iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/crypto
History
Eric Biggers f2915986f8 X.509: fix NULL dereference when restricting key with unsupported_sig 
commit 4b34968e77ad09628cfb3c4a7daf2adc2cefc6e8 upstream.

The asymmetric key type allows an X.509 certificate to be added even if
its signature's hash algorithm is not available in the crypto API.  In
that case 'payload.data[asym_auth]' will be NULL.  But the key
restriction code failed to check for this case before trying to use the
signature, resulting in a NULL pointer dereference in
key_or_keyring_common() or in restrict_link_by_signature().

Fix this by returning -ENOPKG when the signature is unsupported.

Reproducer when all the CONFIG_CRYPTO_SHA512* options are disabled and
keyctl has support for the 'restrict_keyring' command:

    keyctl new_session
    keyctl restrict_keyring @s asymmetric builtin_trusted
    openssl req -new -sha512 -x509 -batch -nodes -outform der \
        | keyctl padd asymmetric desc @s

Fixes: a511e1af8b12 ("KEYS: Move the point of trust determination to __key_link()")
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-28 10:18:33 +01:00
..
asymmetric_keys
X.509: fix NULL dereference when restricting key with unsupported_sig
2018-02-28 10:18:33 +01:00
async_tx
async_pq_val: fix DMA memory leak
2016-10-05 06:18:09 +05:30
.gitignore
crypto: rsa - add .gitignore for crypto/*.-asn1.[ch] files
2015-06-25 23:29:24 +08:00
842.c
crypto: 842 - change 842 alg to use software
2015-05-11 15:06:43 +08:00
ablk_helper.c
crypto: ablk_helper - Fix cryptd reordering
2016-06-23 18:29:53 +08:00
ablkcipher.c
crypto: skcipher - Remove top-level givcipher interface
2016-07-18 17:35:46 +08:00
aead.c
crypto: aead - Remove blkcipher null for IV generators
2016-07-18 17:35:43 +08:00
aes_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
af_alg.c
crypto: af_alg - whitelist mask and type
2018-02-03 17:05:34 +01:00
ahash.c
crypto: hash - prevent using keyed hashes without setting key
2018-02-25 11:05:44 +01:00
akcipher.c
crypto: akcipher - add akcipher declarations needed by templates.
2015-12-09 20:03:57 +08:00
algapi.c
crypto: algapi - fix NULL dereference in crypto_remove_spawns()
2018-01-17 09:38:54 +01:00
algboss.c
crypto: algboss - Remove reference to nivaead
2015-08-17 16:53:41 +08:00
algif_aead.c
crypto: algif_aead - Require setkey before accept(2)
2017-05-20 14:28:37 +02:00
algif_hash.c
crypto: hash - prevent using keyed hashes without setting key
2018-02-25 11:05:44 +01:00
algif_rng.c
crypto: algif_rng - Remove obsolete const-removal cast
2015-04-22 09:30:21 +08:00
algif_skcipher.c
crypto: AF_ALG - remove SGL terminator indicator when chaining
2017-09-27 14:39:20 +02:00
ansi_cprng.c
crypto: ansi_cprng - Convert to new rng interface
2015-04-22 09:30:18 +08:00
anubis.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
api.c
crypto: api - Only abort operations on fatal signal
2015-10-20 21:59:25 +08:00
arc4.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
authenc.c
crypto: authenc - Use skcipher
2016-07-18 17:35:38 +08:00
authencesn.c
crypto: authencesn - Fix digest_null crash
2017-08-06 18:59:40 -07:00
blkcipher.c
crypto: skcipher - Fix blkcipher walk OOM crash
2016-09-13 18:44:57 +08:00
blowfish_common.c
crypto: blowfish - split generic and common c code
2011-09-22 21:25:25 +10:00
blowfish_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
camellia_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
cast5_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
cast6_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
cast_common.c
crypto: make tables used from assembler __visible
2013-08-14 20:42:03 +10:00
cbc.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
ccm.c
crypto: ccm - preserve the IV buffer
2017-11-15 15:53:18 +01:00
chacha20_generic.c
random: replace non-blocking pool with a Chacha20-based CRNG
2016-07-03 00:57:23 -04:00
chacha20poly1305.c
crypto: chacha20poly1305 - validate the digest size
2018-01-10 09:29:51 +01:00
cipher.c
crypto: cipher - Fix checkpatch errors
2010-02-16 20:31:37 +08:00
cmac.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
compress.c
crc32_generic.c
crypto: hash - annotate algorithms taking optional key
2018-02-25 11:05:43 +01:00
crc32c_generic.c
crypto: hash - annotate algorithms taking optional key
2018-02-25 11:05:43 +01:00
crct10dif_common.c
crypto: crct10dif - Add fallback for broken initrds
2013-09-12 15:31:34 +10:00
crct10dif_generic.c
crypto: squash lines for simple wrapper functions
2016-09-13 20:27:26 +08:00
cryptd.c
crypto: hash - annotate algorithms taking optional key
2018-02-25 11:05:43 +01:00
crypto_engine.c
kthread: kthread worker API cleanup
2016-10-11 15:06:33 -07:00
crypto_null.c
crypto: null - Remove default null blkcipher
2016-07-18 17:35:44 +08:00
crypto_user.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2016-07-21 12:26:55 +08:00
crypto_wq.c
crypto: crypto_wq - Fix late crypto work queue initialization
2014-03-21 21:54:28 +08:00
ctr.c
crypto: ctr - Use skcipher in rfc3686
2016-07-18 17:35:39 +08:00
cts.c
crypto: cts - Convert to skcipher
2016-07-18 17:35:44 +08:00
deflate.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
des_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
dh_helper.c
crypto: dh - Don't permit 'key' or 'g' size longer than 'p'
2017-11-21 09:23:29 +01:00
dh.c
crypto: dh - Fix double free of ctx->p
2017-11-24 08:33:41 +01:00
drbg.c
crypto: drbg - fix freeing of resources
2017-10-05 09:43:59 +02:00
ecb.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
ecc_curve_defs.h
crypto: ecdh - Add ECDH software support
2016-06-23 18:29:57 +08:00
ecc.c
crypto: ecdh - make ecdh_shared_secret unique
2016-06-24 21:24:59 +08:00
ecc.h
crypto: ecdh - make ecdh_shared_secret unique
2016-06-24 21:24:59 +08:00
ecdh_helper.c
crypto: ecdh - Add ECDH software support
2016-06-23 18:29:57 +08:00
ecdh.c
crypto: ecdh - make ecdh_shared_secret unique
2016-06-24 21:24:59 +08:00
echainiv.c
crypto: echainiv - Replace chaining with multiplication
2016-09-13 18:44:57 +08:00
fcrypt.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
fips.c
crypto: fips - Move fips_enabled sysctl into fips.c
2015-04-23 14:18:09 +08:00
gcm.c
crypto: gcm - wait for crypto op not signal safe
2017-06-14 15:05:55 +02:00
gf128mul.c
crypto: gf128mul - fix call to memset()
2011-07-08 17:21:21 +08:00
ghash-generic.c
crypto: ghash-generic - move common definitions to a new header file
2016-10-02 22:26:40 +08:00
hash_info.c
keys, trusted: select hash algorithm for TPM2 chips
2015-12-20 15:27:12 +02:00
hmac.c
crypto: hmac - require that the underlying hash algorithm is unkeyed
2017-12-20 10:07:15 +01:00
internal.h
crypto: api - Add crypto_type_has_alg helper
2016-01-25 22:42:12 +08:00
jitterentropy-kcapi.c
crypto: jitterentropy - use ktime_get_ns as fallback
2016-06-24 21:24:58 +08:00
jitterentropy.c
crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree"
2015-06-25 23:18:33 +08:00
Kconfig
crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
2018-02-03 17:05:34 +01:00
keywrap.c
crypto: keywrap - memzero the correct memory
2016-02-01 22:27:05 +08:00
khazad.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
kpp.c
crypto: kpp - Key-agreement Protocol Primitives API (KPP)
2016-06-23 18:29:56 +08:00
lrw.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
lz4.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
lz4hc.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
lzo.c
crypto: lzo - get rid of superfluous __GFP_REPEAT
2016-04-15 22:36:36 +08:00
Makefile
crypto: improve gcc optimization flags for serpent and wp512
2017-03-18 19:14:26 +08:00
mcryptd.c
crypto: hash - annotate algorithms taking optional key
2018-02-25 11:05:43 +01:00
md4.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
md5.c
crypto: hash - add zero length message hash for shax and md5
2015-12-22 20:43:35 +08:00
memneq.c
crypto: memneq - fix for archs without efficient unaligned access
2013-12-09 20:09:12 +08:00
michael_mic.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
pcbc.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
pcrypt.c
crypto: pcrypt - fix freeing pcrypt instances
2018-01-10 09:29:51 +01:00
poly1305_generic.c
crypto: poly1305 - remove ->setkey() method
2018-02-17 13:21:15 +01:00
proc.c
crypto: fips - Move fips_enabled sysctl into fips.c
2015-04-23 14:18:09 +08:00
ripemd.h
rmd128.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rmd160.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rmd256.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rmd320.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rng.c
crypto: rng - Do not free default RNG when it becomes unused
2015-06-22 15:49:18 +08:00
rsa_helper.c
crypto: rsa - fix buffer overread when stripping leading zeroes
2017-12-20 10:07:15 +01:00
rsa-pkcs1pad.c
crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
2017-07-15 12:16:16 +02:00
rsa.c
crypto: rsa - Generate fixed-length output
2016-07-01 23:45:18 +08:00
rsaprivkey.asn1
crypto: rsa - Store rest of the private key components
2016-07-05 23:05:26 +08:00
rsapubkey.asn1
crypto: akcipher - Changes to asymmetric key API
2015-10-14 22:23:16 +08:00
salsa20_generic.c
crypto: salsa20 - fix blkcipher_walk API usage
2017-12-20 10:07:15 +01:00
scatterwalk.c
crypto: scatterwalk - Remove unnecessary aliasing check in map_and_copy
2016-11-22 15:02:25 +08:00
seed.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
seqiv.c
crypto: skcipher - Remove top-level givcipher interface
2016-07-18 17:35:46 +08:00
serpent_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
sha1_generic.c
crypto: hash - add zero length message hash for shax and md5
2015-12-22 20:43:35 +08:00
sha3_generic.c
crypto: sha3-generic - fixes for alignment and big endian operation
2018-02-03 17:05:34 +01:00
sha256_generic.c
crypto: hash - add zero length message hash for shax and md5
2015-12-22 20:43:35 +08:00
sha512_generic.c
crypto: sha512-generic - move to generic glue implementation
2015-04-10 21:39:41 +08:00
shash.c
crypto: hash - prevent using keyed hashes without setting key
2018-02-25 11:05:44 +01:00
skcipher.c
crypto: skcipher - Add missing API setkey checks
2017-06-07 12:07:46 +02:00
tcrypt.c
crypto: tcrypt - fix S/G table for test_aead_speed()
2018-02-13 12:36:02 +01:00
tcrypt.h
crypto: tcrypt - Add ChaCha20/Poly1305 speed tests
2015-07-17 21:20:20 +08:00
tea.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
testmgr.c
crypto: testmgr - add guard to dst buffer for ahash_export
2016-10-02 22:33:43 +08:00
testmgr.h
crypto: testmgr - Pad aes_ccm_enc_tv_template vector
2017-03-12 06:41:47 +01:00
tgr192.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
twofish_common.c
crypto: twofish-x86_64-3way - add lrw support
2011-11-09 11:53:32 +08:00
twofish_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
vmac.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
wp512.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
xcbc.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
xor.c
crypto: xor - Fix warning when XOR_SELECT_TEMPLATE is unset
2016-08-31 23:00:48 +08:00
xts.c
crypto: xts - fix a little typo
2016-08-16 17:16:49 +08:00