]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6029c08) | patch
KEYS: trusted: sanitize all key material
authorEric Biggers <ebiggers@google.com>
Thu, 8 Jun 2017 13:49:18 +0000 (14:49 +0100)
committerThadeu Lima de Souza Cascardo <cascardo@canonical.com>
Thu, 16 Nov 2017 16:35:46 +0000 (14:35 -0200)
commitb44ab186c41a60ff6622e7ab71f0a46fe9ffcf75
tree3abb9349a10fd582b4eeb2dd2947cdb5fbaf1a3atree
parent6029c08bc09cb522c117043ca66a2627199300abcommit | diff
KEYS: trusted: sanitize all key material

BugLink: http://bugs.launchpad.net/bugs/1732698
commit ee618b4619b72527aaed765f0f0b74072b281159 upstream.

As the previous patch did for encrypted-keys, zero sensitive any
potentially sensitive data related to the "trusted" key type before it
is freed.  Notably, we were not zeroing the tpm_buf structures in which
the actual key is stored for TPM seal and unseal, nor were we zeroing
the trusted_key_payload in certain error paths.

Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Safford <safford@us.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
security/keys/trusted.c diff | blob | blame | history
Ubuntu Artful kernel mirror