summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Morris <james.l.morris@oracle.com>2016-07-09 12:49:00 +1000
committerJames Morris <james.l.morris@oracle.com>2016-07-09 12:49:00 +1000
commite1e5fa961612d774c122fc79f93a50a9dc8db321 (patch)
tree0bbb655a3bbdc70e7f1aeb6d10b6a9bf8f8dd2d2
parentc632809953fbde9e74394eae2de9d1f5e60ac427 (diff)
parent9552c7aebb8c36912612fddad5b55267c671a303 (diff)
downloadlwn-e1e5fa961612d774c122fc79f93a50a9dc8db321.tar.gz
lwn-e1e5fa961612d774c122fc79f93a50a9dc8db321.zip
Merge tag 'keys-misc-20160708' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
-rw-r--r--include/keys/rxrpc-type.h2
-rwxr-xr-xscripts/sign-file.c34
-rw-r--r--security/keys/persistent.c2
-rw-r--r--security/keys/request_key.c2
4 files changed, 29 insertions, 11 deletions
diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h
index fc4875433817..5de0673f333b 100644
--- a/include/keys/rxrpc-type.h
+++ b/include/keys/rxrpc-type.h
@@ -51,7 +51,7 @@ struct krb5_principal {
struct krb5_tagged_data {
/* for tag value, see /usr/include/krb5/krb5.h
* - KRB5_AUTHDATA_* for auth data
- * -
+ * -
*/
s32 tag;
u32 data_len;
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index d912d5a56a5e..53af6dc3e6c1 100755
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -1,6 +1,6 @@
/* Sign a module file using the given key.
*
- * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved.
+ * Copyright © 2014-2016 Red Hat, Inc. All Rights Reserved.
* Copyright © 2015 Intel Corporation.
* Copyright © 2016 Hewlett Packard Enterprise Development LP
*
@@ -167,19 +167,37 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
static X509 *read_x509(const char *x509_name)
{
+ unsigned char buf[2];
X509 *x509;
BIO *b;
+ int n;
b = BIO_new_file(x509_name, "rb");
ERR(!b, "%s", x509_name);
- x509 = d2i_X509_bio(b, NULL); /* Binary encoded X.509 */
- if (!x509) {
- ERR(BIO_reset(b) != 1, "%s", x509_name);
- x509 = PEM_read_bio_X509(b, NULL, NULL,
- NULL); /* PEM encoded X.509 */
- if (x509)
- drain_openssl_errors();
+
+ /* Look at the first two bytes of the file to determine the encoding */
+ n = BIO_read(b, buf, 2);
+ if (n != 2) {
+ if (BIO_should_retry(b)) {
+ fprintf(stderr, "%s: Read wanted retry\n", x509_name);
+ exit(1);
+ }
+ if (n >= 0) {
+ fprintf(stderr, "%s: Short read\n", x509_name);
+ exit(1);
+ }
+ ERR(1, "%s", x509_name);
}
+
+ ERR(BIO_reset(b) != 0, "%s", x509_name);
+
+ if (buf[0] == 0x30 && buf[1] >= 0x81 && buf[1] <= 0x84)
+ /* Assume raw DER encoded X.509 */
+ x509 = d2i_X509_bio(b, NULL);
+ else
+ /* Assume PEM encoded X.509 */
+ x509 = PEM_read_bio_X509(b, NULL, NULL, NULL);
+
BIO_free(b);
ERR(!x509, "%s", x509_name);
diff --git a/security/keys/persistent.c b/security/keys/persistent.c
index 2ef45b319dd9..1edc1f0a0ce2 100644
--- a/security/keys/persistent.c
+++ b/security/keys/persistent.c
@@ -114,7 +114,7 @@ found:
ret = key_link(key_ref_to_ptr(dest_ref), persistent);
if (ret == 0) {
key_set_timeout(persistent, persistent_keyring_expiry);
- ret = persistent->serial;
+ ret = persistent->serial;
}
}
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index a29e3554751e..43affcf10b22 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -442,7 +442,7 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
if (ctx->index_key.type == &key_type_keyring)
return ERR_PTR(-EPERM);
-
+
user = key_user_lookup(current_fsuid());
if (!user)
return ERR_PTR(-ENOMEM);