lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 11 Aug 2016 21:48:07 +0200
From:	Kirill Marinushkin <k.marinushkin@...il.com>
To:	dhowells@...hat.com
Cc:	k.marinushkin@...il.com, zer0mem@...oo.com,
	gregkh@...uxfoundation.org, serge@...lyn.com,
	james.l.morris@...cle.com, keyrings@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: RE: [RFC][PATCH] KEYS: Sort out big_key initialisation

> The attached patch *might* fix the problem that's being seen.  It certainly
> fixes the init problem.

I tested that the patch suggested in the original RFC works and really fixes
the issue.

The issue reproduses always with the reporter's configuration.
After applying the patch suggested in the original RFC, big_key returns error
code instead of crashing.
Tested with:
  method suggested in the original report;
  method suggested in the original RFC;
  some other tests.

Additionally below is a fix for dependency.
After applying this patch big_key is created and read successfully.
---
commit 69ed34b303f87a1a53470dd37149ac1573d79da2
Author: Kirill Marinushkin <k.marinushkin@...il.com>
Date: Mon, 8 Aug 2016 23:19:32 +0200

KEYS: fix big_key dependency

Signed-off-by: Kirill Marinushkin <k.marinushkin@...il.com>
cc: David Howells <dhowells@...hat.com>
cc: Peter Hlavaty <zer0mem@...oo.com>
cc: Greg KH <gregkh@...uxfoundation.org>
cc: stable@...r.kernel.org
---
 security/keys/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index f826e87..8213221 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -44,7 +44,7 @@ config BIG_KEYS
 	select CRYPTO
 	select CRYPTO_AES
 	select CRYPTO_ECB
-	select CRYPTO_RNG
+	select CRYPTO_ANSI_CPRNG
 	help
 	  This option provides support for holding large keys within the kernel
 	  (for example Kerberos ticket caches).  The data may be stored out to
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ