[GIT PULL] KEYS fixes

[GIT PULL] KEYS fixes

[James Morris]

Please pull these fixes for the keys code.

>From David Howells:

" Here are three miscellaneous fixes:

 (1) Fix a panic in some debugging code in PKCS#7.  This can only happen 
     by explicitly inserting a #define DEBUG into the code.

 (2) Fix the calculation of the digest length in the PE file parser.  This
     causes a failure where there should be a success.

 (3) Fix the case where an X.509 cert can be added as an asymmetric key to
     a trusted keyring with no trust restriction if no AKID is supplied.

  Bugs (1) and (2) aren't particularly problematic, but (3) allows a 
  security check to be bypassed.  Bug (3) is added since the 4.6 kernel. "



The following changes since commit 47ef4ad2684d380dd6d596140fb79395115c3950:

  Merge tag 'for-linus-20160715' of git://git.infradead.org/linux-mtd (2016-07-16 09:53:34 +0900)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus

Lans Zhang (2):
      PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined
      pefile: Fix the failure of calculation for digest

Mat Martineau (1):
      KEYS: Fix for erroneous trust of incorrectly signed X.509 certs

 crypto/asymmetric_keys/mscode_parser.c |    7 ++++++-
 crypto/asymmetric_keys/pkcs7_verify.c  |    2 +-
 crypto/asymmetric_keys/restrict.c      |    2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

[GIT PULL] Keys fixes

[James Morris]

Please pull these fixes from David Howells:


 (1) Fix a buffer overflow when displaying /proc/keys [CVE-2016-7042].

 (2) Fix broken initialisation in the big_key implementation that can
     result in an oops.

 (3) Make big_key depend on having a random number generator available in
     Kconfig.

---

The following changes since commit 9fe68cad6e74967b88d0c6aeca7d9cd6b6e91942:

  Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 (2016-10-24 21:34:13 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus

Artem Savkov (1):
      security/keys: make BIG_KEYS dependent on stdrng.

David Howells (2):
      KEYS: Fix short sprintf buffer in /proc/keys show function
      KEYS: Sort out big_key initialisation

 security/keys/Kconfig   |    2 +-
 security/keys/big_key.c |   59 +++++++++++++++++++++++++---------------------
 security/keys/proc.c    |    2 +-
 3 files changed, 34 insertions(+), 29 deletions(-)

[GIT PULL] Keys fixes

[James Morris]

Please pull these fixes for the keys code.

>From David:

" (1) Fix mpi_powm()'s handling of a number with a zero exponent 
[CVE-2016-8650].

 (2) Fix double free in X.509 error handling.

Ver #3:

 - Integrate my and Andrey's patches for mpi_powm() and use mpi_resize()
   instead of RESIZE_IF_NEEDED() - the latter adds a duplicate check into
   the execution path of a trivial case we don't normally expect to be
   taken.

Ver #2:

 - Use RESIZE_IF_NEEDED() to conditionally resize the result rather than
   manually doing this. "


The following changes since commit 16ae16c6e5616c084168740990fc508bda6655d4:

  Merge tag 'mmc-v4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc (2016-11-24 10:51:18 -0800)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus

Andrey Ryabinin (2):
      X.509: Fix double free in x509_cert_parse() [ver #3]
      mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]

 crypto/asymmetric_keys/x509_cert_parser.c |    1 -
 lib/mpi/mpi-pow.c                         |    7 ++++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

[GIT PULL] KEYS: Fixes

[David Howells]

Hi James,

Can you pull this collection of fixes for Linux keyrings and pass them along
to Linus.  They include:

 (1) Fix a bunch of places where kernel drivers may access revoked user-type
     keys and don't do it correctly.

 (2) Fix some ecryptfs bits.

 (3) Fix big_key to require CONFIG_CRYPTO.

 (4) Fix a couple of bugs in the asymmetric key type.

 (5) Fix a race between updating and finding negative keys.

 (6) Prevent add_key() from updating uninstantiated keys.

 (7) Make loading of key flags and expiry time atomic when not holding locks.

The patches can be found here also:

	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes

Tagged thusly:

	git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
	keys-fixes-20171017

Thanks,
David
---
The following changes since commit 9e66317d3c92ddaab330c125dfe9d06eee268aff:

  Linux 4.14-rc3 (2017-10-01 14:54:54 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20171017

for you to fetch changes up to 3580759723c16ec68e71fd1269909f56d2a4866a:

  pkcs7: Prevent NULL pointer dereference, since sinfo is not always set. (2017-10-17 23:25:35 +0100)

----------------------------------------------------------------
Keyrings fixes

----------------------------------------------------------------
Arnd Bergmann (1):
      security/keys: BIG_KEY requires CONFIG_CRYPTO

Chun-Yi Lee (2):
      KEYS: Fix the wrong index when checking the existence of second id
      KEYS: checking the input id parameters before finding asymmetric key

David Howells (2):
      KEYS: Fix race between updating and finding a negative key
      KEYS: don't let add_key() update an uninstantiated key

Eric Biggers (10):
      KEYS: encrypted: fix dereference of NULL user_key_payload
      FS-Cache: fix dereference of NULL user_key_payload
      lib/digsig: fix dereference of NULL user_key_payload
      fscrypt: fix dereference of NULL user_key_payload
      ecryptfs: fix dereference of NULL user_key_payload
      ecryptfs: fix out-of-bounds read of key payload
      ecryptfs: move key payload accessor functions into keystore.c
      KEYS: load key flags and expiry time atomically in key_validate()
      KEYS: Load key expiry time atomically in keyring_search_iterator()
      KEYS: load key flags and expiry time atomically in proc_keys_show()

Eric Sesterhenn (1):
      pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.

 crypto/asymmetric_keys/asymmetric_type.c |  4 +-
 crypto/asymmetric_keys/pkcs7_parser.c    |  3 ++
 fs/crypto/keyinfo.c                      |  5 +++
 fs/ecryptfs/ecryptfs_kernel.h            | 44 -------------------
 fs/ecryptfs/keystore.c                   | 73 +++++++++++++++++++++++++++++++-
 fs/fscache/object-list.c                 |  7 +++
 include/linux/key.h                      | 47 ++++++++++++--------
 lib/digsig.c                             |  6 +++
 net/dns_resolver/dns_key.c               |  2 +-
 security/keys/Kconfig                    |  1 +
 security/keys/big_key.c                  |  4 +-
 security/keys/encrypted-keys/encrypted.c |  9 +++-
 security/keys/gc.c                       |  8 ++--
 security/keys/key.c                      | 41 +++++++++++++-----
 security/keys/keyctl.c                   |  9 ++--
 security/keys/keyring.c                  | 14 +++---
 security/keys/permission.c               |  7 +--
 security/keys/proc.c                     | 31 ++++++++------
 security/keys/process_keys.c             |  2 +-
 security/keys/request_key.c              |  7 ++-
 security/keys/request_key_auth.c         |  2 +-
 security/keys/trusted.c                  |  2 +-
 security/keys/user_defined.c             |  4 +-
 23 files changed, 215 insertions(+), 117 deletions(-)

Re: [GIT PULL] KEYS: Fixes

[Eric Biggers]

+Cc tyhicks@canonical.com

Hi David,

On Tue, Oct 17, 2017 at 11:57:33PM +0100, David Howells wrote:
> 
>  (2) Fix some ecryptfs bits.

Sorry for the late notice, but just looking at it again I think the patch
"ecryptfs: fix out-of-bounds read of key payload" is broken because the
->private_key is of variable-length.  See
ecryptfs_add_key_module_key_to_keyring() in ecryptfs-utils.

So can you please drop the following two patches:

	ecryptfs: fix out-of-bounds read of key payload
	ecryptfs: move key payload accessor functions into keystore.c

I'll fix them and try to get Tyler Hicks to take them through the ecryptfs tree
later instead.

Eric

[GIT PULL] KEYS: Fixes

[David Howells]

Hi James,

Can you pull this collection of fixes for Linux keyrings and pass them along
to Linus.  They include:

 (1) Fix a bunch of places where kernel drivers may access revoked user-type
     keys and don't do it correctly.

 (2) Fix some ecryptfs bits.

 (3) Fix big_key to require CONFIG_CRYPTO.

 (4) Fix a couple of bugs in the asymmetric key type.

 (5) Fix a race between updating and finding negative keys.

 (6) Prevent add_key() from updating uninstantiated keys.

 (7) Make loading of key flags and expiry time atomic when not holding locks.

Note that I've removed the two patches that Eric asked me to.

Thanks,
David
---
The following changes since commit 9e66317d3c92ddaab330c125dfe9d06eee268aff:

  Linux 4.14-rc3 (2017-10-01 14:54:54 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20171018

for you to fetch changes up to 68a1fdbbf8bd3378325e45c19e167a165f9ffc3a:

  pkcs7: Prevent NULL pointer dereference, since sinfo is not always set. (2017-10-18 09:12:41 +0100)

----------------------------------------------------------------
Keyrings fixes

----------------------------------------------------------------
Arnd Bergmann (1):
      security/keys: BIG_KEY requires CONFIG_CRYPTO

Chun-Yi Lee (2):
      KEYS: Fix the wrong index when checking the existence of second id
      KEYS: checking the input id parameters before finding asymmetric key

David Howells (2):
      KEYS: Fix race between updating and finding a negative key
      KEYS: don't let add_key() update an uninstantiated key

Eric Biggers (8):
      KEYS: encrypted: fix dereference of NULL user_key_payload
      FS-Cache: fix dereference of NULL user_key_payload
      lib/digsig: fix dereference of NULL user_key_payload
      fscrypt: fix dereference of NULL user_key_payload
      ecryptfs: fix dereference of NULL user_key_payload
      KEYS: load key flags and expiry time atomically in key_validate()
      KEYS: Load key expiry time atomically in keyring_search_iterator()
      KEYS: load key flags and expiry time atomically in proc_keys_show()

Eric Sesterhenn (1):
      pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.

 crypto/asymmetric_keys/asymmetric_type.c |  4 ++-
 crypto/asymmetric_keys/pkcs7_parser.c    |  3 ++
 fs/crypto/keyinfo.c                      |  5 ++++
 fs/ecryptfs/ecryptfs_kernel.h            | 24 +++++++++++-----
 fs/ecryptfs/keystore.c                   |  9 +++++-
 fs/fscache/object-list.c                 |  7 +++++
 include/linux/key.h                      | 47 ++++++++++++++++++++------------
 lib/digsig.c                             |  6 ++++
 net/dns_resolver/dns_key.c               |  2 +-
 security/keys/Kconfig                    |  1 +
 security/keys/big_key.c                  |  4 +--
 security/keys/encrypted-keys/encrypted.c |  9 +++++-
 security/keys/gc.c                       |  8 +++---
 security/keys/key.c                      | 41 ++++++++++++++++++++--------
 security/keys/keyctl.c                   |  9 +++---
 security/keys/keyring.c                  | 14 ++++++----
 security/keys/permission.c               |  7 +++--
 security/keys/proc.c                     | 31 +++++++++++++--------
 security/keys/process_keys.c             |  2 +-
 security/keys/request_key.c              |  7 ++---
 security/keys/request_key_auth.c         |  2 +-
 security/keys/trusted.c                  |  2 +-
 security/keys/user_defined.c             |  4 +--
 23 files changed, 168 insertions(+), 80 deletions(-)