diff options
author | James Morris <james.l.morris@oracle.com> | 2016-07-09 12:49:00 +1000 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2016-07-09 12:49:00 +1000 |
commit | e1e5fa961612d774c122fc79f93a50a9dc8db321 (patch) | |
tree | 0bbb655a3bbdc70e7f1aeb6d10b6a9bf8f8dd2d2 | |
parent | c632809953fbde9e74394eae2de9d1f5e60ac427 (diff) | |
parent | 9552c7aebb8c36912612fddad5b55267c671a303 (diff) | |
download | lwn-e1e5fa961612d774c122fc79f93a50a9dc8db321.tar.gz lwn-e1e5fa961612d774c122fc79f93a50a9dc8db321.zip |
Merge tag 'keys-misc-20160708' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
-rw-r--r-- | include/keys/rxrpc-type.h | 2 | ||||
-rwxr-xr-x | scripts/sign-file.c | 34 | ||||
-rw-r--r-- | security/keys/persistent.c | 2 | ||||
-rw-r--r-- | security/keys/request_key.c | 2 |
4 files changed, 29 insertions, 11 deletions
diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h index fc4875433817..5de0673f333b 100644 --- a/include/keys/rxrpc-type.h +++ b/include/keys/rxrpc-type.h @@ -51,7 +51,7 @@ struct krb5_principal { struct krb5_tagged_data { /* for tag value, see /usr/include/krb5/krb5.h * - KRB5_AUTHDATA_* for auth data - * - + * - */ s32 tag; u32 data_len; diff --git a/scripts/sign-file.c b/scripts/sign-file.c index d912d5a56a5e..53af6dc3e6c1 100755 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -1,6 +1,6 @@ /* Sign a module file using the given key. * - * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved. + * Copyright © 2014-2016 Red Hat, Inc. All Rights Reserved. * Copyright © 2015 Intel Corporation. * Copyright © 2016 Hewlett Packard Enterprise Development LP * @@ -167,19 +167,37 @@ static EVP_PKEY *read_private_key(const char *private_key_name) static X509 *read_x509(const char *x509_name) { + unsigned char buf[2]; X509 *x509; BIO *b; + int n; b = BIO_new_file(x509_name, "rb"); ERR(!b, "%s", x509_name); - x509 = d2i_X509_bio(b, NULL); /* Binary encoded X.509 */ - if (!x509) { - ERR(BIO_reset(b) != 1, "%s", x509_name); - x509 = PEM_read_bio_X509(b, NULL, NULL, - NULL); /* PEM encoded X.509 */ - if (x509) - drain_openssl_errors(); + + /* Look at the first two bytes of the file to determine the encoding */ + n = BIO_read(b, buf, 2); + if (n != 2) { + if (BIO_should_retry(b)) { + fprintf(stderr, "%s: Read wanted retry\n", x509_name); + exit(1); + } + if (n >= 0) { + fprintf(stderr, "%s: Short read\n", x509_name); + exit(1); + } + ERR(1, "%s", x509_name); } + + ERR(BIO_reset(b) != 0, "%s", x509_name); + + if (buf[0] == 0x30 && buf[1] >= 0x81 && buf[1] <= 0x84) + /* Assume raw DER encoded X.509 */ + x509 = d2i_X509_bio(b, NULL); + else + /* Assume PEM encoded X.509 */ + x509 = PEM_read_bio_X509(b, NULL, NULL, NULL); + BIO_free(b); ERR(!x509, "%s", x509_name); diff --git a/security/keys/persistent.c b/security/keys/persistent.c index 2ef45b319dd9..1edc1f0a0ce2 100644 --- a/security/keys/persistent.c +++ b/security/keys/persistent.c @@ -114,7 +114,7 @@ found: ret = key_link(key_ref_to_ptr(dest_ref), persistent); if (ret == 0) { key_set_timeout(persistent, persistent_keyring_expiry); - ret = persistent->serial; + ret = persistent->serial; } } diff --git a/security/keys/request_key.c b/security/keys/request_key.c index a29e3554751e..43affcf10b22 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -442,7 +442,7 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx, if (ctx->index_key.type == &key_type_keyring) return ERR_PTR(-EPERM); - + user = key_user_lookup(current_fsuid()); if (!user) return ERR_PTR(-ENOMEM); |