| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 7 Sep 2013 03:10:45 +1000 (EST)
From: James Morris <jmorris@...ei.org>
To: David Howells <dhowells@...hat.com>
cc: simo@...hat.com, zohar@...ux.vnet.ibm.com, keyrings@...ux-nfs.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] Keyrings patches
On Thu, 5 Sep 2013, David Howells wrote:
>
> Hi James,
>
> Could you pull these patches into the security tree? They're based on your
> next branch.
This missed the merge for 3.12. Do you want me to queue the changes up,
or do you want to send a pull request again after -rc1 ?
>
> The patches can be viewed as a number of sets:
>
> (1) KEYS: Skip key state checks when checking for possession
>
> This is a fix for determining the possessed status of keys that have been
> invalidated or revoked or that have expired. If nothing else, can you
> please pick this and pass it upstream.
>
> (2) KEYS: Expand the capacity of a keyring
> Add a generic associative array implementation
> KEYS: Drop the permissions argument from __keyring_search_one()
> KEYS: Define a __key_get() wrapper to use rather than atomic_inc()
> KEYS: Search for auth-key by name rather than target key ID
> KEYS: Introduce a search context structure
> KEYS: Consolidate the concept of an 'index key' for key access
> KEYS: key_is_dead() should take a const key pointer argument
> KEYS: Use bool in make_key_ref() and is_key_possessed()
>
> Patches to to expand the capacity of a keyring by using an associative
> array rather than a flat list and patches to do some preparatory cleanups
> for those.
>
> (3) KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches
> KEYS: Implement a big key type that can save to tmpfs
>
> Patches to add better support for libkrb5 to save its tokens in a kernel
> keyring rather than in files. It already has this ability to some
> extent, but that has two problems: your tokens get deleted when you log
> out (so your cron jobs can't use them) and the capacity of a user type
> key is not sufficient for some of the huge Kerberos tickets one can get.
> These patches address that.
>
> (4) KEYS: Rename public key parameter name arrays
> KEYS: Move the algorithm pointer array from x509 to public_key.c
> KEYS: Store public key algo ID in public_key struct
> KEYS: Split public_key_verify_signature() and make available
> KEYS: Store public key algo ID in public_key_signature struct
> X.509: struct x509_certificate needs struct tm declaring
> X.509: Embed public_key_signature struct and create filler function
> X.509: Check the algorithm IDs obtained from parsing an X.509 certificate
> X.509: Handle certificates that lack an authorityKeyIdentifier field
> X.509: Remove certificate date checks
>
> Patches to improve the asymmetric key type in various ways, including an
> important bugfix to prevent an unset system clock from preventing modules
> from being loaded.
>
> (5) KEYS: Load *.x509 files into kernel keyring
> KEYS: Have make canonicalise the paths of the X.509 certs better to deduplicate
> KEYS: Separate the kernel signature checking keyring from module signing
> KEYS: Add a 'trusted' flag and a 'trusted only' flag
> KEYS: Set the asymmetric-key type default search method
> KEYS: Make the system 'trusted' keyring viewable by userspace
> KEYS: verify a certificate is signed by a 'trusted' key
> KEYS: initialize root uid and session keyrings early
>
> Patches to provide better support for loading a generic system keyring of
> crypto keys which may then be used for other things besides module
> signing (such as kexec).
>
> David
> ---
> The following changes since commit 73203361468894c3c017bfbdd9ddcbb468039604:
>
> Merge branch 'smack-for-3.12' of git://git.gitorious.org/smack-next/kernel into ra-next (2013-08-23 02:50:12 +1000)
>
> are available in the git repository at:
>
>
> git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-x509-improvements
>
> for you to fetch changes up to 1d283e8a122f572ef0320f90b0077ce3b9aff464:
>
> KEYS: initialize root uid and session keyrings early (2013-09-04 19:51:45 +0100)
>
> ----------------------------------------------------------------
> (from the branch description for keys-devel local branch)
>
> clone of "master"
> X.509 key improvements and fixes
>
> ----------------------------------------------------------------
> David Howells (27):
> KEYS: Skip key state checks when checking for possession
> KEYS: Use bool in make_key_ref() and is_key_possessed()
> KEYS: key_is_dead() should take a const key pointer argument
> KEYS: Consolidate the concept of an 'index key' for key access
> KEYS: Introduce a search context structure
> KEYS: Search for auth-key by name rather than target key ID
> KEYS: Define a __key_get() wrapper to use rather than atomic_inc()
> KEYS: Drop the permissions argument from __keyring_search_one()
> Add a generic associative array implementation.
> KEYS: Expand the capacity of a keyring
> KEYS: Implement a big key type that can save to tmpfs
> KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches
> KEYS: Rename public key parameter name arrays
> KEYS: Move the algorithm pointer array from x509 to public_key.c
> KEYS: Store public key algo ID in public_key struct
> KEYS: Split public_key_verify_signature() and make available
> KEYS: Store public key algo ID in public_key_signature struct
> X.509: struct x509_certificate needs struct tm declaring
> X.509: Embed public_key_signature struct and create filler function
> X.509: Check the algorithm IDs obtained from parsing an X.509 certificate
> X.509: Handle certificates that lack an authorityKeyIdentifier field
> X.509: Remove certificate date checks
> KEYS: Load *.x509 files into kernel keyring
> KEYS: Have make canonicalise the paths of the X.509 certs better to deduplicate
> KEYS: Separate the kernel signature checking keyring from module signing
> KEYS: Add a 'trusted' flag and a 'trusted only' flag
> KEYS: Set the asymmetric-key type default search method
>
> Mimi Zohar (3):
> KEYS: Make the system 'trusted' keyring viewable by userspace
> KEYS: verify a certificate is signed by a 'trusted' key
> KEYS: initialize root uid and session keyrings early
>
> Documentation/assoc_array.txt | 574 +++++++
> Documentation/security/keys.txt | 20 +-
> crypto/asymmetric_keys/asymmetric_type.c | 1 +
> crypto/asymmetric_keys/public_key.c | 60 +-
> crypto/asymmetric_keys/public_key.h | 6 +
> crypto/asymmetric_keys/x509_cert_parser.c | 35 +-
> crypto/asymmetric_keys/x509_parser.h | 18 +-
> crypto/asymmetric_keys/x509_public_key.c | 229 ++-
> include/crypto/public_key.h | 9 +-
> include/keys/big_key-type.h | 25 +
> include/keys/keyring-type.h | 17 +-
> include/keys/system_keyring.h | 23 +
> include/linux/assoc_array.h | 92 ++
> include/linux/assoc_array_priv.h | 182 ++
> include/linux/key-type.h | 6 +
> include/linux/key.h | 52 +-
> include/linux/user_namespace.h | 6 +
> include/uapi/linux/keyctl.h | 1 +
> init/Kconfig | 13 +
> kernel/Makefile | 50 +-
> kernel/modsign_pubkey.c | 104 --
> kernel/module-internal.h | 2 -
> kernel/module_signing.c | 7 +-
> ...modsign_certificate.S => system_certificates.S} | 7 +-
> kernel/system_keyring.c | 105 ++
> kernel/user.c | 4 +
> kernel/user_namespace.c | 6 +
> lib/Kconfig | 14 +
> lib/Makefile | 1 +
> lib/assoc_array.c | 1746 ++++++++++++++++++++
> security/keys/Kconfig | 29 +
> security/keys/Makefile | 2 +
> security/keys/big_key.c | 204 +++
> security/keys/compat.c | 3 +
> security/keys/gc.c | 33 +-
> security/keys/internal.h | 74 +-
> security/keys/key.c | 99 +-
> security/keys/keyctl.c | 3 +
> security/keys/keyring.c | 1485 +++++++++--------
> security/keys/persistent.c | 169 ++
> security/keys/proc.c | 17 +-
> security/keys/process_keys.c | 141 +-
> security/keys/request_key.c | 56 +-
> security/keys/request_key_auth.c | 31 +-
> security/keys/sysctl.c | 11 +
> security/keys/user_defined.c | 18 +-
> 46 files changed, 4575 insertions(+), 1215 deletions(-)
> create mode 100644 Documentation/assoc_array.txt
> create mode 100644 include/keys/big_key-type.h
> create mode 100644 include/keys/system_keyring.h
> create mode 100644 include/linux/assoc_array.h
> create mode 100644 include/linux/assoc_array_priv.h
> delete mode 100644 kernel/modsign_pubkey.c
> rename kernel/{modsign_certificate.S => system_certificates.S} (51%)
> create mode 100644 kernel/system_keyring.c
> create mode 100644 lib/assoc_array.c
> create mode 100644 security/keys/big_key.c
> create mode 100644 security/keys/persistent.c
>
--
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists