KEYS: fix "ca_keys=" partial key matching
The call to asymmetric_key_hex_to_key_id() from ca_keys_setup()
silently fails with -ENOMEM. Instead of dynamically allocating
memory from a __setup function, this patch defines a variable
and calls __asymmetric_key_hex_to_key_id(), a new helper function,
directly.
Changelog:
- for clarification, rename hexlen to asciihexlen in
asymmetric_key_hex_to_key_id()
- add size argument to __asymmetric_key_hex_to_key_id() - David Howells
- inline __asymmetric_key_hex_to_key_id() - David Howells
Cc: <stable@vger.kernel.org> # 3.18+
Fixes: 46963b7 ("KEYS: Overhaul key identification when searching for asymmetric keys")
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h
index f973308..3f5b537 100644
--- a/crypto/asymmetric_keys/asymmetric_keys.h
+++ b/crypto/asymmetric_keys/asymmetric_keys.h
@@ -11,6 +11,9 @@
extern struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id);
+extern int __asymmetric_key_hex_to_key_id(const char *id,
+ struct asymmetric_key_id *match_id,
+ size_t hexlen);
static inline
const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
{
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index bcbbbd7..b0e4ed2 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -104,6 +104,15 @@
return false;
}
+/* helper function can be called directly with pre-allocated memory */
+inline int __asymmetric_key_hex_to_key_id(const char *id,
+ struct asymmetric_key_id *match_id,
+ size_t hexlen)
+{
+ match_id->len = hexlen;
+ return hex2bin(match_id->data, id, hexlen);
+}
+
/**
* asymmetric_key_hex_to_key_id - Convert a hex string into a key ID.
* @id: The ID as a hex string.
@@ -111,21 +120,20 @@
struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id)
{
struct asymmetric_key_id *match_id;
- size_t hexlen;
+ size_t asciihexlen;
int ret;
if (!*id)
return ERR_PTR(-EINVAL);
- hexlen = strlen(id);
- if (hexlen & 1)
+ asciihexlen = strlen(id);
+ if (asciihexlen & 1)
return ERR_PTR(-EINVAL);
- match_id = kmalloc(sizeof(struct asymmetric_key_id) + hexlen / 2,
+ match_id = kmalloc(sizeof(struct asymmetric_key_id) + asciihexlen / 2,
GFP_KERNEL);
if (!match_id)
return ERR_PTR(-ENOMEM);
- match_id->len = hexlen / 2;
- ret = hex2bin(match_id->data, id, hexlen / 2);
+ ret = __asymmetric_key_hex_to_key_id(id, match_id, asciihexlen / 2);
if (ret < 0) {
kfree(match_id);
return ERR_PTR(-EINVAL);
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index a6c4203..7e9521e 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -25,20 +25,38 @@
#include "x509_parser.h"
static bool use_builtin_keys;
+
+static struct {
+ struct asymmetric_key_id id;
+ unsigned char data[10];
+} cakey;
static struct asymmetric_key_id *ca_keyid;
-#ifndef MODULE
static int __init ca_keys_setup(char *str)
{
if (!str) /* default system keyring */
return 1;
if (strncmp(str, "id:", 3) == 0) {
- struct asymmetric_key_id *p;
- p = asymmetric_key_hex_to_key_id(str + 3);
- if (p == ERR_PTR(-EINVAL))
+ struct asymmetric_key_id *p = &cakey.id;
+ size_t hexlen;
+ int ret;
+
+ if (strlen(str) == 3) {
+ pr_err("Missing ca_keys id");
+ return 1;
+ }
+
+ hexlen = (strlen(str) - 3) / 2;
+ if (hexlen == 0 || hexlen > sizeof(cakey.data)) {
+ pr_err("Invalid ca_keys length\n");
+ return 1;
+ }
+
+ ret = __asymmetric_key_hex_to_key_id(str + 3, p, hexlen);
+ if (ret < 0)
pr_err("Unparsable hex string in ca_keys\n");
- else if (!IS_ERR(p))
+ else
ca_keyid = p; /* owner key 'id:xxxxxx' */
} else if (strcmp(str, "builtin") == 0) {
use_builtin_keys = true;
@@ -47,7 +65,6 @@
return 1;
}
__setup("ca_keys=", ca_keys_setup);
-#endif
/**
* x509_request_asymmetric_key - Request a key by X.509 certificate params.
