| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Oct 2012 20:27:12 +1030
From: Rusty Russell <rusty@...tcorp.com.au>
To: "Linus Torvalds" <torvalds@...ux-foundation.org>
Cc: Sam Ravnborg <sam@...nborg.org>
Subject: [PULL] modules
The following changes since commit 925a6f0bf8bd122d5d2429af7f0ca0fecf4ae71f:
Merge tag 'hwspinlock-3.6-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ohad/hwspinlock (2012-09-18 11:58:54 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux.git modules-next
for you to fetch changes up to dbadc17683e6c673a69b236c0f041b931cc55c42:
X.509: Fix indefinite length element skip error handling (2012-10-10 20:06:39 +1030)
----------------------------------------------------------------
module signing is the highlight, but it's an all-over David Howells frenzy...
----------------------------------------------------------------
David Howells (30):
Make most arch asm/module.h files use asm-generic/module.h
KEYS: Add payload preparsing opportunity prior to key instantiate or update
MPILIB: Provide count_leading/trailing_zeros() based on arch functions
KEYS: Document asymmetric key type
KEYS: Implement asymmetric key type
KEYS: Asymmetric key pluggable data parsers
KEYS: Asymmetric public-key algorithm crypto key subtype
KEYS: Provide signature verification with an asymmetric key
MPILIB: Reinstate mpi_cmp[_ui]() and export for RSA signature verification
RSA: Implement signature verification algorithm [PKCS#1 / RFC3447]
RSA: Fix signature verification for shorter signatures
X.509: Implement simple static OID registry
X.509: Add utility functions to render OIDs as strings
X.509: Add simple ASN.1 grammar compiler
X.509: Add an ASN.1 decoder
MPILIB: Provide a function to read raw data into an MPI
X.509: Add a crypto key parser for binary (DER) X.509 certificates
MODSIGN: Add FIPS policy
MODSIGN: Provide gitignore and make clean rules for extra files
MODSIGN: Provide Kconfig options
MODSIGN: Automatically generate module signing keys if missing
MODSIGN: Provide module signing public keys to the kernel
MODSIGN: Implement module signature checking
MODSIGN: Provide a script for generating a key ID from an X.509 cert
MODSIGN: Sign modules during the build process
MODSIGN: Use the same digest for the autogen key sig as for the module sig
MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs
MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking
X.509: Convert some printk calls to pr_devel
X.509: Fix indefinite length element skip error handling
Matthew Garrett (1):
module: taint kernel when lve module is loaded
Ralf Baechle (1):
MIPS: Fix module.c build for 32 bit
Randy Dunlap (1):
asymmetric keys: fix printk format warning
Rusty Russell (4):
module: fix symbol waiting when module fails before init
module: wait when loading a module which is currently initializing.
module: signature checking hook
MODSIGN: Make mrproper should remove generated files.
.gitignore | 14 +
Documentation/crypto/asymmetric-keys.txt | 312 ++++++
Documentation/kernel-parameters.txt | 6 +
Documentation/security/keys.txt | 50 +-
Makefile | 6 +-
arch/Kconfig | 19 +
arch/alpha/Kconfig | 2 +
arch/alpha/include/asm/module.h | 10 +-
arch/arm/Kconfig | 2 +
arch/arm/include/asm/module.h | 8 +-
arch/avr32/Kconfig | 2 +
arch/avr32/include/asm/module.h | 6 +-
arch/blackfin/Kconfig | 2 +
arch/blackfin/include/asm/module.h | 4 +-
arch/c6x/Kconfig | 1 +
arch/c6x/include/asm/module.h | 12 +-
arch/cris/Kconfig | 1 +
arch/cris/include/asm/Kbuild | 2 +
arch/cris/include/asm/module.h | 9 -
arch/frv/include/asm/module.h | 8 +-
arch/h8300/Kconfig | 1 +
arch/h8300/include/asm/Kbuild | 2 +
arch/h8300/include/asm/module.h | 11 -
arch/hexagon/Kconfig | 1 +
arch/ia64/Kconfig | 2 +
arch/ia64/include/asm/module.h | 6 +-
arch/m32r/Kconfig | 1 +
arch/m32r/include/asm/Kbuild | 2 +
arch/m32r/include/asm/module.h | 10 -
arch/m32r/kernel/module.c | 15 -
arch/m68k/Kconfig | 3 +
arch/m68k/include/asm/module.h | 6 +-
arch/microblaze/Kconfig | 1 +
arch/mips/Kconfig | 3 +
arch/mips/include/asm/module.h | 10 +-
arch/mips/kernel/Makefile | 1 +
arch/mips/kernel/module-rela.c | 145 +++
arch/mips/kernel/module.c | 121 +--
arch/mn10300/Kconfig | 1 +
arch/mn10300/include/asm/module.h | 7 +-
arch/openrisc/Kconfig | 1 +
arch/parisc/Kconfig | 2 +
arch/parisc/include/asm/module.h | 16 +-
arch/powerpc/Kconfig | 2 +
arch/powerpc/include/asm/module.h | 7 +-
arch/s390/Kconfig | 2 +
arch/s390/include/asm/module.h | 18 +-
arch/score/Kconfig | 2 +
arch/score/include/asm/module.h | 6 +-
arch/score/kernel/module.c | 10 -
arch/sh/Kconfig | 2 +
arch/sh/include/asm/module.h | 14 +-
arch/sparc/Kconfig | 1 +
arch/sparc/include/asm/Kbuild | 1 +
arch/sparc/include/asm/module.h | 24 -
arch/tile/Kconfig | 1 +
arch/unicore32/Kconfig | 1 +
arch/x86/Kconfig | 2 +
arch/x86/um/Kconfig | 2 +
arch/xtensa/Kconfig | 1 +
arch/xtensa/include/asm/module.h | 9 +-
crypto/Kconfig | 1 +
crypto/Makefile | 1 +
crypto/asymmetric_keys/.gitignore | 1 +
crypto/asymmetric_keys/Kconfig | 38 +
crypto/asymmetric_keys/Makefile | 27 +
crypto/asymmetric_keys/asymmetric_keys.h | 15 +
crypto/asymmetric_keys/asymmetric_type.c | 274 +++++
crypto/asymmetric_keys/public_key.c | 108 ++
crypto/asymmetric_keys/public_key.h | 30 +
crypto/asymmetric_keys/rsa.c | 277 ++++++
crypto/asymmetric_keys/signature.c | 49 +
crypto/asymmetric_keys/x509.asn1 | 60 ++
crypto/asymmetric_keys/x509_cert_parser.c | 496 +++++++++
crypto/asymmetric_keys/x509_parser.h | 36 +
crypto/asymmetric_keys/x509_public_key.c | 239 +++++
crypto/asymmetric_keys/x509_rsakey.asn1 | 4 +
fs/cifs/cifs_spnego.c | 6 +-
fs/cifs/cifsacl.c | 8 +-
include/asm-generic/bitops/count_zeros.h | 57 ++
include/asm-generic/module.h | 40 +-
include/crypto/public_key.h | 108 ++
include/keys/asymmetric-parser.h | 37 +
include/keys/asymmetric-subtype.h | 55 +
include/keys/asymmetric-type.h | 25 +
include/keys/user-type.h | 6 +-
include/linux/asn1.h | 67 ++
include/linux/asn1_ber_bytecode.h | 87 ++
include/linux/asn1_decoder.h | 24 +
include/linux/key-type.h | 35 +-
include/linux/module.h | 8 +
include/linux/moduleloader.h | 36 +-
include/linux/mpi.h | 1 +
include/linux/oid_registry.h | 92 ++
init/Kconfig | 68 ++
kernel/Makefile | 77 ++
kernel/modsign_pubkey.c | 113 +++
kernel/module-internal.h | 15 +
kernel/module.c | 157 ++-
kernel/module_signing.c | 243 +++++
lib/.gitignore | 2 +-
lib/Kconfig | 5 +
lib/Makefile | 18 +
lib/asn1_decoder.c | 487 +++++++++
lib/build_OID_registry | 209 ++++
lib/mpi/Makefile | 1 +
lib/mpi/longlong.h | 138 +--
lib/mpi/mpi-bit.c | 2 +-
lib/mpi/mpi-cmp.c | 70 ++
lib/mpi/mpi-pow.c | 4 +-
lib/mpi/mpicoder.c | 55 +
lib/oid_registry.c | 170 ++++
net/ceph/crypto.c | 9 +-
net/dns_resolver/dns_key.c | 6 +-
net/rxrpc/ar-key.c | 40 +-
scripts/.gitignore | 1 +
scripts/Makefile | 2 +
scripts/Makefile.build | 11 +
scripts/Makefile.modpost | 77 +-
scripts/asn1_compiler.c | 1545 +++++++++++++++++++++++++++++
scripts/sign-file | 115 +++
scripts/x509keyid | 268 +++++
security/keys/encrypted-keys/encrypted.c | 16 +-
security/keys/key.c | 114 ++-
security/keys/keyctl.c | 18 +-
security/keys/keyring.c | 6 +-
security/keys/request_key_auth.c | 8 +-
security/keys/trusted.c | 16 +-
security/keys/user_defined.c | 14 +-
129 files changed, 6803 insertions(+), 594 deletions(-)
create mode 100644 Documentation/crypto/asymmetric-keys.txt
delete mode 100644 arch/cris/include/asm/module.h
delete mode 100644 arch/h8300/include/asm/module.h
delete mode 100644 arch/m32r/include/asm/module.h
create mode 100644 arch/mips/kernel/module-rela.c
delete mode 100644 arch/sparc/include/asm/module.h
create mode 100644 crypto/asymmetric_keys/.gitignore
create mode 100644 crypto/asymmetric_keys/Kconfig
create mode 100644 crypto/asymmetric_keys/Makefile
create mode 100644 crypto/asymmetric_keys/asymmetric_keys.h
create mode 100644 crypto/asymmetric_keys/asymmetric_type.c
create mode 100644 crypto/asymmetric_keys/public_key.c
create mode 100644 crypto/asymmetric_keys/public_key.h
create mode 100644 crypto/asymmetric_keys/rsa.c
create mode 100644 crypto/asymmetric_keys/signature.c
create mode 100644 crypto/asymmetric_keys/x509.asn1
create mode 100644 crypto/asymmetric_keys/x509_cert_parser.c
create mode 100644 crypto/asymmetric_keys/x509_parser.h
create mode 100644 crypto/asymmetric_keys/x509_public_key.c
create mode 100644 crypto/asymmetric_keys/x509_rsakey.asn1
create mode 100644 include/asm-generic/bitops/count_zeros.h
create mode 100644 include/crypto/public_key.h
create mode 100644 include/keys/asymmetric-parser.h
create mode 100644 include/keys/asymmetric-subtype.h
create mode 100644 include/keys/asymmetric-type.h
create mode 100644 include/linux/asn1.h
create mode 100644 include/linux/asn1_ber_bytecode.h
create mode 100644 include/linux/asn1_decoder.h
create mode 100644 include/linux/oid_registry.h
create mode 100644 kernel/modsign_pubkey.c
create mode 100644 kernel/module-internal.h
create mode 100644 kernel/module_signing.c
create mode 100644 lib/asn1_decoder.c
create mode 100755 lib/build_OID_registry
create mode 100644 lib/mpi/mpi-cmp.c
create mode 100644 lib/oid_registry.c
create mode 100644 scripts/asn1_compiler.c
create mode 100644 scripts/sign-file
create mode 100755 scripts/x509keyid
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists