lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1322896.1612969174@warthog.procyon.org.uk>
Date:   Wed, 10 Feb 2021 14:59:34 +0000
From:   David Howells <dhowells@...hat.com>
To:     torvalds@...ux-foundation.org
cc:     dhowells@...hat.com, Jarkko Sakkinen <jarkko@...nel.org>,
        "Alexander A. Klimov" <grandmaster@...klimov.de>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Alex Shi <alex.shi@...ux.alibaba.com>,
        Ben Boeckel <mathstuf@...il.com>,
        Denis Efremov <efremov@...ux.com>,
        Gabriel Krisman Bertazi <krisman@...labora.com>,
        Jann Horn <jannh@...gle.com>,
        Krzysztof Kozlowski <krzk@...nel.org>,
        Mickaël Salaün <mic@...ux.microsoft.com>,
        Mimi Zohar <zohar@...ux.vnet.ibm.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>,
        Tom Rix <trix@...hat.com>, YueHaibing <yuehaibing@...wei.com>,
        keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: [GIT PULL] keys: Collected minor fixes and cleanups


Hi Linus,

Here's a set of minor keyrings fixes/cleanups that I've collected from
various people for the upcoming merge window.

A couple of them might, in theory, be visible to userspace:

 (*) Make blacklist_vet_description() reject uppercase letters as they
     don't match the all-lowercase hex string generated for a blacklist
     search.

     This may want reconsideration in the future, but, currently, you can't
     add to the blacklist keyring from userspace and the only source of
     blacklist keys generates lowercase descriptions.

 (*) Fix blacklist_init() to use a new KEY_ALLOC_* flag to indicate that it
     wants KEY_FLAG_KEEP to be set rather than passing KEY_FLAG_KEEP into
     keyring_alloc() as KEY_FLAG_KEEP isn't a valid alloc flag.

     This isn't currently a problem as the blacklist keyring isn't
     currently writable by userspace.

The rest of the patches are cleanups and I don't think they should have any
visible effect.

I've fixed the compilation error, added another patch and rebased to
v5.11-rc4 since the last request.

David
---
The following changes since commit 19c329f6808995b142b3966301f217c831e7cf31:

  Linux 5.11-rc4 (2021-01-17 16:37:05 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-misc-20210126

for you to fetch changes up to 8f0bfc25c907f38e7f9dc498e8f43000d77327ef:

  watch_queue: rectify kernel-doc for init_watch() (2021-01-26 11:16:34 +0000)

----------------------------------------------------------------
Keyrings miscellany

----------------------------------------------------------------
Alex Shi (2):
      PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
      certs/blacklist: fix kernel doc interface issue

Alexander A. Klimov (1):
      encrypted-keys: Replace HTTP links with HTTPS ones

David Howells (1):
      certs: Fix blacklist flag type confusion

Denis Efremov (1):
      security/keys: use kvfree_sensitive()

Gabriel Krisman Bertazi (1):
      watch_queue: Drop references to /dev/watch_queue

Gustavo A. R. Silva (1):
      security: keys: Fix fall-through warnings for Clang

Jann Horn (1):
      keys: Remove outdated __user annotations

Krzysztof Kozlowski (1):
      KEYS: asymmetric: Fix kerneldoc

Lukas Bulwahn (1):
      watch_queue: rectify kernel-doc for init_watch()

Mickaël Salaün (3):
      certs: Fix blacklisted hexadecimal hash string check
      PKCS#7: Fix missing include
      certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID

Randy Dunlap (2):
      security: keys: delete repeated words in comments
      crypto: asymmetric_keys: fix some comments in pkcs7_parser.h

Tianjia Zhang (1):
      crypto: public_key: Remove redundant header file from public_key.h

Tom Rix (2):
      KEYS: remove redundant memset
      keys: remove trailing semicolon in macro definition

YueHaibing (1):
      crypto: pkcs7: Use match_string() helper to simplify the code

 Documentation/security/keys/core.rst     |  4 ++--
 certs/blacklist.c                        | 10 +++++-----
 certs/system_keyring.c                   |  5 +++--
 crypto/asymmetric_keys/asymmetric_type.c |  6 ++++--
 crypto/asymmetric_keys/pkcs7_parser.h    |  5 ++---
 crypto/asymmetric_keys/pkcs7_trust.c     |  2 +-
 crypto/asymmetric_keys/pkcs7_verify.c    |  9 ++++-----
 include/crypto/public_key.h              |  1 -
 include/keys/encrypted-type.h            |  2 +-
 include/linux/key.h                      |  5 +++--
 include/linux/verification.h             |  2 ++
 kernel/watch_queue.c                     |  2 +-
 samples/Kconfig                          |  2 +-
 samples/watch_queue/watch_test.c         |  2 +-
 security/integrity/ima/ima_mok.c         |  5 ++---
 security/keys/Kconfig                    |  8 ++++----
 security/keys/big_key.c                  |  9 +++------
 security/keys/key.c                      |  2 ++
 security/keys/keyctl.c                   |  2 +-
 security/keys/keyctl_pkey.c              |  2 --
 security/keys/keyring.c                  | 10 +++++-----
 security/keys/process_keys.c             |  1 +
 22 files changed, 48 insertions(+), 48 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ