Home Home > GIT Browse > SLE15-SP1
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPetr Tesarik <ptesarik@suse.cz>2019-07-20 00:21:52 +0200
committerPetr Tesarik <ptesarik@suse.cz>2019-07-20 00:21:52 +0200
commitdadd843e6780e2a66d737a84682ab06b81f1f4cb (patch)
treede7233d6938fea897c479ba0a67925542f3588e9
parentba46f6ba690391921144fd8b0d15e6a24b26a739 (diff)
pkey: Indicate old mkvp only if old and current mkvp are
different (bsc#1137827 LTC#178090).
-rw-r--r--patches.suse/pkey-indicate-old-mkvp-only-if-old-and-current-mkvp-are-different32
-rw-r--r--series.conf1
2 files changed, 33 insertions, 0 deletions
diff --git a/patches.suse/pkey-indicate-old-mkvp-only-if-old-and-current-mkvp-are-different b/patches.suse/pkey-indicate-old-mkvp-only-if-old-and-current-mkvp-are-different
new file mode 100644
index 0000000000..e93f45c122
--- /dev/null
+++ b/patches.suse/pkey-indicate-old-mkvp-only-if-old-and-current-mkvp-are-different
@@ -0,0 +1,32 @@
+From: Ingo Franzki <ifranzki@linux.ibm.com>
+Date: Wed, 20 Feb 2019 14:01:39 +0100
+Subject: pkey: Indicate old mkvp only if old and current mkvp are different
+Git-commit: ebb7c695d3bc7a4986b92edc8d9ef43491be183e
+Patch-mainline: v5.1-rc1
+References: bsc#1137827 LTC#178090
+
+When the CCA master key is set twice with the same master key,
+then the old and the current master key are the same and thus the
+verification patterns are the same, too. The check to report if a
+secure key is currently wrapped by the old master key erroneously
+reports old mkvp in this case.
+
+Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
+Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Acked-by: Petr Tesarik <ptesarik@suse.com>
+---
+ drivers/s390/crypto/pkey_api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/s390/crypto/pkey_api.c
++++ b/drivers/s390/crypto/pkey_api.c
+@@ -1046,7 +1046,7 @@ int pkey_verifykey(const struct pkey_sec
+ rc = mkvp_cache_fetch(cardnr, domain, mkvp);
+ if (rc)
+ goto out;
+- if (t->mkvp == mkvp[1]) {
++ if (t->mkvp == mkvp[1] && t->mkvp != mkvp[0]) {
+ DEBUG_DBG("pkey_verifykey secure key has old mkvp\n");
+ if (pattributes)
+ *pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
diff --git a/series.conf b/series.conf
index 5926e6369c..6d9d364728 100644
--- a/series.conf
+++ b/series.conf
@@ -21519,6 +21519,7 @@
patches.fixes/crypto-cavium-zip-fix-collision-with-generic-cra_dri.patch
patches.fixes/crypto-crypto4xx-add-missing-of_node_put-after-of_de.patch
patches.arch/s390-jump_label-Use-jdd-constraint-on-gcc9.patch
+ patches.suse/pkey-indicate-old-mkvp-only-if-old-and-current-mkvp-are-different
patches.drivers/clocksource-drivers-sun5i-Fail-gracefully-when-clock.patch
patches.drivers/clocksource-drivers-exynos_mct-Move-one-shot-check-f.patch
patches.drivers/clocksource-drivers-exynos_mct-Clear-timer-interrupt.patch