Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge tag 'keys-misc-20160708' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next

James Morris 9 years ago
parent
c632809953 9552c7aebb
commit
e1e5fa9616
4 changed files with 29 additions and 11 deletions
Unified View Show Diff Stats
  1. 1 1
      include/keys/rxrpc-type.h
  2. 26 8
      scripts/sign-file.c
  3. 1 1
      security/keys/persistent.c
  4. 1 1
      security/keys/request_key.c

+ 1 - 1
include/keys/rxrpc-type.h
View File 

@@ -51,7 +51,7 @@ struct krb5_principal {
 
 struct krb5_tagged_data {
 
 struct krb5_tagged_data {
 
 	/* for tag value, see /usr/include/krb5/krb5.h
 
 	/* for tag value, see /usr/include/krb5/krb5.h
 
 	 * - KRB5_AUTHDATA_* for auth data
 
 	 * - KRB5_AUTHDATA_* for auth data
 
-	 * - 
+	 * -
 
 	 */
 
 	 */
 
 	s32		tag;
 
 	s32		tag;
 
 	u32		data_len;
 
 	u32		data_len;

+ 26 - 8
scripts/sign-file.c
View File 

@@ -1,6 +1,6 @@
 
 /* Sign a module file using the given key.
 
 /* Sign a module file using the given key.
 
  *
 
  *
 
- * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved.
 
+ * Copyright © 2014-2016 Red Hat, Inc. All Rights Reserved.
 
  * Copyright © 2015      Intel Corporation.
 
  * Copyright © 2015      Intel Corporation.
 
  * Copyright © 2016      Hewlett Packard Enterprise Development LP
 
  * Copyright © 2016      Hewlett Packard Enterprise Development LP
 
  *
 
  *
 
@@ -167,19 +167,37 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
 
 
 
 static X509 *read_x509(const char *x509_name)
 
 static X509 *read_x509(const char *x509_name)
 
 {
 
 {
 
+	unsigned char buf[2];
 
 	X509 *x509;
 
 	X509 *x509;
 
 	BIO *b;
 
 	BIO *b;
 
+	int n;
 
 
 
 	b = BIO_new_file(x509_name, "rb");
 
 	b = BIO_new_file(x509_name, "rb");
 
 	ERR(!b, "%s", x509_name);
 
 	ERR(!b, "%s", x509_name);
 
-	x509 = d2i_X509_bio(b, NULL); /* Binary encoded X.509 */
 
-	if (!x509) {
 
-		ERR(BIO_reset(b) != 1, "%s", x509_name);
 
-		x509 = PEM_read_bio_X509(b, NULL, NULL,
 
-					 NULL); /* PEM encoded X.509 */
 
-		if (x509)
 
-			drain_openssl_errors();
 
+
 
+	/* Look at the first two bytes of the file to determine the encoding */
 
+	n = BIO_read(b, buf, 2);
 
+	if (n != 2) {
 
+		if (BIO_should_retry(b)) {
 
+			fprintf(stderr, "%s: Read wanted retry\n", x509_name);
 
+			exit(1);
 
+		}
 
+		if (n >= 0) {
 
+			fprintf(stderr, "%s: Short read\n", x509_name);
 
+			exit(1);
 
+		}
 
+		ERR(1, "%s", x509_name);
 
 	}
 
 	}
 
+
 
+	ERR(BIO_reset(b) != 0, "%s", x509_name);
 
+
 
+	if (buf[0] == 0x30 && buf[1] >= 0x81 && buf[1] <= 0x84)
 
+		/* Assume raw DER encoded X.509 */
 
+		x509 = d2i_X509_bio(b, NULL);
 
+	else
 
+		/* Assume PEM encoded X.509 */
 
+		x509 = PEM_read_bio_X509(b, NULL, NULL, NULL);
 
+
 
 	BIO_free(b);
 
 	BIO_free(b);
 
 	ERR(!x509, "%s", x509_name);
 
 	ERR(!x509, "%s", x509_name);

+ 1 - 1
security/keys/persistent.c
View File 

@@ -114,7 +114,7 @@ found:
 
 		ret = key_link(key_ref_to_ptr(dest_ref), persistent);
 
 		ret = key_link(key_ref_to_ptr(dest_ref), persistent);
 
 		if (ret == 0) {
 
 		if (ret == 0) {
 
 			key_set_timeout(persistent, persistent_keyring_expiry);
 
 			key_set_timeout(persistent, persistent_keyring_expiry);
 
-			ret = persistent->serial;		
+			ret = persistent->serial;
 
 		}
 
 		}
 
 	}
 
 	}

+ 1 - 1
security/keys/request_key.c
View File 

@@ -442,7 +442,7 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
 
 
 
 	if (ctx->index_key.type == &key_type_keyring)
 
 	if (ctx->index_key.type == &key_type_keyring)
 
 		return ERR_PTR(-EPERM);
 
 		return ERR_PTR(-EPERM);
 
-	
+
 
 	user = key_user_lookup(current_fsuid());
 
 	user = key_user_lookup(current_fsuid());
 
 	if (!user)
 
 	if (!user)
 
 		return ERR_PTR(-ENOMEM);
 
 		return ERR_PTR(-ENOMEM);