#
8041dcc8 |
| 29-Mar-2016 |
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> |
Merge tag 'v4.6-rc1' into for-linus-4.6
Linux 4.6-rc1
* tag 'v4.6-rc1': (12823 commits) Linux 4.6-rc1 f2fs/crypto: fix xts_tweak initialization NTB: Remove _addr functions from ntb_hw_amd o
Merge tag 'v4.6-rc1' into for-linus-4.6
Linux 4.6-rc1
* tag 'v4.6-rc1': (12823 commits) Linux 4.6-rc1 f2fs/crypto: fix xts_tweak initialization NTB: Remove _addr functions from ntb_hw_amd orangefs: fix orangefs_superblock locking orangefs: fix do_readv_writev() handling of error halfway through orangefs: have ->kill_sb() evict the VFS side of things first orangefs: sanitize ->llseek() orangefs-bufmap.h: trim unused junk orangefs: saner calling conventions for getting a slot orangefs_copy_{to,from}_bufmap(): don't pass bufmap pointer orangefs: get rid of readdir_handle_s thp: fix typo in khugepaged_scan_pmd() MAINTAINERS: fill entries for KASAN mm/filemap: generic_file_read_iter(): check for zero reads unconditionally kasan: test fix: warn if the UAF could not be detected in kmalloc_uaf2 mm, kasan: stackdepot implementation. Enable stackdepot for SLAB arch, ftrace: for KASAN put hard/soft IRQ entries into separate sections mm, kasan: add GFP flags to KASAN API mm, kasan: SLAB support kasan: modify kmalloc_large_oob_right(), add kmalloc_pagealloc_oob_right() ...
show more ...
|
Revision tags: v4.6-rc1 |
|
#
c78a85a8 |
| 20-Mar-2016 |
David S. Miller <davem@davemloft.net> |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux
|
#
bb7aeae3 |
| 17-Mar-2016 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer updates from James Morris: "There are a bunch of fixes to the TPM, IMA, and Keys code
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer updates from James Morris: "There are a bunch of fixes to the TPM, IMA, and Keys code, with minor fixes scattered across the subsystem.
IMA now requires signed policy, and that policy is also now measured and appraised"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (67 commits) X.509: Make algo identifiers text instead of enum akcipher: Move the RSA DER encoding check to the crypto layer crypto: Add hash param to pkcs1pad sign-file: fix build with CMS support disabled MAINTAINERS: update tpmdd urls MODSIGN: linux/string.h should be #included to get memcpy() certs: Fix misaligned data in extra certificate list X.509: Handle midnight alternative notation in GeneralizedTime X.509: Support leap seconds Handle ISO 8601 leap seconds and encodings of midnight in mktime64() X.509: Fix leap year handling again PKCS#7: fix unitialized boolean 'want' firmware: change kernel read fail to dev_dbg() KEYS: Use the symbol value for list size, updated by scripts/insert-sys-cert KEYS: Reserve an extra certificate symbol for inserting without recompiling modsign: hide openssl output in silent builds tpm_tis: fix build warning with tpm_tis_resume ima: require signed IMA policy ima: measure and appraise the IMA policy itself ima: load policy using path ...
show more ...
|
Revision tags: v4.5, v4.5-rc7 |
|
#
88a1b564 |
| 04-Mar-2016 |
James Morris <james.l.morris@oracle.com> |
Merge tag 'keys-next-20160303' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
|
#
d43de6c7 |
| 03-Mar-2016 |
David Howells <dhowells@redhat.com> |
akcipher: Move the RSA DER encoding check to the crypto layer
Move the RSA EMSA-PKCS1-v1_5 encoding from the asymmetric-key public_key subtype to the rsa crypto module's pkcs1pad template. This mea
akcipher: Move the RSA DER encoding check to the crypto layer
Move the RSA EMSA-PKCS1-v1_5 encoding from the asymmetric-key public_key subtype to the rsa crypto module's pkcs1pad template. This means that the public_key subtype no longer has any dependencies on public key type.
To make this work, the following changes have been made:
(1) The rsa pkcs1pad template is now used for RSA keys. This strips off the padding and returns just the message hash.
(2) In a previous patch, the pkcs1pad template gained an optional second parameter that, if given, specifies the hash used. We now give this, and pkcs1pad checks the encoded message E(M) for the EMSA-PKCS1-v1_5 encoding and verifies that the correct digest OID is present.
(3) The crypto driver in crypto/asymmetric_keys/rsa.c is now reduced to something that doesn't care about what the encryption actually does and and has been merged into public_key.c.
(4) CONFIG_PUBLIC_KEY_ALGO_RSA is gone. Module signing must set CONFIG_CRYPTO_RSA=y instead.
Thoughts:
(*) Should the encoding style (eg. raw, EMSA-PKCS1-v1_5) also be passed to the padding template? Should there be multiple padding templates registered that share most of the code?
Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.5-rc6 |
|
#
e5451c8f |
| 23-Feb-2016 |
Laxman Dewangan <ldewangan@nvidia.com> |
Merge remote-tracking branch 'linusw-gpio/for-next' into devm_gpiochip
Base for demv_gpiochip_add_data() and devm_gpiochip_remove().
|
Revision tags: v4.5-rc5, v4.5-rc4, v4.5-rc3 |
|
#
db6c43bd |
| 02-Feb-2016 |
Tadeusz Struk <tadeusz.struk@intel.com> |
crypto: KEYS: convert public key and digsig asym to the akcipher api
This patch converts the module verification code to the new akcipher API.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
crypto: KEYS: convert public key and digsig asym to the akcipher api
This patch converts the module verification code to the new akcipher API.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David Howells <dhowells@redhat.com>
show more ...
|
#
f75516a8 |
| 09-Feb-2016 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: keys - Revert "convert public key to akcipher api"
This needs to go through the security tree so I'm reverting the patches for now.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
57f96bba |
| 02-Feb-2016 |
Tadeusz Struk <tadeusz.struk@intel.com> |
crypto: asymmetric_keys - convert public key and digsig asym to the akcipher api
This patch converts the module verification code to the new akcipher API.
Signed-off-by: Tadeusz Struk <tadeusz.stru
crypto: asymmetric_keys - convert public key and digsig asym to the akcipher api
This patch converts the module verification code to the new akcipher API.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.5-rc2, v4.5-rc1, v4.4, v4.4-rc8, v4.4-rc7, v4.4-rc6, v4.4-rc5, v4.4-rc4, v4.4-rc3, v4.4-rc2, v4.4-rc1, v4.3, v4.3-rc7, v4.3-rc6, v4.3-rc5, v4.3-rc4, v4.3-rc3, v4.3-rc2, v4.3-rc1, v4.2, v4.2-rc8, v4.2-rc7, v4.2-rc6, v4.2-rc5, v4.2-rc4, v4.2-rc3, v4.2-rc2, v4.2-rc1, v4.1, v4.1-rc8, v4.1-rc7, v4.1-rc6, v4.1-rc5, v4.1-rc4, v4.1-rc3, v4.1-rc2, v4.1-rc1, v4.0, v4.0-rc7, v4.0-rc6, v4.0-rc5, v4.0-rc4, v4.0-rc3, v4.0-rc2, v4.0-rc1, v3.19, v3.19-rc7, v3.19-rc6, v3.19-rc5, v3.19-rc4, v3.19-rc3, v3.19-rc2, v3.19-rc1, v3.18, v3.18-rc7, v3.18-rc6, v3.18-rc5 |
|
#
890ca861 |
| 12-Nov-2014 |
Ingo Molnar <mingo@kernel.org> |
Merge tag 'v3.18-rc4' into x86/cleanups, to refresh the tree before pulling new changes.
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
Revision tags: v3.18-rc4, v3.18-rc3, v3.18-rc2, v3.18-rc1, v3.17 |
|
#
447a8b85 |
| 03-Oct-2014 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge branch 'next' into for-linus
Prepare first round of input updates for 3.18.
|
Revision tags: v3.17-rc7, v3.17-rc6, v3.17-rc5 |
|
#
db985cbd |
| 14-Sep-2014 |
Thomas Gleixner <tglx@linutronix.de> |
Merge tag 'irqchip-core-3.18' of git://git.infradead.org/users/jcooper/linux into irq/core
irqchip core changes for v3.18
- renesas: suspend to RAM, runtime PM, cleanups and DT binding docs - key
Merge tag 'irqchip-core-3.18' of git://git.infradead.org/users/jcooper/linux into irq/core
irqchip core changes for v3.18
- renesas: suspend to RAM, runtime PM, cleanups and DT binding docs - keystone: add new driver - hip04: add Hisilicon HiP04 driver (without touching irq-gic.c) - gic: Use defines instead of magic number, preserve v2 bybass bits - handle_domain_irq: common low level interrupt entry handler
show more ...
|
#
336879b1 |
| 11-Sep-2014 |
Daniel Vetter <daniel.vetter@ffwll.ch> |
Merge remote-tracking branch 'airlied/drm-next' into topic/vblank-rework
Dave asked me to do the backmerge before sending him the revised pull request, so here we go. Nothing fancy in the conflicts,
Merge remote-tracking branch 'airlied/drm-next' into topic/vblank-rework
Dave asked me to do the backmerge before sending him the revised pull request, so here we go. Nothing fancy in the conflicts, just a few things changed right next to each another.
Conflicts: drivers/gpu/drm/drm_irq.c
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
show more ...
|
#
e2627dce |
| 08-Sep-2014 |
Ingo Molnar <mingo@kernel.org> |
Merge tag 'v3.17-rc4' into sched/core, to prevent conflicts with upcoming patches, and to refresh the tree
Linux 3.17-rc4
|
Revision tags: v3.17-rc4 |
|
#
516d5f8b |
| 04-Sep-2014 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v3.17-rc3' into next
Sync with mainline to bring in Chrome EC changes.
|
#
05244d16 |
| 03-Sep-2014 |
Takashi Iwai <tiwai@suse.de> |
Merge tag 'asoc-v3.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v3.17
A few more driver specific fixes on top of the currently pending fixes
Merge tag 'asoc-v3.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v3.17
A few more driver specific fixes on top of the currently pending fixes (which are already in your tree but not Linus').
show more ...
|
Revision tags: v3.17-rc3, v3.17-rc2 |
|
#
83bc90e1 |
| 24-Aug-2014 |
Ingo Molnar <mingo@kernel.org> |
Merge branch 'linus' into perf/core, to fix conflicts
Conflicts: arch/x86/kernel/cpu/perf_event_intel_uncore*.c
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
80b304fd |
| 22-Aug-2014 |
Ingo Molnar <mingo@kernel.org> |
Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/urgent
Pull EFI fixes from Matt Fleming:
* WARN_ON(!spin_is_locked()) always triggers on non-SMP machi
Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/urgent
Pull EFI fixes from Matt Fleming:
* WARN_ON(!spin_is_locked()) always triggers on non-SMP machines. Swap it for the more canonical lockdep_assert_held() which always does the right thing - Guenter Roeck
* Assign the correct value to efi.runtime_version on arm64 so that all the runtime services can be invoked - Semen Protsenko
Signed-off-by: Ingo Molnar <mingo@kernel.org>
show more ...
|
#
2871f352 |
| 21-Aug-2014 |
Mauro Carvalho Chehab <m.chehab@samsung.com> |
Merge tag 'v3.17-rc1' into patchwork
Linux 3.17-rc1
|
#
5b49ab3e |
| 19-Aug-2014 |
Brian Norris <computersforpeace@gmail.com> |
Merge l2-mtd/next into l2-mtd/master
|
Revision tags: v3.17-rc1 |
|
#
bb2cbf5e |
| 06-Aug-2014 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "In this release:
- PKCS#7 parser for the key mana
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "In this release:
- PKCS#7 parser for the key management subsystem from David Howells - appoint Kees Cook as seccomp maintainer - bugfixes and general maintenance across the subsystem"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (94 commits) X.509: Need to export x509_request_asymmetric_key() netlabel: shorter names for the NetLabel catmap funcs/structs netlabel: fix the catmap walking functions netlabel: fix the horribly broken catmap functions netlabel: fix a problem when setting bits below the previously lowest bit PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1 tpm: simplify code by using %*phN specifier tpm: Provide a generic means to override the chip returned timeouts tpm: missing tpm_chip_put in tpm_get_random() tpm: Properly clean sysfs entries in error path tpm: Add missing tpm_do_selftest to ST33 I2C driver PKCS#7: Use x509_request_asymmetric_key() Revert "selinux: fix the default socket labeling in sock_graft()" X.509: x509_request_asymmetric_keys() doesn't need string length arguments PKCS#7: fix sparse non static symbol warning KEYS: revert encrypted key change ima: add support for measuring and appraising firmware firmware_class: perform new LSM checks security: introduce kernel_fw_from_file hook PKCS#7: Missing inclusion of linux/err.h ...
show more ...
|
Revision tags: v3.16, v3.16-rc7 |
|
#
4ca332e1 |
| 24-Jul-2014 |
James Morris <james.l.morris@oracle.com> |
Merge tag 'keys-next-20140722' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
|
#
633706a2 |
| 22-Jul-2014 |
David Howells <dhowells@redhat.com> |
Merge branch 'keys-fixes' into keys-next
Signed-off-by: David Howells <dhowells@redhat.com>
|
#
6204e002 |
| 22-Jul-2014 |
David Howells <dhowells@redhat.com> |
Merge tag 'keys-pefile-20140709' into keys-next
Here's a set of changes that implement a PE file signature checker.
This provides the following facility:
(1) Extract the signature from the PE fil
Merge tag 'keys-pefile-20140709' into keys-next
Here's a set of changes that implement a PE file signature checker.
This provides the following facility:
(1) Extract the signature from the PE file. This is a PKCS#7 message containing, as its data, a hash of the signed parts of the file.
(2) Digest the signed parts of the file.
(3) Compare the digest with the one from the PKCS#7 message.
(4) Validate the signatures on the PKCS#7 message and indicate whether it was matched by a trusted key.
Signed-off-by: David Howells <dhowells@redhat.com>
show more ...
|
#
1ca72c96 |
| 22-Jul-2014 |
David Howells <dhowells@redhat.com> |
Merge tag 'keys-pkcs7-20140708' into keys-next
Here's a set of changes that implement a PKCS#7 message parser in the kernel.
The PKCS#7 message parsing will then be used to limit kexec to authentic
Merge tag 'keys-pkcs7-20140708' into keys-next
Here's a set of changes that implement a PKCS#7 message parser in the kernel.
The PKCS#7 message parsing will then be used to limit kexec to authenticated kernels only if so configured.
The changes provide the following facilities:
(1) Parse an ASN.1 PKCS#7 message and pick out useful bits such as the data content and the X.509 certificates used to sign it and all the data signatures.
(2) Verify all the data signatures against the set of X.509 certificates available in the message.
(3) Follow the certificate chains and verify that:
(a) for every self-signed X.509 certificate, check that it validly signed itself, and:
(b) for every non-self-signed certificate, if we have a 'parent' certificate, the former is validly signed by the latter.
(4) Look for intersections between the certificate chains and the trusted keyring, if any intersections are found, verify that the trusted certificates signed the intersection point in the chain.
(5) For testing purposes, a key type can be made available that will take a PKCS#7 message, check that the message is trustworthy, and if so, add its data content into the key.
Note that (5) has to be altered to take account of the preparsing patches already committed to this branch.
Signed-off-by: David Howells <dhowells@redhat.com>
show more ...
|