projects / openwrt / staging / blogic.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d636bd9) | patch
KEYS: encrypted: avoid encrypting/decrypting stack buffers
authorEric Biggers <[email protected]>
Thu, 8 Jun 2017 13:48:10 +0000 (14:48 +0100)
committerJames Morris <[email protected]>
Fri, 9 Jun 2017 03:29:46 +0000 (13:29 +1000)
commite9ff56ac352446f55141aaef1553cee662b2e310
tree73e26cc1d669007442c1fb4c22eec12da2ac77aatree | snapshot
parentd636bd9f12a66ea3775c9fabbf3f8e118253467acommit | diff
KEYS: encrypted: avoid encrypting/decrypting stack buffers

Since v4.9, the crypto API cannot (normally) be used to encrypt/decrypt
stack buffers because the stack may be virtually mapped.  Fix this for
the padding buffers in encrypted-keys by using ZERO_PAGE for the
encryption padding and by allocating a temporary heap buffer for the
decryption padding.

Tested with CONFIG_DEBUG_SG=y:
keyctl new_session
keyctl add user master "abcdefghijklmnop" @s
keyid=$(keyctl add encrypted desc "new user:master 25" @s)
datablob="$(keyctl pipe $keyid)"
keyctl unlink $keyid
keyid=$(keyctl add encrypted desc "load $datablob" @s)
datablob2="$(keyctl pipe $keyid)"
[ "$datablob" = "$datablob2" ] && echo "Success!"

Cc: Andy Lutomirski <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Mimi Zohar <[email protected]>
Cc: [email protected] # 4.9+
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: David Howells <[email protected]>
Signed-off-by: James Morris <[email protected]>
security/keys/encrypted-keys/encrypted.c diff | blob | history
John Crispins staging tree