-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlny8HMACgkQONu9yGCS
aT77eBAAgJeVMbCAfKiW1mtwUJW/OoPTHImt5xYqkrFpkqaDlqX47FkfUMXj2Esu
707Ejvw/+tAbZsvP3dQES8gFzM6arilKaX/EjruFow7Shtj84s5ny7i2iyR/PUmp
87FudvveyUzg7bH0rWHWYLVfUnJaxg3UywGNV5oB4nBQoTL8M6lljpxtL/a0hfF9
A5K9R6CT3mWCAoQyOtOSAg/A7Ax74qPBFW4UTKN4RY5yDEp/RupT9yjH9k5qLeDC
nhGA3JwOZhIFrkb3jkHYsqwvEcqOtcHN/kJ0kPfVx9Sj1Tp4Dk1XK9XWnC0qTGLO
0H4VY57ODEREkpsMoXEmJi5403i5Q61m4MMO1iS6Gj9XnZ/lZCvLSbVVjLSNZsOY
A4eAFPxYMLj6XHRrQK0a4obAhacMljXZxHjnCwgFllDo11TqXtb7Zp/fD75sagoQ
3fNFAS10+N9VyqADdlrir+IRkN9jvnmynj1vTbdlb2KKmU+lpc+iAZ8iptpExfX8
e6ZN+K4Xq0uCEHZkkOB1beh3bNhgIpICBKI2LXTdCFXtklwg5hJvzF4yv2IPleFo
7exiUH326MRxQNg9ltdTJ1BA6FNW29S1oIYTzpblsLsA4Up3O/gI2GH3I35M2/H6
XKAS/HI6XEmaMK1WBWS/pFQGGZ0rGGUPbVfPiXsdR10XDdz7X/M=
=44jV
-----END PGP SIGNATURE-----
Merge 4.9.59 into android-4.9
Changes in 4.9.59
USB: devio: Revert "USB: devio: Don't corrupt user memory"
USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
USB: serial: metro-usb: add MS7820 device id
usb: cdc_acm: Add quirk for Elatec TWN3
usb: quirks: add quirk for WORLDE MINI MIDI keyboard
usb: hub: Allow reset retry for USB2 devices on connect bounce
ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
can: gs_usb: fix busy loop if no more TX context is available
parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels
iio: dummy: events: Add missing break
usb: musb: sunxi: Explicitly release USB PHY on exit
usb: musb: Check for host-mode using is_host_active() on reset interrupt
xhci: Identify USB 3.1 capable hosts by their port protocol capability
can: esd_usb2: Fix can_dlc value for received RTR, frames
drm/nouveau/bsp/g92: disable by default
drm/nouveau/mmu: flush tlbs before deleting page tables
ALSA: seq: Enable 'use' locking in all configurations
ALSA: hda: Remove superfluous '-' added by printk conversion
ALSA: hda: Abort capability probe at invalid register read
i2c: ismt: Separate I2C block read from SMBus block read
i2c: piix4: Fix SMBus port selection for AMD Family 17h chips
brcmfmac: Add check for short event packets
brcmsmac: make some local variables 'static const' to reduce stack size
bus: mbus: fix window size calculation for 4GB windows
clockevents/drivers/cs5535: Improve resilience to spurious interrupts
rtlwifi: rtl8821ae: Fix connection lost problem
x86/microcode/intel: Disable late loading on model 79
KEYS: encrypted: fix dereference of NULL user_key_payload
lib/digsig: fix dereference of NULL user_key_payload
KEYS: don't let add_key() update an uninstantiated key
pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
vmbus: fix missing signaling in hv_signal_on_read()
xfs: don't unconditionally clear the reflink flag on zero-block files
xfs: evict CoW fork extents when performing finsert/fcollapse
fs/xfs: Use %pS printk format for direct addresses
xfs: report zeroed or not correctly in xfs_zero_range()
xfs: update i_size after unwritten conversion in dio completion
xfs: perag initialization should only touch m_ag_max_usable for AG 0
xfs: Capture state of the right inode in xfs_iflush_done
xfs: always swap the cow forks when swapping extents
xfs: handle racy AIO in xfs_reflink_end_cow
xfs: Don't log uninitialised fields in inode structures
xfs: move more RT specific code under CONFIG_XFS_RT
xfs: don't change inode mode if ACL update fails
xfs: reinit btree pointer on attr tree inactivation walk
xfs: handle error if xfs_btree_get_bufs fails
xfs: cancel dirty pages on invalidation
xfs: trim writepage mapping to within eof
fscrypt: fix dereference of NULL user_key_payload
KEYS: Fix race between updating and finding a negative key
FS-Cache: fix dereference of NULL user_key_payload
Linux 4.9.59
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 192cabd6a296cbc57b3d8c05c4c89d87fc102506 upstream.
digsig_verify() requests a user key, then accesses its payload.
However, a revoked key has a NULL payload, and we failed to check for
this. request_key() *does* skip revoked keys, but there is still a
window where the key can be revoked before we acquire its semaphore.
Fix it by checking for a NULL payload, treating it like a key which was
already revoked at the time it was requested.
Fixes: 051dbb918c ("crypto: digital signature verification support")
Reviewed-by: James Morris <james.l.morris@oracle.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cherry-picked from upstream-f2fs-stable-linux-4.9.y
Changes include:
commit 30da3a4de9 ("f2fs: hurry up to issue discard after io interruption")
commit d1c363b483 ("f2fs: fix to show correct discard_granularity in sysfs")
...
commit e6b120d4d0 ("f2fs/fscrypt: catch up to v4.12")
commit 4d7931d727 ("KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload()")
Signed-off-by: Hyojun Kim <hyojun@google.com>
Currently, if digsig_verify_rsa() detects that the modulo's length is zero,
i.e. mlen == 0, it returns -ENOMEM which doesn't really fit here.
Make digsig_verify_rsa() return -EINVAL upon mlen == 0.
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
mpi_read_from_buffer() reads a MPI from a buffer into a newly allocated
MPI instance. It expects the buffer's leading two bytes to contain the
number of bits, followed by the actual payload.
On failure, it returns NULL and updates the in/out argument ret_nread
somewhat inconsistently:
- If the given buffer is too short to contain the leading two bytes
encoding the number of bits or their value is unsupported, then
ret_nread will be cleared.
- If the allocation of the resulting MPI instance fails, ret_nread is left
as is.
The only user of mpi_read_from_buffer(), digsig_verify_rsa(), simply checks
for a return value of NULL and returns -ENOMEM if that happens.
While this is all of cosmetic nature only, there is another error condition
which currently isn't detectable by the caller of mpi_read_from_buffer():
if the given buffer is too small to hold the number of bits as encoded in
its first two bytes, the return value will be non-NULL and *ret_nread > 0.
In preparation of communicating this condition to the caller, let
mpi_read_from_buffer() return error values by means of the ERR_PTR()
mechanism.
Make the sole caller of mpi_read_from_buffer(), digsig_verify_rsa(),
check the return value for IS_ERR() rather than == NULL. If IS_ERR() is
true, return the associated error value rather than the fixed -ENOMEM.
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Pull security subsystem updates from James Morris:
"This is basically a maintenance update for the TPM driver and EVM/IMA"
Fix up conflicts in lib/digsig.c and security/integrity/ima/ima_main.c
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (45 commits)
tpm/ibmvtpm: build only when IBM pseries is configured
ima: digital signature verification using asymmetric keys
ima: rename hash calculation functions
ima: use new crypto_shash API instead of old crypto_hash
ima: add policy support for file system uuid
evm: add file system uuid to EVM hmac
tpm_tis: check pnp_acpi_device return code
char/tpm/tpm_i2c_stm_st33: drop temporary variable for return value
char/tpm/tpm_i2c_stm_st33: remove dead assignment in tpm_st33_i2c_probe
char/tpm/tpm_i2c_stm_st33: Remove __devexit attribute
char/tpm/tpm_i2c_stm_st33: Don't use memcpy for one byte assignment
tpm_i2c_stm_st33: removed unused variables/code
TPM: Wait for TPM_ACCESS tpmRegValidSts to go high at startup
tpm: Fix cancellation of TPM commands (interrupt mode)
tpm: Fix cancellation of TPM commands (polling mode)
tpm: Store TPM vendor ID
TPM: Work around buggy TPMs that block during continue self test
tpm_i2c_stm_st33: fix oops when i2c client is unavailable
char/tpm: Use struct dev_pm_ops for power management
TPM: STMicroelectronics ST33 I2C BUILD STUFF
...
In existing use case, copying of the decoded data is unnecessary in
pkcs_1_v1_5_decode_emsa. It is just enough to get pointer to the message.
Removing copying and extra buffer allocation.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
digsig_verify_rsa() does not free kmalloc'ed buffer returned by
mpi_get_buffer().
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do
not match, hash comparision is not done and digsig_verify_rsa() returns
no error. This is a bug and this patch fixes it.
The bug was introduced in v3.3 by commit b35e286a64 ("lib/digsig:
pkcs_1_v1_5_decode_emsa cleanup").
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
mpi_read_from_buffer() return value must not be NULL.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Removed useless 'is_valid' variable in pkcs_1_v1_5_decode_emsa(),
which was inhereted from original code. Client now uses return value
to check for an error.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
This patch implements RSA digital signature verification using GnuPG library.
The format of the signature and the public key is defined by their respective
headers. The signature header contains version information, algorithm,
and keyid, which was used to generate the signature.
The key header contains version and algorythim type.
The payload of the signature and the key are multi-precision integers.
The signing and key management utilities evm-utils provide functionality
to generate signatures and load keys into the kernel keyring.
When the key is added to the kernel keyring, the keyid defines the name
of the key.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
