Eric Lee / smarc-fsl-linux-kernel

31 May, 2019

1 commit

  • 2874c5fd2   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 ... Browse Code »

    Based on 1 normalized pattern(s):

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public license as published by
    the free software foundation either version 2 of the license or at
    your option any later version

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-or-later

    has been chosen to replace the boilerplate/reference in 3029 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Allison Randal
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

07 Apr, 2018

1 commit

  • 4fa8bc949   kbuild: rename *-asn1.[ch] to *.asn1.[ch] ... Browse Code »

    Our convention is to distinguish file types by suffixes with a period
    as a separator.

    *-asn1.[ch] is a different pattern from other generated sources such
    as *.lex.c, *.tab.[ch], *.dtb.S, etc. More confusing, files with
    '-asn1.[ch]' are generated files, but '_asn1.[ch]' are checked-in
    files:
    net/netfilter/nf_conntrack_h323_asn1.c
    include/linux/netfilter/nf_conntrack_h323_asn1.h
    include/linux/sunrpc/gss_asn1.h

    Rename generated files to *.asn1.[ch] for consistency.

    Signed-off-by: Masahiro Yamada

    Masahiro Yamada
     

29 Nov, 2017

1 commit

  • d2890c377   crypto: rsa - fix buffer overread when stripping leading zeroes ... Browse Code »

    In rsa_get_n(), if the buffer contained all 0's and "FIPS mode" is
    enabled, we would read one byte past the end of the buffer while
    scanning the leading zeroes. Fix it by checking 'n_sz' before '!*ptr'.

    This bug was reachable by adding a specially crafted key of type
    "asymmetric" (requires CONFIG_RSA and CONFIG_X509_CERTIFICATE_PARSER).

    KASAN report:

    BUG: KASAN: slab-out-of-bounds in rsa_get_n+0x19e/0x1d0 crypto/rsa_helper.c:33
    Read of size 1 at addr ffff88003501a708 by task keyctl/196

    CPU: 1 PID: 196 Comm: keyctl Not tainted 4.14.0-09238-g1d3b78bbc6e9 #26
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
    Call Trace:
    rsa_get_n+0x19e/0x1d0 crypto/rsa_helper.c:33
    asn1_ber_decoder+0x82a/0x1fd0 lib/asn1_decoder.c:328
    rsa_set_pub_key+0xd3/0x320 crypto/rsa.c:278
    crypto_akcipher_set_pub_key ./include/crypto/akcipher.h:364 [inline]
    pkcs1pad_set_pub_key+0xae/0x200 crypto/rsa-pkcs1pad.c:117
    crypto_akcipher_set_pub_key ./include/crypto/akcipher.h:364 [inline]
    public_key_verify_signature+0x270/0x9d0 crypto/asymmetric_keys/public_key.c:106
    x509_check_for_self_signed+0x2ea/0x480 crypto/asymmetric_keys/x509_public_key.c:141
    x509_cert_parse+0x46a/0x620 crypto/asymmetric_keys/x509_cert_parser.c:129
    x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174
    asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388
    key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850
    SYSC_add_key security/keys/keyctl.c:122 [inline]
    SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62
    entry_SYSCALL_64_fastpath+0x1f/0x96

    Allocated by task 196:
    __do_kmalloc mm/slab.c:3711 [inline]
    __kmalloc_track_caller+0x118/0x2e0 mm/slab.c:3726
    kmemdup+0x17/0x40 mm/util.c:118
    kmemdup ./include/linux/string.h:414 [inline]
    x509_cert_parse+0x2cb/0x620 crypto/asymmetric_keys/x509_cert_parser.c:106
    x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174
    asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388
    key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850
    SYSC_add_key security/keys/keyctl.c:122 [inline]
    SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62
    entry_SYSCALL_64_fastpath+0x1f/0x96

    Fixes: 5a7de97309f5 ("crypto: rsa - return raw integers for the ASN.1 parser")
    Cc: # v4.8+
    Cc: Tudor Ambarus
    Signed-off-by: Eric Biggers
    Reviewed-by: James Morris
    Reviewed-by: David Howells
    Signed-off-by: Herbert Xu

    Eric Biggers
     

24 Aug, 2016

1 commit

  • e09287dfe   crypto: rsa - allow keys >= 2048 bits in FIPS mode ... Browse Code »

    With a public notification, NIST now allows the use of RSA keys with a
    modulus >= 2048 bits. The new rule allows any modulus size >= 2048 bits
    provided that either 2048 or 3072 bits are supported at least so that
    the entire RSA implementation can be CAVS tested.

    This patch fixes the inability to boot the kernel in FIPS mode, because
    certs/x509.genkey defines a 4096 bit RSA key per default. This key causes
    the RSA signature verification to fail in FIPS mode without the patch
    below.

    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu

    Stephan Mueller
     

05 Jul, 2016

1 commit

15 Jun, 2016

1 commit

  • 5a7de9730   crypto: rsa - return raw integers for the ASN.1 parser ... Browse Code »

    Return the raw key with no other processing so that the caller
    can copy it or MPI parse it, etc.

    The scope is to have only one ANS.1 parser for all RSA
    implementations.

    Update the RSA software implementation so that it does
    the MPI conversion on top.

    Signed-off-by: Tudor Ambarus
    Signed-off-by: Herbert Xu

    Tudor Ambarus
     

14 Oct, 2015

1 commit

  • 22287b0b5   crypto: akcipher - Changes to asymmetric key API ... Browse Code »

    Setkey function has been split into set_priv_key and set_pub_key.
    Akcipher requests takes sgl for src and dst instead of void *.
    Users of the API i.e. two existing RSA implementation and
    test mgr code have been updated accordingly.

    Signed-off-by: Tadeusz Struk
    Signed-off-by: Herbert Xu

    Tadeusz Struk
     

21 Jul, 2015

1 commit

17 Jun, 2015

1 commit