1. 07 Apr, 2018 1 commit
    • Masahiro Yamada's avatar
      kbuild: rename *-asn1.[ch] to *.asn1.[ch] · 4fa8bc94
      Masahiro Yamada authored
      Our convention is to distinguish file types by suffixes with a period
      as a separator.
      
      *-asn1.[ch] is a different pattern from other generated sources such
      as *.lex.c, *.tab.[ch], *.dtb.S, etc.  More confusing, files with
      '-asn1.[ch]' are generated files, but '_asn1.[ch]' are checked-in
      files:
        net/netfilter/nf_conntrack_h323_asn1.c
        include/linux/netfilter/nf_conntrack_h323_asn1.h
        include/linux/sunrpc/gss_asn1.h
      
      Rename generated files to *.asn1.[ch] for consistency.
      Signed-off-by: 's avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      4fa8bc94
  2. 29 Nov, 2017 1 commit
    • Eric Biggers's avatar
      crypto: rsa - fix buffer overread when stripping leading zeroes · d2890c37
      Eric Biggers authored
      In rsa_get_n(), if the buffer contained all 0's and "FIPS mode" is
      enabled, we would read one byte past the end of the buffer while
      scanning the leading zeroes.  Fix it by checking 'n_sz' before '!*ptr'.
      
      This bug was reachable by adding a specially crafted key of type
      "asymmetric" (requires CONFIG_RSA and CONFIG_X509_CERTIFICATE_PARSER).
      
      KASAN report:
      
          BUG: KASAN: slab-out-of-bounds in rsa_get_n+0x19e/0x1d0 crypto/rsa_helper.c:33
          Read of size 1 at addr ffff88003501a708 by task keyctl/196
      
          CPU: 1 PID: 196 Comm: keyctl Not tainted 4.14.0-09238-g1d3b78bb #26
          Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
          Call Trace:
           rsa_get_n+0x19e/0x1d0 crypto/rsa_helper.c:33
           asn1_ber_decoder+0x82a/0x1fd0 lib/asn1_decoder.c:328
           rsa_set_pub_key+0xd3/0x320 crypto/rsa.c:278
           crypto_akcipher_set_pub_key ./include/crypto/akcipher.h:364 [inline]
           pkcs1pad_set_pub_key+0xae/0x200 crypto/rsa-pkcs1pad.c:117
           crypto_akcipher_set_pub_key ./include/crypto/akcipher.h:364 [inline]
           public_key_verify_signature+0x270/0x9d0 crypto/asymmetric_keys/public_key.c:106
           x509_check_for_self_signed+0x2ea/0x480 crypto/asymmetric_keys/x509_public_key.c:141
           x509_cert_parse+0x46a/0x620 crypto/asymmetric_keys/x509_cert_parser.c:129
           x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174
           asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388
           key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850
           SYSC_add_key security/keys/keyctl.c:122 [inline]
           SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62
           entry_SYSCALL_64_fastpath+0x1f/0x96
      
          Allocated by task 196:
           __do_kmalloc mm/slab.c:3711 [inline]
           __kmalloc_track_caller+0x118/0x2e0 mm/slab.c:3726
           kmemdup+0x17/0x40 mm/util.c:118
           kmemdup ./include/linux/string.h:414 [inline]
           x509_cert_parse+0x2cb/0x620 crypto/asymmetric_keys/x509_cert_parser.c:106
           x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174
           asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388
           key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850
           SYSC_add_key security/keys/keyctl.c:122 [inline]
           SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62
           entry_SYSCALL_64_fastpath+0x1f/0x96
      
      Fixes: 5a7de973 ("crypto: rsa - return raw integers for the ASN.1 parser")
      Cc: <stable@vger.kernel.org> # v4.8+
      Cc: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
      Signed-off-by: 's avatarEric Biggers <ebiggers@google.com>
      Reviewed-by: 's avatarJames Morris <james.l.morris@oracle.com>
      Reviewed-by: 's avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      d2890c37
  3. 24 Aug, 2016 1 commit
    • Stephan Mueller's avatar
      crypto: rsa - allow keys >= 2048 bits in FIPS mode · e09287df
      Stephan Mueller authored
      With a public notification, NIST now allows the use of RSA keys with a
      modulus >= 2048 bits. The new rule allows any modulus size >= 2048 bits
      provided that either 2048 or 3072 bits are supported at least so that
      the entire RSA implementation can be CAVS tested.
      
      This patch fixes the inability to boot the kernel in FIPS mode, because
      certs/x509.genkey defines a 4096 bit RSA key per default. This key causes
      the RSA signature verification to fail in FIPS mode without the patch
      below.
      Signed-off-by: 's avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      e09287df
  4. 05 Jul, 2016 1 commit
  5. 15 Jun, 2016 1 commit
  6. 14 Oct, 2015 1 commit
  7. 21 Jul, 2015 1 commit
  8. 17 Jun, 2015 1 commit