| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4792.1412616356@warthog.procyon.org.uk>
Date: Mon, 06 Oct 2014 18:25:56 +0100
From: David Howells <dhowells@...hat.com>
To: jmorris@...ei.org
cc: dhowells@...hat.com, d.kasatkin@...sung.com,
keyrings@...ux-nfs.org, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [GIT PULL] KEYS:
Hi James,
Can you pull these fixes into your next branch?
(1) Handle error codes in pointers correctly so as not to crash.
(2) Fix the asymmetric key description to make module signature checking work
right (I changed the description to include the X.509 serial number, but
the module uses the subjectKeyId still).
(3) Bring back matching of keys based on partial matches on the auxiliary
IDs (required for IMA).
(4) Make the PGP fingerprint field in /proc/keys hold the tail end of the
SKID once again (if present).
(5) IMA needs to zero-pad the key ID it requests a match on because the hex
string will be rejected if it's not a multiple of two digits.
David
---
The following changes since commit c867d07e3c861e75509650b8a359351d634db93a:
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next (2014-10-02 19:47:23 +1000)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-next-fixes-20141006
for you to fetch changes up to 594081ee7145cc30a3977cb4e218f81213b63dc5:
integrity: do zero padding of the key id (2014-10-06 17:33:27 +0100)
----------------------------------------------------------------
(from the branch description for keys-next-fixes local branch)
clone of "keys-fixes"
Keyrings fixes for next
----------------------------------------------------------------
David Howells (1):
X.509: If available, use the raw subjKeyId to form the key description
Dmitry Kasatkin (6):
KEYS: handle error code encoded in pointer
KEYS: Restore partial ID matching functionality for asymmetric keys
KEYS: use swapped SKID for performing partial matching
KEYS: strip 'id:' from ca_keyid
KEYS: output last portion of fingerprint in /proc/keys
integrity: do zero padding of the key id
crypto/asymmetric_keys/asymmetric_keys.h | 3 --
crypto/asymmetric_keys/asymmetric_type.c | 84 +++++++++++++++++++++++--------
crypto/asymmetric_keys/pkcs7_trust.c | 9 ++--
crypto/asymmetric_keys/x509_cert_parser.c | 14 +++---
crypto/asymmetric_keys/x509_parser.h | 8 +--
crypto/asymmetric_keys/x509_public_key.c | 29 ++++++++---
include/crypto/public_key.h | 3 +-
include/keys/asymmetric-type.h | 3 ++
security/integrity/digsig_asymmetric.c | 2 +-
9 files changed, 110 insertions(+), 45 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists