lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 06 Oct 2014 18:25:56 +0100
From:	David Howells <dhowells@...hat.com>
To:	jmorris@...ei.org
cc:	dhowells@...hat.com, d.kasatkin@...sung.com,
	keyrings@...ux-nfs.org, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [GIT PULL] KEYS: 

Hi James,

Can you pull these fixes into your next branch?

 (1) Handle error codes in pointers correctly so as not to crash.

 (2) Fix the asymmetric key description to make module signature checking work
     right (I changed the description to include the X.509 serial number, but
     the module uses the subjectKeyId still).

 (3) Bring back matching of keys based on partial matches on the auxiliary
     IDs (required for IMA).

 (4) Make the PGP fingerprint field in /proc/keys hold the tail end of the
     SKID once again (if present).

 (5) IMA needs to zero-pad the key ID it requests a match on because the hex
     string will be rejected if it's not a multiple of two digits.

David
---
The following changes since commit c867d07e3c861e75509650b8a359351d634db93a:

  Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next (2014-10-02 19:47:23 +1000)

are available in the git repository at:


  git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-next-fixes-20141006

for you to fetch changes up to 594081ee7145cc30a3977cb4e218f81213b63dc5:

  integrity: do zero padding of the key id (2014-10-06 17:33:27 +0100)

----------------------------------------------------------------
(from the branch description for keys-next-fixes local branch)

clone of "keys-fixes"
Keyrings fixes for next

----------------------------------------------------------------
David Howells (1):
      X.509: If available, use the raw subjKeyId to form the key description

Dmitry Kasatkin (6):
      KEYS: handle error code encoded in pointer
      KEYS: Restore partial ID matching functionality for asymmetric keys
      KEYS: use swapped SKID for performing partial matching
      KEYS: strip 'id:' from ca_keyid
      KEYS: output last portion of fingerprint in /proc/keys
      integrity: do zero padding of the key id

 crypto/asymmetric_keys/asymmetric_keys.h  |  3 --
 crypto/asymmetric_keys/asymmetric_type.c  | 84 +++++++++++++++++++++++--------
 crypto/asymmetric_keys/pkcs7_trust.c      |  9 ++--
 crypto/asymmetric_keys/x509_cert_parser.c | 14 +++---
 crypto/asymmetric_keys/x509_parser.h      |  8 +--
 crypto/asymmetric_keys/x509_public_key.c  | 29 ++++++++---
 include/crypto/public_key.h               |  3 +-
 include/keys/asymmetric-type.h            |  3 ++
 security/integrity/digsig_asymmetric.c    |  2 +-
 9 files changed, 110 insertions(+), 45 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists