#
4e8ae72a |
| 03-Mar-2016 |
David Howells <dhowells@redhat.com> |
X.509: Make algo identifiers text instead of enum
Make the identifier public key and digest algorithm fields text instead of enum.
Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Herbe
X.509: Make algo identifiers text instead of enum
Make the identifier public key and digest algorithm fields text instead of enum.
Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
d43de6c7 |
| 03-Mar-2016 |
David Howells <dhowells@redhat.com> |
akcipher: Move the RSA DER encoding check to the crypto layer
Move the RSA EMSA-PKCS1-v1_5 encoding from the asymmetric-key public_key subtype to the rsa crypto module's pkcs1pad template. This mea
akcipher: Move the RSA DER encoding check to the crypto layer
Move the RSA EMSA-PKCS1-v1_5 encoding from the asymmetric-key public_key subtype to the rsa crypto module's pkcs1pad template. This means that the public_key subtype no longer has any dependencies on public key type.
To make this work, the following changes have been made:
(1) The rsa pkcs1pad template is now used for RSA keys. This strips off the padding and returns just the message hash.
(2) In a previous patch, the pkcs1pad template gained an optional second parameter that, if given, specifies the hash used. We now give this, and pkcs1pad checks the encoded message E(M) for the EMSA-PKCS1-v1_5 encoding and verifies that the correct digest OID is present.
(3) The crypto driver in crypto/asymmetric_keys/rsa.c is now reduced to something that doesn't care about what the encryption actually does and and has been merged into public_key.c.
(4) CONFIG_PUBLIC_KEY_ALGO_RSA is gone. Module signing must set CONFIG_CRYPTO_RSA=y instead.
Thoughts:
(*) Should the encoding style (eg. raw, EMSA-PKCS1-v1_5) also be passed to the padding template? Should there be multiple padding templates registered that share most of the code?
Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
79e24da0 |
| 02-Mar-2016 |
Mark Brown <broonie@kernel.org> |
Merge branch 'topic/update-bits' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap into asoc-rcar
|
Revision tags: v4.5-rc6 |
|
#
e5451c8f |
| 23-Feb-2016 |
Laxman Dewangan <ldewangan@nvidia.com> |
Merge remote-tracking branch 'linusw-gpio/for-next' into devm_gpiochip
Base for demv_gpiochip_add_data() and devm_gpiochip_remove().
|
#
8174b35f |
| 22-Feb-2016 |
Mark Brown <broonie@kernel.org> |
Merge tag 'v4.5-rc5' into asoc-mtk
Linux 4.5-rc5
|
Revision tags: v4.5-rc5, v4.5-rc4, v4.5-rc3 |
|
#
eb5798f2 |
| 02-Feb-2016 |
Tadeusz Struk <tadeusz.struk@intel.com> |
integrity: convert digsig to akcipher api
Convert asymmetric_verify to akcipher api.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed
integrity: convert digsig to akcipher api
Convert asymmetric_verify to akcipher api.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David Howells <dhowells@redhat.com>
show more ...
|
#
05fd934b |
| 12-Feb-2016 |
Daniel Vetter <daniel.vetter@ffwll.ch> |
Merge tag 'topic/drm-misc-2016-02-12' into drm-intel-next-queued
Backmerge to get at the new encoder_mask support in atomic helpers.
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
|
#
fcdcc796 |
| 09-Feb-2016 |
Mark Brown <broonie@kernel.org> |
Merge branch 'topic/acpi' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi into spi-pxa2xx
|
#
f75516a8 |
| 09-Feb-2016 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: keys - Revert "convert public key to akcipher api"
This needs to go through the security tree so I'm reverting the patches for now.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
b349e9a9 |
| 08-Feb-2016 |
Ingo Molnar <mingo@kernel.org> |
Merge branch 'x86/urgent' into x86/mm, to pick up dependent fix
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
42bbaabb |
| 02-Feb-2016 |
Tadeusz Struk <tadeusz.struk@intel.com> |
integrity: convert digsig to akcipher api
Convert asymmetric_verify to akcipher api.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
03e075b3 |
| 03-Feb-2016 |
Ingo Molnar <mingo@kernel.org> |
Merge branch 'linus' into efi/core, to refresh the branch and to pick up recent fixes
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
Revision tags: v4.5-rc2 |
|
#
76b36fa8 |
| 29-Jan-2016 |
Ingo Molnar <mingo@kernel.org> |
Merge tag 'v4.5-rc1' into x86/asm, to refresh the branch before merging new changes
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
7e3b1207 |
| 25-Jan-2016 |
Tony Lindgren <tony@atomide.com> |
Merge branch 'enable-devices' into omap-for-v4.5/fixes
|
#
34bbea91 |
| 25-Jan-2016 |
Mauro Carvalho Chehab <mchehab@osg.samsung.com> |
Merge tag 'v4.5-rc1' into patchwork
Linux 4.5-rc1
* tag 'v4.5-rc1': (11309 commits) Linux 4.5-rc1 ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list MAINTAINERS: Combine multiple te
Merge tag 'v4.5-rc1' into patchwork
Linux 4.5-rc1
* tag 'v4.5-rc1': (11309 commits) Linux 4.5-rc1 ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list MAINTAINERS: Combine multiple telemetry entries intel_telemetry_debugfs: Fix unused warnings in telemetry debugfs vmstat: Remove BUG_ON from vmstat_update MIPS: zboot: Add support for serial debug using the PROM MIPS: zboot: Avoid useless rebuilds MIPS: BMIPS: Enable ARCH_WANT_OPTIONAL_GPIOLIB MIPS: bcm63xx: nvram: Remove unused bcm63xx_nvram_get_psi_size() function MIPS: bcm963xx: Update bcm_tag field image_sequence MIPS: bcm963xx: Move extended flash address to bcm_tag header file MIPS: bcm963xx: Move Broadcom BCM963xx image tag data structure MIPS: bcm63xx: nvram: Use nvram structure definition from header file MIPS: bcm963xx: Add Broadcom BCM963xx board nvram data structure MAINTAINERS: Add KVM for MIPS entry MIPS: KVM: Add missing newline to kvm_err() MIPS: Move KVM specific opcodes into asm/inst.h MIPS: KVM: Use cacheops.h definitions MIPS: Break down cacheops.h definitions MIPS: Use EXCCODE_ constants with set_except_vector() ...
show more ...
|
#
b45efa30 |
| 02-Feb-2016 |
David S. Miller <davem@davemloft.net> |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
|
Revision tags: v4.5-rc1 |
|
#
5807fcaa |
| 18-Jan-2016 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
- EVM gains support for loading an x509 cert fro
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
- EVM gains support for loading an x509 cert from the kernel (EVM_LOAD_X509), into the EVM trusted kernel keyring.
- Smack implements 'file receive' process-based permission checking for sockets, rather than just depending on inode checks.
- Misc enhancments for TPM & TPM2.
- Cleanups and bugfixes for SELinux, Keys, and IMA.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (41 commits) selinux: Inode label revalidation performance fix KEYS: refcount bug fix ima: ima_write_policy() limit locking IMA: policy can be updated zero times selinux: rate-limit netlink message warnings in selinux_nlmsg_perm() selinux: export validatetrans decisions gfs2: Invalid security labels of inodes when they go invalid selinux: Revalidate invalid inode security labels security: Add hook to invalidate inode security labels selinux: Add accessor functions for inode->i_security security: Make inode argument of inode_getsecid non-const security: Make inode argument of inode_getsecurity non-const selinux: Remove unused variable in selinux_inode_init_security keys, trusted: seal with a TPM2 authorization policy keys, trusted: select hash algorithm for TPM2 chips keys, trusted: fix: *do not* allow duplicate key options tpm_ibmvtpm: properly handle interrupted packet receptions tpm_tis: Tighten IRQ auto-probing tpm_tis: Refactor the interrupt setup tpm_tis: Get rid of the duplicate IRQ probing code ...
show more ...
|
Revision tags: v4.4, v4.4-rc8, v4.4-rc7 |
|
#
3cb92fe4 |
| 26-Dec-2015 |
James Morris <james.l.morris@oracle.com> |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next
|
Revision tags: v4.4-rc6, v4.4-rc5, v4.4-rc4 |
|
#
41c89b64 |
| 02-Dec-2015 |
Petko Manolov <petkan@mip-labs.com> |
IMA: create machine owner and blacklist keyrings
This option creates IMA MOK and blacklist keyrings. IMA MOK is an intermediate keyring that sits between .system and .ima keyrings, effectively form
IMA: create machine owner and blacklist keyrings
This option creates IMA MOK and blacklist keyrings. IMA MOK is an intermediate keyring that sits between .system and .ima keyrings, effectively forming a simple CA hierarchy. To successfully import a key into .ima_mok it must be signed by a key which CA is in .system keyring. On turn any key that needs to go in .ima keyring must be signed by CA in either .system or .ima_mok keyrings. IMA MOK is empty at kernel boot.
IMA blacklist keyring contains all revoked IMA keys. It is consulted before any other keyring. If the search is successful the requested operation is rejected and error is returned to the caller.
Signed-off-by: Petko Manolov <petkan@mip-labs.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
show more ...
|
Revision tags: v4.4-rc3, v4.4-rc2, v4.4-rc1, v4.3, v4.3-rc7, v4.3-rc6, v4.3-rc5, v4.3-rc4, v4.3-rc3, v4.3-rc2, v4.3-rc1, v4.2, v4.2-rc8, v4.2-rc7, v4.2-rc6, v4.2-rc5, v4.2-rc4, v4.2-rc3, v4.2-rc2, v4.2-rc1, v4.1, v4.1-rc8, v4.1-rc7, v4.1-rc6, v4.1-rc5, v4.1-rc4, v4.1-rc3, v4.1-rc2, v4.1-rc1, v4.0, v4.0-rc7, v4.0-rc6, v4.0-rc5, v4.0-rc4, v4.0-rc3, v4.0-rc2, v4.0-rc1 |
|
#
4ba24fef |
| 10-Feb-2015 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge branch 'next' into for-linus
Prepare first round of input updates for 3.20.
|
Revision tags: v3.19, v3.19-rc7, v3.19-rc6, v3.19-rc5 |
|
#
0c49cd29 |
| 15-Jan-2015 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v3.19-rc4' into next
Merge with mainline to bring in the latest thermal and other changes.
|
Revision tags: v3.19-rc4, v3.19-rc3, v3.19-rc2, v3.19-rc1, v3.18, v3.18-rc7, v3.18-rc6 |
|
#
aeb8f932 |
| 23-Nov-2014 |
Emmanuel Grumbach <emmanuel.grumbach@intel.com> |
Merge remote-tracking branch 'wireless-next/master' into iwlwifi-next
|
#
a0200108 |
| 20-Nov-2014 |
Jiri Kosina <jkosina@suse.cz> |
Merge Linus' tree to be be to apply submitted patches to newer code than current trivial.git base
|
#
760a52e8 |
| 18-Nov-2014 |
Johannes Berg <johannes.berg@intel.com> |
Merge remote-tracking branch 'wireless-next/master' into mac80211-next
This brings in some mwifiex changes that further patches will need to work on top to not cause merge conflicts.
Signed-off-by:
Merge remote-tracking branch 'wireless-next/master' into mac80211-next
This brings in some mwifiex changes that further patches will need to work on top to not cause merge conflicts.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
Revision tags: v3.18-rc5 |
|
#
890ca861 |
| 12-Nov-2014 |
Ingo Molnar <mingo@kernel.org> |
Merge tag 'v3.18-rc4' into x86/cleanups, to refresh the tree before pulling new changes.
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|