• Eric Biggers's avatar
    KEYS: encrypted: fix race causing incorrect HMAC calculations · d76155ae
    Eric Biggers authored
    The encrypted-keys module was using a single global HMAC transform,
    which could be rekeyed by multiple threads concurrently operating on
    different keys, causing incorrect HMAC values to be calculated.  Fix
    this by allocating a new HMAC transform whenever we need to calculate a
    HMAC.  Also simplify things a bit by allocating the shash_desc's using
    SHASH_DESC_ON_STACK() for both the HMAC and unkeyed hashes.
    
    The following script reproduces the bug:
    
        keyctl new_session
        keyctl add user master "abcdefghijklmnop" @s
        for i in $(seq 2); do
            (
                set -e
                for j in $(seq 1000); do
                    keyid=$(keyctl add encrypted desc$i "new user:master 25" @s)
                    datablob="$(keyctl pipe $keyid)"
                    keyctl unlink $keyid > /dev/null
                    keyid=$(keyctl add encrypted desc$i "load $datablob" @s)
                    keyctl unlink $keyid > /dev/null
                done
            ) &
        done
    
    Output with bug:
    
        [  439.691094] encrypted_key: bad hmac (-22)
        add_key: Invalid argument
        add_key: Invalid argument
    
    Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
    Cc: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    d76155ae
encrypted.c 25.7 KB