From: <gregkh@linuxfoundation.org>
To: asavkov@redhat.com, dhowells@redhat.com,
gregkh@linuxfoundation.org, james.l.morris@oracle.com,
k.marinushkin@gmail.com, smueller@chronox.de
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "security/keys: make BIG_KEYS dependent on stdrng." has been added to the 4.8-stable tree
Date: Mon, 07 Nov 2016 17:24:25 +0100 [thread overview]
Message-ID: <1478535865115161@kroah.com> (raw)
This is a note to let you know that I've just added the patch titled
security/keys: make BIG_KEYS dependent on stdrng.
to the 4.8-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
security-keys-make-big_keys-dependent-on-stdrng.patch
and it can be found in the queue-4.8 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 31e6ec4519c0fe0ee4a2f6ba3ab278e9506b9500 Mon Sep 17 00:00:00 2001
From: Artem Savkov <asavkov@redhat.com>
Date: Wed, 26 Oct 2016 15:02:09 +0100
Subject: security/keys: make BIG_KEYS dependent on stdrng.
From: Artem Savkov <asavkov@redhat.com>
commit 31e6ec4519c0fe0ee4a2f6ba3ab278e9506b9500 upstream.
Since BIG_KEYS can't be compiled as module it requires one of the "stdrng"
providers to be compiled into kernel. Otherwise big_key_crypto_init() fails
on crypto_alloc_rng step and next dereference of big_key_skcipher (e.g. in
big_key_preparse()) results in a NULL pointer dereference.
Fixes: 13100a72f40f5748a04017e0ab3df4cf27c809ef ('Security: Keys: Big keys stored encrypted')
Signed-off-by: Artem Savkov <asavkov@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Stephan Mueller <smueller@chronox.de>
cc: Kirill Marinushkin <k.marinushkin@gmail.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/keys/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -41,7 +41,7 @@ config BIG_KEYS
bool "Large payload keys"
depends on KEYS
depends on TMPFS
- select CRYPTO
+ depends on (CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y)
select CRYPTO_AES
select CRYPTO_ECB
select CRYPTO_RNG
Patches currently in stable-queue which might be from asavkov@redhat.com are
queue-4.8/security-keys-make-big_keys-dependent-on-stdrng.patch
queue-4.8/keys-sort-out-big_key-initialisation.patch
reply other threads:[~2016-11-07 16:26 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1478535865115161@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=asavkov@redhat.com \
--cc=dhowells@redhat.com \
--cc=james.l.morris@oracle.com \
--cc=k.marinushkin@gmail.com \
--cc=smueller@chronox.de \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).