Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp2202960rwb; Mon, 19 Sep 2022 00:58:47 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7GJ/EZfEVs9FpwWrsi/l0GR5sVPtohUe08avJ/sbe6ALqjwUrgAaB3tXz4H2Kle865UA+6 X-Received: by 2002:a05:6a00:804:b0:544:4e98:3ff3 with SMTP id m4-20020a056a00080400b005444e983ff3mr17269105pfk.36.1663574327465; Mon, 19 Sep 2022 00:58:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663574327; cv=none; d=google.com; s=arc-20160816; b=rF5A6n29mWlgwHGZuJNhbEa4JQ2FlyVNIsgdexZzqJuRtRusRVHX2InAVAeBzYqF+k YtXhIaLmUQC/qytmRLjx7MswjIUIONCVUWpXW4W8r3/nxL2Lor3twLrMRqejocJqbnlS JMSZ5Pf8ugdYde17YubZnDjy1W5i2BblgYghIkKn+iqJw1wJreRdc2OvsiALgxsWJum9 lNyYbAqOyt2/XB9rFf1cpEcVo0oPyFbJMltdPjgYrqwsBdPF2Z0/CfR4nucCICa3NWu6 nzBxTL+N+Jh0nEiy4EtwiILJptM++qjEhGIsXgm514sDD7aNw1anj0FK1k8vkmVEXVw/ o3Hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:subject:date:cc:to:from; bh=Pov42IJFxG1bmYldy32C+vD6RrkG1A2i1QRqaS5uke0=; b=lfY+5QapIwlc8fIIq31MSfoZwFZj0WBjOtwtUagT44A/6X0XCWLPT6kCFh8rNKgBoV q4zXqKDKqAcWK5HLvhYiYa+eN8Q24RVkXL7WH9X36eF35/2AhLAdSMYt95GonbQv4gt9 jOvsukCA9MLmFHwCX9Wo9LbBCpXlOT31GNbOC+9GCxZNI3xLQj0Zpx5bx+MHYC2qW/Ju /3e2U+lxFCpHmEDpfy8LNRGeGKHxfxnmKVUT2Msafz7IdIgjN2Ng4CIuM6Nhu9McjcVX WMN7fa/0U+U0ffjiaol8OjrczrMMXZ56m5JFVK97Sa7YIB4LTTE52cUZ/qsz5YiyFJ/P rmfQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y16-20020a17090aca9000b00202d026ca0fsi9178604pjt.14.2022.09.19.00.58.36; Mon, 19 Sep 2022 00:58:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229714AbiISHaa (ORCPT + 99 others); Mon, 19 Sep 2022 03:30:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229578AbiISHa1 (ORCPT ); Mon, 19 Sep 2022 03:30:27 -0400 X-Greylist: delayed 420 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Mon, 19 Sep 2022 00:30:24 PDT Received: from mail.steuer-voss.de (mail.steuer-voss.de [85.183.69.95]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 898531A052; Mon, 19 Sep 2022 00:30:24 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at mail.steuer-voss.de Received: by mail.steuer-voss.de (Postfix, from userid 1000) id E41421357; Mon, 19 Sep 2022 09:23:17 +0200 (CEST) From: Nikolaus Voss To: Mimi Zohar , David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Date: Fri, 16 Sep 2022 07:45:29 +0200 Subject: [PATCH] KEYS: encrypted: fix key instantiation with user-provided data Message-Id: <20220919072317.E41421357@mail.steuer-voss.de> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit cd3bc044af48 ("KEYS: encrypted: Instantiate key with user-provided decrypted data") added key instantiation with user provided decrypted data. The user data is hex-ascii-encoded but was just memcpy'ed to the binary buffer. Fix this to use hex2bin instead. Fixes: cd3bc044af48 ("KEYS: encrypted: Instantiate key with user-provided decrypted data") Cc: stable Signed-off-by: Nikolaus Voss --- security/keys/encrypted-keys/encrypted.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index e05cfc2e49ae..1e313982af02 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -627,7 +627,7 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, pr_err("encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false\n"); return ERR_PTR(-EINVAL); } - if (strlen(decrypted_data) != decrypted_datalen) { + if (strlen(decrypted_data) != decrypted_datalen * 2) { pr_err("encrypted key: decrypted data provided does not match decrypted data length provided\n"); return ERR_PTR(-EINVAL); } @@ -791,8 +791,8 @@ static int encrypted_init(struct encrypted_key_payload *epayload, ret = encrypted_key_decrypt(epayload, format, hex_encoded_iv); } else if (decrypted_data) { get_random_bytes(epayload->iv, ivsize); - memcpy(epayload->decrypted_data, decrypted_data, - epayload->decrypted_datalen); + ret = hex2bin(epayload->decrypted_data, decrypted_data, + epayload->decrypted_datalen); } else { get_random_bytes(epayload->iv, ivsize); get_random_bytes(epayload->decrypted_data, epayload->decrypted_datalen); -- 2.34.1