() when the optional size argument is
omitted, making an explicit size unnecessary.

In encrypted_init(), the source string 'key_desc' is validated by
valid_ecryptfs_desc() before calling ecryptfs_fill_auth_tok(), and is
therefore NUL-terminated and satisfies the __must_be_cstr() requirement
of strscpy_pad().

Link: https://github.com/KSPP/linux/issues/90
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>