Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.19.11 2025-11-27T21:50:20+00:00 2025-11-27T21:50:20+00:00 Thorsten Blum thorsten.blum@linux.dev 2025-10-13T15:26:28+00:00 urn:sha1:a0a76e3f8d9a0da679ea721decd26f8951eb2110 strncpy() is deprecated for NUL-terminated destination buffers; use strscpy_pad() instead to retain the NUL-padding behavior of strncpy(). The destination buffer is initialized using kzalloc() with a 'signature' size of ECRYPTFS_PASSWORD_SIG_SIZE + 1. strncpy() then copies up to ECRYPTFS_PASSWORD_SIG_SIZE bytes from 'key_desc', NUL-padding any remaining bytes if needed, but expects the last byte to be zero. strscpy_pad() also copies the source string to 'signature', and NUL-pads the destination buffer if needed, but ensures it's always NUL-terminated without relying on it being zero-initialized. strscpy_pad() automatically determines the size of the fixed-length destination buffer via sizeof() when the optional size argument is omitted, making an explicit size unnecessary. In encrypted_init(), the source string 'key_desc' is validated by valid_ecryptfs_desc() before calling ecryptfs_fill_auth_tok(), and is therefore NUL-terminated and satisfies the __must_be_cstr() requirement of strscpy_pad(). Link: https://github.com/KSPP/linux/issues/90 Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Reviewed-by: Kees Cook <kees@kernel.org> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 2025-11-27T21:50:20+00:00 Thorsten Blum thorsten.blum@linux.dev 2025-10-11T14:48:24+00:00 urn:sha1:58b46219bfcf1906b795307372b0d50d65115026 The local variables 'size_t datalen' are unsigned and cannot be less than zero. Remove the redundant conditions. Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 2025-10-04T14:25:35+00:00 Eric Biggers ebiggers@kernel.org 2025-09-15T18:14:43+00:00 urn:sha1:9b8d24a49fe83787208479d51f320cead25e856c Instead of the "sha256" crypto_shash, just use sha256(). Similarly, instead of the "hmac(sha256)" crypto_shash, just use hmac_sha256_usingrawkey(). This is simpler and faster. Signed-off-by: Eric Biggers <ebiggers@kernel.org> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 2024-07-01T14:16:54+00:00 Jeff Johnson quic_jjohnson@quicinc.com 2024-06-07T01:47:07+00:00 urn:sha1:84edd7adcc9de7c37d1d5f856601aa159a184c74 During kbuild, with W=1, modpost will warn when a module doesn't have a MODULE_DESCRIPTION(). The encrypted-keys module does not have a MODULE_DESCRIPTION(). But currently, even with an allmodconfig configuration, this module is built-in, and as a result, kbuild does not currently warn about the missing MODULE_DESCRIPTION(). However, just in case it is built as a module in the future, add the missing MODULE_DESCRIPTION() macro invocation. Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 2024-01-24T21:11:59+00:00 Mimi Zohar zohar@linux.ibm.com 2024-01-24T19:21:44+00:00 urn:sha1:1ed4b563100230ea68821a2b25a3d9f25388a3e6 This reverts commit b4af096b5df5dd131ab796c79cedc7069d8f4882. New encrypted keys are created either from kernel-generated random numbers or user-provided decrypted data. Revert the change requiring user-provided decrypted data. Reported-by: Vishal Verma <vishal.l.verma@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 2023-11-27T17:44:47+00:00 Chen Ni nichen@iscas.ac.cn 2023-11-08T07:36:27+00:00 urn:sha1:b4af096b5df5dd131ab796c79cedc7069d8f4882 Add check for strsep() in order to transfer the error. Fixes: cd3bc044af48 ("KEYS: encrypted: Instantiate key with user-provided decrypted data") Signed-off-by: Chen Ni <nichen@iscas.ac.cn> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 2023-09-15T10:30:43+00:00 Herbert Xu herbert@gondor.apana.org.au 2023-08-22T09:38:49+00:00 urn:sha1:fb3bc06ad85e5b1f1d8616607beca4649c9d75f4 The header file crypto/algapi.h is for internal use only. Use the header file crypto/utils.h instead. Acked-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-10-19T17:01:23+00:00 Nikolaus Voss nikolaus.voss@haag-streit.com 2022-10-19T16:38:20+00:00 urn:sha1:5adedd42245af0860ebda8fe0949f24f5204c1b1 Commit cd3bc044af48 ("KEYS: encrypted: Instantiate key with user-provided decrypted data") added key instantiation with user provided decrypted data. The user data is hex-ascii-encoded but was just memcpy'ed to the binary buffer. Fix this to use hex2bin instead. Old keys created from user provided decrypted data saved with "keyctl pipe" are still valid, however if the key is recreated from decrypted data the old key must be converted to the correct format. This can be done with a small shell script, e.g.: BROKENKEY=abcdefABCDEF1234567890aaaaaaaaaa NEWKEY=$(echo -ne $BROKENKEY | xxd -p -c32) keyctl add user masterkey "$(cat masterkey.bin)" @u keyctl add encrypted testkey "new user:masterkey 32 $NEWKEY" @u However, NEWKEY is still broken: If for BROKENKEY 32 bytes were specified, a brute force attacker knowing the key properties would only need to try at most 2^(16*8) keys, as if the key was only 16 bytes long. The security issue is a result of the combination of limiting the input range to hex-ascii and using memcpy() instead of hex2bin(). It could have been fixed either by allowing binary input or using hex2bin() (and doubling the ascii input key length). This patch implements the latter. The corresponding test for the Linux Test Project ltp has also been fixed (see link below). Fixes: cd3bc044af48 ("KEYS: encrypted: Instantiate key with user-provided decrypted data") Cc: stable@kernel.org Link: https://lore.kernel.org/ltp/20221006081709.92303897@mail.steuer-voss.de/ Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Nikolaus Voss <nikolaus.voss@haag-streit.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 2022-02-22T00:47:45+00:00 Yael Tzur yaelt@google.com 2022-02-15T14:19:53+00:00 urn:sha1:cd3bc044af483422cc81a93f23c78c20c978b17c For availability and performance reasons master keys often need to be released outside of a Key Management Service (KMS) to clients. It would be beneficial to provide a mechanism where the wrapping/unwrapping of data encryption keys (DEKs) is not dependent on a remote call at runtime yet security is not (or only minimally) compromised. Master keys could be securely stored in the Kernel and be used to wrap/unwrap keys from Userspace. The encrypted.c class supports instantiation of encrypted keys with either an already-encrypted key material, or by generating new key material based on random numbers. This patch defines a new datablob format: [<format>] <master-key name> <decrypted data length> <decrypted data> that allows to inject and encrypt user-provided decrypted data. The decrypted data must be hex-ascii encoded. Signed-off-by: Yael Tzur <yaelt@google.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 2020-11-20T03:45:33+00:00 Eric Biggers ebiggers@google.com 2020-11-13T05:20:21+00:00 urn:sha1:a24d22b225ce158651378869a6b88105c4bdb887 Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2, and <crypto/sha3.h> contains declarations for SHA-3. This organization is inconsistent, but more importantly SHA-1 is no longer considered to be cryptographically secure. So to the extent possible, SHA-1 shouldn't be grouped together with any of the other SHA versions, and usage of it should be phased out. Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and <crypto/sha2.h>, and make everyone explicitly specify whether they want the declarations for SHA-1, SHA-2, or both. This avoids making the SHA-1 declarations visible to files that don't want anything to do with SHA-1. It also prepares for potentially moving sha1.h into a new insecure/ or dangerous/ directory. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>