[PATCH] libimaevm: get key description out of verbose condition

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] libimaevm: get key description out of verbose condition
@ 2018-11-30 20:04 Bruno E. O. Meneguele
  2018-11-30 20:12 ` Bruno E. O. Meneguele
  0 siblings, 1 reply; 2+ messages in thread
From: Bruno E. O. Meneguele @ 2018-11-30 20:04 UTC (permalink / raw)
  To: linux-integrity; +Cc: zohar, dmitry.kasatkin

Key description in keyring is being filled with memory garbage during import
process if the LOG_LEVEL is not satisfied (using '-vv').

Testing in kernels without trusted keyring support, and importing a v1 (RSA) key
pair, the kernel fails to find the key since it looks for the key description,
which is not found due to this issue:

    "digsig: key not found, id: DD0558FEB7DDBD26"

Looking at:
    # keyctl show
    Session Keyring
     635748007 --alswrv      0     0  keyring: _ses
     673181018 --alswrv      0 65534   \_ keyring: _uid.0
     360651479 --alswrv      0     0       \_ keyring: _ima
     499360916 --alswrv      0     0       |   \_ user: .N=
     266933436 --alswrv      0     0       |   \_ user: B641632DA94DEE26

Key id 499360916 and 266933436 are both the same key, but the first was added
without '-vv' in the command line, while the second one was using it.

Signed-off-by: Bruno E. O. Meneguele <bmeneg@redhat.com>
---
 src/libimaevm.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/libimaevm.c b/src/libimaevm.c
index 6fa0ed4..b6f9b9f 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -672,12 +672,11 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len
 	memcpy(keyid, sha1 + 12, 8);
 	log_debug("keyid: ");
 	log_debug_dump(keyid, 8);
+	id = __be64_to_cpup((__be64 *) keyid);
+	sprintf(str, "%llX", (unsigned long long)id);
 
-	if (params.verbose > LOG_INFO) {
-		id = __be64_to_cpup((__be64 *) keyid);
-		sprintf(str, "%llX", (unsigned long long)id);
+	if (params.verbose > LOG_INFO)
 		log_info("keyid-v1: %s\n", str);
-	}
 }
 
 void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
@@ -694,11 +693,10 @@ void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
 	memcpy(keyid, sha1 + 16, 4);
 	log_debug("keyid: ");
 	log_debug_dump(keyid, 4);
+	sprintf(str, "%x", __be32_to_cpup(keyid));
 
-	if (params.verbose > LOG_INFO) {
-		sprintf(str, "%x", __be32_to_cpup(keyid));
+	if (params.verbose > LOG_INFO)
 		log_info("keyid: %s\n", str);
-	}
 
 	free(pkey);
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] libimaevm: get key description out of verbose condition
  2018-11-30 20:04 [PATCH] libimaevm: get key description out of verbose condition Bruno E. O. Meneguele
@ 2018-11-30 20:12 ` Bruno E. O. Meneguele
  0 siblings, 0 replies; 2+ messages in thread
From: Bruno E. O. Meneguele @ 2018-11-30 20:12 UTC (permalink / raw)
  To: linux-integrity; +Cc: zohar, dmitry.kasatkin

[-- Attachment #1: Type: text/plain, Size: 2504 bytes --]

Ignore this patch, forgot to add "ima-evm-utils" as a prefix in the
subject line. I already sent a new patch with the correction.

Sorry for the noise.

On Fri, Nov 30, 2018 at 06:04:11PM -0200, Bruno E. O. Meneguele wrote:
> Key description in keyring is being filled with memory garbage during import
> process if the LOG_LEVEL is not satisfied (using '-vv').
> 
> Testing in kernels without trusted keyring support, and importing a v1 (RSA) key
> pair, the kernel fails to find the key since it looks for the key description,
> which is not found due to this issue:
> 
>     "digsig: key not found, id: DD0558FEB7DDBD26"
> 
> Looking at:
>     # keyctl show
>     Session Keyring
>      635748007 --alswrv      0     0  keyring: _ses
>      673181018 --alswrv      0 65534   \_ keyring: _uid.0
>      360651479 --alswrv      0     0       \_ keyring: _ima
>      499360916 --alswrv      0     0       |   \_ user: .N=
>      266933436 --alswrv      0     0       |   \_ user: B641632DA94DEE26
> 
> Key id 499360916 and 266933436 are both the same key, but the first was added
> without '-vv' in the command line, while the second one was using it.
> 
> Signed-off-by: Bruno E. O. Meneguele <bmeneg@redhat.com>
> ---
>  src/libimaevm.c | 12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> index 6fa0ed4..b6f9b9f 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> @@ -672,12 +672,11 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len
>  	memcpy(keyid, sha1 + 12, 8);
>  	log_debug("keyid: ");
>  	log_debug_dump(keyid, 8);
> +	id = __be64_to_cpup((__be64 *) keyid);
> +	sprintf(str, "%llX", (unsigned long long)id);
>  
> -	if (params.verbose > LOG_INFO) {
> -		id = __be64_to_cpup((__be64 *) keyid);
> -		sprintf(str, "%llX", (unsigned long long)id);
> +	if (params.verbose > LOG_INFO)
>  		log_info("keyid-v1: %s\n", str);
> -	}
>  }
>  
>  void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
> @@ -694,11 +693,10 @@ void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
>  	memcpy(keyid, sha1 + 16, 4);
>  	log_debug("keyid: ");
>  	log_debug_dump(keyid, 4);
> +	sprintf(str, "%x", __be32_to_cpup(keyid));
>  
> -	if (params.verbose > LOG_INFO) {
> -		sprintf(str, "%x", __be32_to_cpup(keyid));
> +	if (params.verbose > LOG_INFO)
>  		log_info("keyid: %s\n", str);
> -	}
>  
>  	free(pkey);
>  }
> -- 
> 2.19.1
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2018-11-30 20:12 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-11-30 20:04 [PATCH] libimaevm: get key description out of verbose condition Bruno E. O. Meneguele
2018-11-30 20:12 ` Bruno E. O. Meneguele

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.