Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 494b9ae7 authored by James Morris's avatar James Morris
Browse files

Merge commit 'tags/keys-fixes-20171018' into fixes-v4.14-rc5

parents 73d3393a 68a1fdbb

crypto/asymmetric_keys/asymmetric_type.c

+3 −1
Original line number Diff line number Diff line
@@ -57,6 +57,8 @@ struct key *find_asymmetric_key(struct key *keyring, 
	char *req, *p;

	int len;



	BUG_ON(!id_0 && !id_1);



	if (id_0) {

		lookup = id_0->data;

		len = id_0->len;
@@ -105,7 +107,7 @@ struct key *find_asymmetric_key(struct key *keyring, 
	if (id_0 && id_1) {

		const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);



		if (!kids->id[0]) {

		if (!kids->id[1]) {

			pr_debug("First ID matches, but second is missing\n");

			goto reject;

		}

crypto/asymmetric_keys/pkcs7_parser.c

+3 −0
Original line number Diff line number Diff line
@@ -88,6 +88,9 @@ static int pkcs7_check_authattrs(struct pkcs7_message *msg) 
	bool want = false;



	sinfo = msg->signed_infos;

	if (!sinfo)

		goto inconsistent;



	if (sinfo->authattrs) {

		want = true;

		msg->have_authattrs = true;

fs/crypto/keyinfo.c

+5 −0
Original line number Diff line number Diff line
@@ -109,6 +109,11 @@ static int validate_user_key(struct fscrypt_info *crypt_info, 
		goto out;

	}

	ukp = user_key_payload_locked(keyring_key);

	if (!ukp) {

		/* key was revoked before we acquired its semaphore */

		res = -EKEYREVOKED;

		goto out;

	}

	if (ukp->datalen != sizeof(struct fscrypt_key)) {

		res = -EINVAL;

		goto out;

fs/ecryptfs/ecryptfs_kernel.h

+17 −7
Original line number Diff line number Diff line
@@ -84,11 +84,16 @@ struct ecryptfs_page_crypt_context { 
static inline struct ecryptfs_auth_tok *

ecryptfs_get_encrypted_key_payload_data(struct key *key)

{

	if (key->type == &key_type_encrypted)

		return (struct ecryptfs_auth_tok *)

			(&((struct encrypted_key_payload *)key->payload.data[0])->payload_data);

	else

	struct encrypted_key_payload *payload;



	if (key->type != &key_type_encrypted)

		return NULL;



	payload = key->payload.data[0];

	if (!payload)

		return ERR_PTR(-EKEYREVOKED);



	return (struct ecryptfs_auth_tok *)payload->payload_data;

}



static inline struct key *ecryptfs_get_encrypted_key(char *sig)
@@ -114,12 +119,17 @@ static inline struct ecryptfs_auth_tok * 
ecryptfs_get_key_payload_data(struct key *key)

{

	struct ecryptfs_auth_tok *auth_tok;

	struct user_key_payload *ukp;



	auth_tok = ecryptfs_get_encrypted_key_payload_data(key);

	if (!auth_tok)

		return (struct ecryptfs_auth_tok *)user_key_payload_locked(key)->data;

	else

	if (auth_tok)

		return auth_tok;



	ukp = user_key_payload_locked(key);

	if (!ukp)

		return ERR_PTR(-EKEYREVOKED);



	return (struct ecryptfs_auth_tok *)ukp->data;

}



#define ECRYPTFS_MAX_KEYSET_SIZE 1024

fs/ecryptfs/keystore.c

+8 −1
Original line number Diff line number Diff line
@@ -459,7 +459,8 @@ static int ecryptfs_verify_version(u16 version) 
 * @auth_tok_key: key containing the authentication token

 * @auth_tok: authentication token

 *

 * Returns zero on valid auth tok; -EINVAL otherwise

 * Returns zero on valid auth tok; -EINVAL if the payload is invalid; or

 * -EKEYREVOKED if the key was revoked before we acquired its semaphore.

 */

static int

ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key,
@@ -468,6 +469,12 @@ ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key, 
	int rc = 0;



	(*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key);

	if (IS_ERR(*auth_tok)) {

		rc = PTR_ERR(*auth_tok);

		*auth_tok = NULL;

		goto out;

	}



	if (ecryptfs_verify_version((*auth_tok)->version)) {

		printk(KERN_ERR "Data structure version mismatch. Userspace "

		       "tools must match eCryptfs kernel module with major "