korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-25 13:14:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
a9dd74b252
linux/security/keys
History
Eric Biggers a9dd74b252 KEYS: encrypted: sanitize all key material 
For keys of type "encrypted", consistently zero sensitive key material
before freeing it.  This was already being done for the decrypted
payloads of encrypted keys, but not for the master key and the keys
derived from the master key.

Out of an abundance of caution and because it is trivial to do so, also
zero buffers containing the key payload in encrypted form, although
depending on how the encrypted-keys feature is used such information
does not necessarily need to be kept secret.

Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Safford <safford@us.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-06-09 13:29:48 +10:00
..
encrypted-keys KEYS: encrypted: sanitize all key material 2017-06-09 13:29:48 +10:00
big_key.c KEYS: Sort out big_key initialisation 2016-10-27 16:03:27 +11:00
compat_dh.c KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
compat.c KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
dh.c KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
gc.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
internal.h KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
Kconfig security/keys: add CONFIG_KEYS_COMPAT to Kconfig 2017-06-09 13:29:45 +10:00
key.c KEYS: fix freeing uninitialized memory in key_update() 2017-06-09 13:29:47 +10:00
keyctl.c KEYS: sanitize add_key() and keyctl() key payloads 2017-06-09 13:29:48 +10:00
keyring.c security: use READ_ONCE instead of deprecated ACCESS_ONCE 2017-06-09 13:29:45 +10:00
Makefile KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
permission.c KEYS: Move the flags representing required permission to linux/key.h 2014-03-14 17:44:49 +00:00
persistent.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
proc.c security, keys: convert key_user.usage from atomic_t to refcount_t 2017-04-03 10:49:06 +10:00
process_keys.c KEYS: put keyring if install_session_keyring_to_cred() fails 2017-06-09 13:29:46 +10:00
request_key_auth.c security, keys: convert key.usage from atomic_t to refcount_t 2017-04-03 10:49:05 +10:00
request_key.c Make static usermode helper binaries constant 2017-01-19 12:59:45 +01:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() 2017-03-02 10:09:00 +11:00
trusted.h keys, trusted: move struct trusted_key_options to trusted-type.h 2015-10-19 01:01:21 +02:00
user_defined.c KEYS: user_defined: sanitize key payloads 2017-06-09 13:29:48 +10:00