| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <089BFB7E-0FDD-4C2F-8055-BC79A31048E9@oracle.com>
Date: Fri, 3 Jan 2025 23:28:03 +0000
From: Eric Snowberg <eric.snowberg@...cle.com>
To: Mimi Zohar <zohar@...ux.ibm.com>
CC: "open list:SECURITY SUBSYSTEM" <linux-security-module@...r.kernel.org>,
David Howells <dhowells@...hat.com>,
David Woodhouse <dwmw2@...radead.org>,
"herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>,
"davem@...emloft.net" <davem@...emloft.net>,
"ardb@...nel.org"
<ardb@...nel.org>,
"jarkko@...nel.org" <jarkko@...nel.org>,
"paul@...l-moore.com" <paul@...l-moore.com>,
"jmorris@...ei.org"
<jmorris@...ei.org>,
"serge@...lyn.com" <serge@...lyn.com>,
"roberto.sassu@...wei.com" <roberto.sassu@...wei.com>,
"dmitry.kasatkin@...il.com" <dmitry.kasatkin@...il.com>,
"mic@...ikod.net"
<mic@...ikod.net>,
"casey@...aufler-ca.com" <casey@...aufler-ca.com>,
"stefanb@...ux.ibm.com" <stefanb@...ux.ibm.com>,
"ebiggers@...nel.org"
<ebiggers@...nel.org>,
"rdunlap@...radead.org" <rdunlap@...radead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
"linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>
Subject: Re: [RFC PATCH v3 04/13] keys: Add new verification type
(VERIFYING_CLAVIS_SIGNATURE)
> On Dec 23, 2024, at 5:17 PM, Mimi Zohar <zohar@...ux.ibm.com> wrote:
>
> On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
>> Add a new verification type called VERIFYING_CLAVIS_SIGNATURE. This new
>> usage will be used for validating keys added to the new clavis LSM keyring.
>> This will be introduced in a follow-on patch.
>>
>> Signed-off-by: Eric Snowberg <eric.snowberg@...cle.com>
>> ---
>> crypto/asymmetric_keys/asymmetric_type.c | 1 +
>> crypto/asymmetric_keys/pkcs7_verify.c | 1 +
>> include/linux/verification.h | 2 ++
>> 3 files changed, 4 insertions(+)
>>
>> diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
>> index 43af5fa510c0..d7bf95c77f4a 100644
>> --- a/crypto/asymmetric_keys/asymmetric_type.c
>> +++ b/crypto/asymmetric_keys/asymmetric_type.c
>> @@ -25,6 +25,7 @@ const char *const key_being_used_for[NR__KEY_BEING_USED_FOR] = {
>> [VERIFYING_KEY_SIGNATURE] = "key sig",
>> [VERIFYING_KEY_SELF_SIGNATURE] = "key self sig",
>> [VERIFYING_UNSPECIFIED_SIGNATURE] = "unspec sig",
>> + [VERIFYING_CLAVIS_SIGNATURE] = "clavis sig",
>> };
>> EXPORT_SYMBOL_GPL(key_being_used_for);
>>
>> diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
>> index f0d4ff3c20a8..1dc80e68ce96 100644
>> --- a/crypto/asymmetric_keys/pkcs7_verify.c
>> +++ b/crypto/asymmetric_keys/pkcs7_verify.c
>> @@ -428,6 +428,7 @@ int pkcs7_verify(struct pkcs7_message *pkcs7,
>> }
>> /* Authattr presence checked in parser */
>> break;
>> + case VERIFYING_CLAVIS_SIGNATURE:
>
> Add "fallthrough;"
>
> https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through
>
I'll add the fallthrough in the next round, thanks.
Powered by blists - more mailing lists