forked from Minki/linux
Keyrings miscellany
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEqG5UsNXhtOCrfGQP+7dXa6fLC2sFAmAj3ncACgkQ+7dXa6fL C2s7eQ/+Obr0Mp9mYJhht/LN3YAIgFrgyPCgwsmYsanc0j8cdECDMoz6b287/W3g 69zHQUv7iVqHPIK+NntBSSpHKlCapfUKikt5c9kfPNuDn3aT3ZpTBr1t3DYJX1uO K6tMUXNDNoi1O70yqsVZEq4Qcv2+1uQXP+F/GxjNkd/brID1HsV/VENKCLSRbyP/ iazgXx/hChQSdu0YbZwMCkuVErEAJvRWU75l9D1v1Uaaaqro5QdelMdz9DZeO4E5 CirXXA5d9zAA9ANj0T7odyg79vhFOz8yc0lFhybc/EPNYSHeOV1o8eK3h4ZIZ+hl BShwe7feHlmxkQ5WQBppjAn+aFiBtw7LKIptS3YpMI5M7clgT1THDPhgOdVWmbZk sBbD0bToP8sst6Zi/95StbqawjagR3uE6YBXRVSyTefGQdG1q1c0u9FM/8bZTc3B q4iDTbvfYdUFN6ywQZhh09v6ljZLdNSv0ht1wLcgByBmgdBvzmBgfczEKtAZcxfY cLBRvjc8ZjWpfqjrvmmURGQaqwVlO9YBGRzJJwALH9xib1IQbuVmUOilaIGTcCiE W1Qd4YLPh8Gv1B9GDY2HMw56IGp75QHD56KwIbf93c8JeEB08/iWSuH+kKwyup8+ h5xXpzt5NKAx4GQesWeBjWvt+AmZ+uJDtt4dNb/j91gmbh3POTI= =HCrJ -----END PGP SIGNATURE----- Merge tag 'keys-misc-20210126' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull keyring updates from David Howells: "Here's a set of minor keyrings fixes/cleanups that I've collected from various people for the upcoming merge window. A couple of them might, in theory, be visible to userspace: - Make blacklist_vet_description() reject uppercase letters as they don't match the all-lowercase hex string generated for a blacklist search. This may want reconsideration in the future, but, currently, you can't add to the blacklist keyring from userspace and the only source of blacklist keys generates lowercase descriptions. - Fix blacklist_init() to use a new KEY_ALLOC_* flag to indicate that it wants KEY_FLAG_KEEP to be set rather than passing KEY_FLAG_KEEP into keyring_alloc() as KEY_FLAG_KEEP isn't a valid alloc flag. This isn't currently a problem as the blacklist keyring isn't currently writable by userspace. The rest of the patches are cleanups and I don't think they should have any visible effect" * tag 'keys-misc-20210126' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: watch_queue: rectify kernel-doc for init_watch() certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID certs: Fix blacklist flag type confusion PKCS#7: Fix missing include certs: Fix blacklisted hexadecimal hash string check certs/blacklist: fix kernel doc interface issue crypto: public_key: Remove redundant header file from public_key.h keys: remove trailing semicolon in macro definition crypto: pkcs7: Use match_string() helper to simplify the code PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one encrypted-keys: Replace HTTP links with HTTPS ones crypto: asymmetric_keys: fix some comments in pkcs7_parser.h KEYS: remove redundant memset security: keys: delete repeated words in comments KEYS: asymmetric: Fix kerneldoc security/keys: use kvfree_sensitive() watch_queue: Drop references to /dev/watch_queue keys: Remove outdated __user annotations security: keys: Fix fall-through warnings for Clang
This commit is contained in:
commit
c03c21ba6f
@ -1040,8 +1040,8 @@ The keyctl syscall functions are:
|
||||
|
||||
"key" is the ID of the key to be watched.
|
||||
|
||||
"queue_fd" is a file descriptor referring to an open "/dev/watch_queue"
|
||||
which manages the buffer into which notifications will be delivered.
|
||||
"queue_fd" is a file descriptor referring to an open pipe which
|
||||
manages the buffer into which notifications will be delivered.
|
||||
|
||||
"filter" is either NULL to remove a watch or a filter specification to
|
||||
indicate what events are required from the key.
|
||||
|
@ -14,6 +14,7 @@
|
||||
#include <linux/ctype.h>
|
||||
#include <linux/err.h>
|
||||
#include <linux/seq_file.h>
|
||||
#include <linux/uidgid.h>
|
||||
#include <keys/system_keyring.h>
|
||||
#include "blacklist.h"
|
||||
|
||||
@ -37,7 +38,7 @@ static int blacklist_vet_description(const char *desc)
|
||||
found_colon:
|
||||
desc++;
|
||||
for (; *desc; desc++) {
|
||||
if (!isxdigit(*desc))
|
||||
if (!isxdigit(*desc) || isupper(*desc))
|
||||
return -EINVAL;
|
||||
n++;
|
||||
}
|
||||
@ -78,7 +79,7 @@ static struct key_type key_type_blacklist = {
|
||||
|
||||
/**
|
||||
* mark_hash_blacklisted - Add a hash to the system blacklist
|
||||
* @hash - The hash as a hex string with a type prefix (eg. "tbs:23aa429783")
|
||||
* @hash: The hash as a hex string with a type prefix (eg. "tbs:23aa429783")
|
||||
*/
|
||||
int mark_hash_blacklisted(const char *hash)
|
||||
{
|
||||
@ -156,13 +157,12 @@ static int __init blacklist_init(void)
|
||||
|
||||
blacklist_keyring =
|
||||
keyring_alloc(".blacklist",
|
||||
KUIDT_INIT(0), KGIDT_INIT(0),
|
||||
current_cred(),
|
||||
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
|
||||
(KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
KEY_USR_VIEW | KEY_USR_READ |
|
||||
KEY_USR_SEARCH,
|
||||
KEY_ALLOC_NOT_IN_QUOTA |
|
||||
KEY_FLAG_KEEP,
|
||||
KEY_ALLOC_SET_KEEP,
|
||||
NULL, NULL);
|
||||
if (IS_ERR(blacklist_keyring))
|
||||
panic("Can't allocate system blacklist keyring\n");
|
||||
|
@ -11,6 +11,7 @@
|
||||
#include <linux/cred.h>
|
||||
#include <linux/err.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/uidgid.h>
|
||||
#include <linux/verification.h>
|
||||
#include <keys/asymmetric-type.h>
|
||||
#include <keys/system_keyring.h>
|
||||
@ -98,7 +99,7 @@ static __init int system_trusted_keyring_init(void)
|
||||
|
||||
builtin_trusted_keys =
|
||||
keyring_alloc(".builtin_trusted_keys",
|
||||
KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
|
||||
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
|
||||
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
|
||||
KEY_ALLOC_NOT_IN_QUOTA,
|
||||
@ -109,7 +110,7 @@ static __init int system_trusted_keyring_init(void)
|
||||
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
||||
secondary_trusted_keys =
|
||||
keyring_alloc(".secondary_trusted_keys",
|
||||
KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
|
||||
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
|
||||
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH |
|
||||
KEY_USR_WRITE),
|
||||
|
@ -152,7 +152,8 @@ EXPORT_SYMBOL_GPL(asymmetric_key_generate_id);
|
||||
|
||||
/**
|
||||
* asymmetric_key_id_same - Return true if two asymmetric keys IDs are the same.
|
||||
* @kid_1, @kid_2: The key IDs to compare
|
||||
* @kid1: The key ID to compare
|
||||
* @kid2: The key ID to compare
|
||||
*/
|
||||
bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
|
||||
const struct asymmetric_key_id *kid2)
|
||||
@ -168,7 +169,8 @@ EXPORT_SYMBOL_GPL(asymmetric_key_id_same);
|
||||
/**
|
||||
* asymmetric_key_id_partial - Return true if two asymmetric keys IDs
|
||||
* partially match
|
||||
* @kid_1, @kid_2: The key IDs to compare
|
||||
* @kid1: The key ID to compare
|
||||
* @kid2: The key ID to compare
|
||||
*/
|
||||
bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
|
||||
const struct asymmetric_key_id *kid2)
|
||||
|
@ -41,10 +41,9 @@ struct pkcs7_signed_info {
|
||||
*
|
||||
* This contains the generated digest of _either_ the Content Data or
|
||||
* the Authenticated Attributes [RFC2315 9.3]. If the latter, one of
|
||||
* the attributes contains the digest of the the Content Data within
|
||||
* it.
|
||||
* the attributes contains the digest of the Content Data within it.
|
||||
*
|
||||
* THis also contains the issuing cert serial number and issuer's name
|
||||
* This also contains the issuing cert serial number and issuer's name
|
||||
* [PKCS#7 or CMS ver 1] or issuing cert's SKID [CMS ver 3].
|
||||
*/
|
||||
struct public_key_signature *sig;
|
||||
|
@ -16,7 +16,7 @@
|
||||
#include <crypto/public_key.h>
|
||||
#include "pkcs7_parser.h"
|
||||
|
||||
/**
|
||||
/*
|
||||
* Check the trust on one PKCS#7 SignedInfo block.
|
||||
*/
|
||||
static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
|
||||
|
@ -141,11 +141,10 @@ int pkcs7_get_digest(struct pkcs7_message *pkcs7, const u8 **buf, u32 *len,
|
||||
*buf = sinfo->sig->digest;
|
||||
*len = sinfo->sig->digest_size;
|
||||
|
||||
for (i = 0; i < HASH_ALGO__LAST; i++)
|
||||
if (!strcmp(hash_algo_name[i], sinfo->sig->hash_algo)) {
|
||||
*hash_algo = i;
|
||||
break;
|
||||
}
|
||||
i = match_string(hash_algo_name, HASH_ALGO__LAST,
|
||||
sinfo->sig->hash_algo);
|
||||
if (i >= 0)
|
||||
*hash_algo = i;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -12,7 +12,6 @@
|
||||
|
||||
#include <linux/keyctl.h>
|
||||
#include <linux/oid_registry.h>
|
||||
#include <crypto/akcipher.h>
|
||||
|
||||
/*
|
||||
* Cryptographic data for the public-key subtype of the asymmetric key type.
|
||||
|
@ -2,7 +2,7 @@
|
||||
/*
|
||||
* Copyright (C) 2010 IBM Corporation
|
||||
* Copyright (C) 2010 Politecnico di Torino, Italy
|
||||
* TORSEC group -- http://security.polito.it
|
||||
* TORSEC group -- https://security.polito.it
|
||||
*
|
||||
* Authors:
|
||||
* Mimi Zohar <zohar@us.ibm.com>
|
||||
|
@ -289,6 +289,7 @@ extern struct key *key_alloc(struct key_type *type,
|
||||
#define KEY_ALLOC_BUILT_IN 0x0004 /* Key is built into kernel */
|
||||
#define KEY_ALLOC_BYPASS_RESTRICTION 0x0008 /* Override the check on restricted keyrings */
|
||||
#define KEY_ALLOC_UID_KEYRING 0x0010 /* allocating a user or user session keyring */
|
||||
#define KEY_ALLOC_SET_KEEP 0x0020 /* Set the KEEP flag on the key/keyring */
|
||||
|
||||
extern void key_revoke(struct key *key);
|
||||
extern void key_invalidate(struct key *key);
|
||||
@ -360,7 +361,7 @@ static inline struct key *request_key(struct key_type *type,
|
||||
* completion of keys undergoing construction with a non-interruptible wait.
|
||||
*/
|
||||
#define request_key_net(type, description, net, callout_info) \
|
||||
request_key_tag(type, description, net->key_domain, callout_info);
|
||||
request_key_tag(type, description, net->key_domain, callout_info)
|
||||
|
||||
/**
|
||||
* request_key_net_rcu - Request a key for a net namespace under RCU conditions
|
||||
@ -372,7 +373,7 @@ static inline struct key *request_key(struct key_type *type,
|
||||
* network namespace are used.
|
||||
*/
|
||||
#define request_key_net_rcu(type, description, net) \
|
||||
request_key_rcu(type, description, net->key_domain);
|
||||
request_key_rcu(type, description, net->key_domain)
|
||||
#endif /* CONFIG_NET */
|
||||
|
||||
extern int wait_for_key_construction(struct key *key, bool intr);
|
||||
|
@ -8,6 +8,8 @@
|
||||
#ifndef _LINUX_VERIFICATION_H
|
||||
#define _LINUX_VERIFICATION_H
|
||||
|
||||
#include <linux/types.h>
|
||||
|
||||
/*
|
||||
* Indicate that both builtin trusted keys and secondary trusted keys
|
||||
* should be used.
|
||||
|
@ -413,7 +413,7 @@ static void put_watch(struct watch *watch)
|
||||
}
|
||||
|
||||
/**
|
||||
* init_watch_queue - Initialise a watch
|
||||
* init_watch - Initialise a watch
|
||||
* @watch: The watch to initialise.
|
||||
* @wqueue: The queue to assign.
|
||||
*
|
||||
|
@ -210,7 +210,7 @@ config SAMPLE_WATCHDOG
|
||||
depends on CC_CAN_LINK
|
||||
|
||||
config SAMPLE_WATCH_QUEUE
|
||||
bool "Build example /dev/watch_queue notification consumer"
|
||||
bool "Build example watch_queue notification API consumer"
|
||||
depends on CC_CAN_LINK && HEADERS_INSTALL
|
||||
help
|
||||
Build example userspace program to use the new mount_notify(),
|
||||
|
@ -1,5 +1,5 @@
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/* Use /dev/watch_queue to watch for notifications.
|
||||
/* Use watch_queue API to watch for notifications.
|
||||
*
|
||||
* Copyright (C) 2020 Red Hat, Inc. All Rights Reserved.
|
||||
* Written by David Howells (dhowells@redhat.com)
|
||||
|
@ -38,13 +38,12 @@ __init int ima_mok_init(void)
|
||||
(KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
KEY_USR_VIEW | KEY_USR_READ |
|
||||
KEY_USR_WRITE | KEY_USR_SEARCH,
|
||||
KEY_ALLOC_NOT_IN_QUOTA,
|
||||
KEY_ALLOC_NOT_IN_QUOTA |
|
||||
KEY_ALLOC_SET_KEEP,
|
||||
restriction, NULL);
|
||||
|
||||
if (IS_ERR(ima_blacklist_keyring))
|
||||
panic("Can't allocate IMA blacklist keyring.");
|
||||
|
||||
set_bit(KEY_FLAG_KEEP, &ima_blacklist_keyring->flags);
|
||||
return 0;
|
||||
}
|
||||
device_initcall(ima_mok_init);
|
||||
|
@ -119,7 +119,7 @@ config KEY_NOTIFICATIONS
|
||||
bool "Provide key/keyring change notifications"
|
||||
depends on KEYS && WATCH_QUEUE
|
||||
help
|
||||
This option provides support for getting change notifications on keys
|
||||
and keyrings on which the caller has View permission. This makes use
|
||||
of the /dev/watch_queue misc device to handle the notification
|
||||
buffer and provides KEYCTL_WATCH_KEY to enable/disable watches.
|
||||
This option provides support for getting change notifications
|
||||
on keys and keyrings on which the caller has View permission.
|
||||
This makes use of pipes to handle the notification buffer and
|
||||
provides KEYCTL_WATCH_KEY to enable/disable watches.
|
||||
|
@ -121,8 +121,7 @@ int big_key_preparse(struct key_preparsed_payload *prep)
|
||||
*path = file->f_path;
|
||||
path_get(path);
|
||||
fput(file);
|
||||
memzero_explicit(buf, enclen);
|
||||
kvfree(buf);
|
||||
kvfree_sensitive(buf, enclen);
|
||||
} else {
|
||||
/* Just store the data in a buffer */
|
||||
void *data = kmalloc(datalen, GFP_KERNEL);
|
||||
@ -140,8 +139,7 @@ err_fput:
|
||||
err_enckey:
|
||||
kfree_sensitive(enckey);
|
||||
error:
|
||||
memzero_explicit(buf, enclen);
|
||||
kvfree(buf);
|
||||
kvfree_sensitive(buf, enclen);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -273,8 +271,7 @@ long big_key_read(const struct key *key, char *buffer, size_t buflen)
|
||||
err_fput:
|
||||
fput(file);
|
||||
error:
|
||||
memzero_explicit(buf, enclen);
|
||||
kvfree(buf);
|
||||
kvfree_sensitive(buf, enclen);
|
||||
} else {
|
||||
ret = datalen;
|
||||
memcpy(buffer, key->payload.data[big_key_data], datalen);
|
||||
|
@ -303,6 +303,8 @@ struct key *key_alloc(struct key_type *type, const char *desc,
|
||||
key->flags |= 1 << KEY_FLAG_BUILTIN;
|
||||
if (flags & KEY_ALLOC_UID_KEYRING)
|
||||
key->flags |= 1 << KEY_FLAG_UID_KEYRING;
|
||||
if (flags & KEY_ALLOC_SET_KEEP)
|
||||
key->flags |= 1 << KEY_FLAG_KEEP;
|
||||
|
||||
#ifdef KEY_DEBUGGING
|
||||
key->magic = KEY_DEBUG_MAGIC;
|
||||
|
@ -506,7 +506,7 @@ error:
|
||||
* keyring, otherwise replace the link to the matching key with a link to the
|
||||
* new key.
|
||||
*
|
||||
* The key must grant the caller Link permission and the the keyring must grant
|
||||
* The key must grant the caller Link permission and the keyring must grant
|
||||
* the caller Write permission. Furthermore, if an additional link is created,
|
||||
* the keyring's quota will be extended.
|
||||
*
|
||||
|
@ -166,8 +166,6 @@ long keyctl_pkey_query(key_serial_t id,
|
||||
struct kernel_pkey_query res;
|
||||
long ret;
|
||||
|
||||
memset(¶ms, 0, sizeof(params));
|
||||
|
||||
ret = keyctl_pkey_params_get(id, _info, ¶ms);
|
||||
if (ret < 0)
|
||||
goto error;
|
||||
|
@ -452,7 +452,7 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m)
|
||||
struct keyring_read_iterator_context {
|
||||
size_t buflen;
|
||||
size_t count;
|
||||
key_serial_t __user *buffer;
|
||||
key_serial_t *buffer;
|
||||
};
|
||||
|
||||
static int keyring_read_iterator(const void *object, void *data)
|
||||
@ -479,7 +479,7 @@ static int keyring_read_iterator(const void *object, void *data)
|
||||
* times.
|
||||
*/
|
||||
static long keyring_read(const struct key *keyring,
|
||||
char __user *buffer, size_t buflen)
|
||||
char *buffer, size_t buflen)
|
||||
{
|
||||
struct keyring_read_iterator_context ctx;
|
||||
long ret;
|
||||
@ -491,7 +491,7 @@ static long keyring_read(const struct key *keyring,
|
||||
|
||||
/* Copy as many key IDs as fit into the buffer */
|
||||
if (buffer && buflen) {
|
||||
ctx.buffer = (key_serial_t __user *)buffer;
|
||||
ctx.buffer = (key_serial_t *)buffer;
|
||||
ctx.buflen = buflen;
|
||||
ctx.count = 0;
|
||||
ret = assoc_array_iterate(&keyring->keys,
|
||||
@ -881,7 +881,7 @@ found:
|
||||
*
|
||||
* Keys are matched to the type provided and are then filtered by the match
|
||||
* function, which is given the description to use in any way it sees fit. The
|
||||
* match function may use any attributes of a key that it wishes to to
|
||||
* match function may use any attributes of a key that it wishes to
|
||||
* determine the match. Normally the match function from the key type would be
|
||||
* used.
|
||||
*
|
||||
@ -1204,7 +1204,7 @@ static int keyring_detect_cycle_iterator(const void *object,
|
||||
}
|
||||
|
||||
/*
|
||||
* See if a cycle will will be created by inserting acyclic tree B in acyclic
|
||||
* See if a cycle will be created by inserting acyclic tree B in acyclic
|
||||
* tree A at the topmost level (ie: as a direct child of A).
|
||||
*
|
||||
* Since we are adding B to A at the top level, checking for cycles should just
|
||||
|
@ -783,6 +783,7 @@ try_again:
|
||||
if (need_perm != KEY_AUTHTOKEN_OVERRIDE &&
|
||||
need_perm != KEY_DEFER_PERM_CHECK)
|
||||
goto invalid_key;
|
||||
break;
|
||||
case 0:
|
||||
break;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user