[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220919072317.E41421357@mail.steuer-voss.de>
Date: Fri, 16 Sep 2022 07:45:29 +0200
From: Nikolaus Voss <nv@...n.de>
To: Mimi Zohar <zohar@...ux.ibm.com>,
David Howells <dhowells@...hat.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>
Cc: linux-integrity@...r.kernel.org, keyrings@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] KEYS: encrypted: fix key instantiation with user-provided
data
Commit cd3bc044af48 ("KEYS: encrypted: Instantiate key with user-provided
decrypted data") added key instantiation with user provided decrypted data.
The user data is hex-ascii-encoded but was just memcpy'ed to the binary buffer.
Fix this to use hex2bin instead.
Fixes: cd3bc044af48 ("KEYS: encrypted: Instantiate key with user-provided decrypted data")
Cc: stable <stable@...nel.org>
Signed-off-by: Nikolaus Voss <nikolaus.voss@...g-streit.com>
---
security/keys/encrypted-keys/encrypted.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index e05cfc2e49ae..1e313982af02 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -627,7 +627,7 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
pr_err("encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false\n");
return ERR_PTR(-EINVAL);
}
- if (strlen(decrypted_data) != decrypted_datalen) {
+ if (strlen(decrypted_data) != decrypted_datalen * 2) {
pr_err("encrypted key: decrypted data provided does not match decrypted data length provided\n");
return ERR_PTR(-EINVAL);
}
@@ -791,8 +791,8 @@ static int encrypted_init(struct encrypted_key_payload *epayload,
ret = encrypted_key_decrypt(epayload, format, hex_encoded_iv);
} else if (decrypted_data) {
get_random_bytes(epayload->iv, ivsize);
- memcpy(epayload->decrypted_data, decrypted_data,
- epayload->decrypted_datalen);
+ ret = hex2bin(epayload->decrypted_data, decrypted_data,
+ epayload->decrypted_datalen);
} else {
get_random_bytes(epayload->iv, ivsize);
get_random_bytes(epayload->decrypted_data, epayload->decrypted_datalen);
--
2.34.1
Powered by blists - more mailing lists