| #
4e8ae72a |
| 03-Mar-2016 |
David Howells <dhowells@redhat.com> |
X.509: Make algo identifiers text instead of enum
Make the identifier public key and digest algorithm fields text instead of
enum.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Herbe
X.509: Make algo identifiers text instead of enum
Make the identifier public key and digest algorithm fields text instead of
enum.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
| #
d43de6c7 |
| 03-Mar-2016 |
David Howells <dhowells@redhat.com> |
akcipher: Move the RSA DER encoding check to the crypto layer
Move the RSA EMSA-PKCS1-v1_5 encoding from the asymmetric-key public_key
subtype to the rsa crypto module's pkcs1pad template. This mea
akcipher: Move the RSA DER encoding check to the crypto layer
Move the RSA EMSA-PKCS1-v1_5 encoding from the asymmetric-key public_key
subtype to the rsa crypto module's pkcs1pad template. This means that the
public_key subtype no longer has any dependencies on public key type.
To make this work, the following changes have been made:
(1) The rsa pkcs1pad template is now used for RSA keys. This strips off the
padding and returns just the message hash.
(2) In a previous patch, the pkcs1pad template gained an optional second
parameter that, if given, specifies the hash used. We now give this,
and pkcs1pad checks the encoded message E(M) for the EMSA-PKCS1-v1_5
encoding and verifies that the correct digest OID is present.
(3) The crypto driver in crypto/asymmetric_keys/rsa.c is now reduced to
something that doesn't care about what the encryption actually does
and and has been merged into public_key.c.
(4) CONFIG_PUBLIC_KEY_ALGO_RSA is gone. Module signing must set
CONFIG_CRYPTO_RSA=y instead.
Thoughts:
(*) Should the encoding style (eg. raw, EMSA-PKCS1-v1_5) also be passed to
the padding template? Should there be multiple padding templates
registered that share most of the code?
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
| #
79e24da0 |
| 02-Mar-2016 |
Mark Brown <broonie@kernel.org> |
Merge branch 'topic/update-bits' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap into asoc-rcar
|
|
Revision tags: v4.5-rc6 |
|
| #
e5451c8f |
| 23-Feb-2016 |
Laxman Dewangan <ldewangan@nvidia.com> |
Merge remote-tracking branch 'linusw-gpio/for-next' into devm_gpiochip
Base for demv_gpiochip_add_data() and devm_gpiochip_remove().
|
| #
8174b35f |
| 22-Feb-2016 |
Mark Brown <broonie@kernel.org> |
Merge tag 'v4.5-rc5' into asoc-mtk
Linux 4.5-rc5
|
|
Revision tags: v4.5-rc5, v4.5-rc4, v4.5-rc3 |
|
| #
eb5798f2 |
| 02-Feb-2016 |
Tadeusz Struk <tadeusz.struk@intel.com> |
integrity: convert digsig to akcipher api
Convert asymmetric_verify to akcipher api.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed
integrity: convert digsig to akcipher api
Convert asymmetric_verify to akcipher api.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David Howells <dhowells@redhat.com>
show more ...
|
| #
05fd934b |
| 12-Feb-2016 |
Daniel Vetter <daniel.vetter@ffwll.ch> |
Merge tag 'topic/drm-misc-2016-02-12' into drm-intel-next-queued
Backmerge to get at the new encoder_mask support in atomic helpers.
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
|
| #
fcdcc796 |
| 09-Feb-2016 |
Mark Brown <broonie@kernel.org> |
Merge branch 'topic/acpi' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi into spi-pxa2xx
|
| #
f75516a8 |
| 09-Feb-2016 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: keys - Revert "convert public key to akcipher api"
This needs to go through the security tree so I'm reverting the
patches for now.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| #
b349e9a9 |
| 08-Feb-2016 |
Ingo Molnar <mingo@kernel.org> |
Merge branch 'x86/urgent' into x86/mm, to pick up dependent fix
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
| #
42bbaabb |
| 02-Feb-2016 |
Tadeusz Struk <tadeusz.struk@intel.com> |
integrity: convert digsig to akcipher api
Convert asymmetric_verify to akcipher api.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| #
03e075b3 |
| 03-Feb-2016 |
Ingo Molnar <mingo@kernel.org> |
Merge branch 'linus' into efi/core, to refresh the branch and to pick up recent fixes
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
|
Revision tags: v4.5-rc2 |
|
| #
76b36fa8 |
| 29-Jan-2016 |
Ingo Molnar <mingo@kernel.org> |
Merge tag 'v4.5-rc1' into x86/asm, to refresh the branch before merging new changes
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
| #
7e3b1207 |
| 25-Jan-2016 |
Tony Lindgren <tony@atomide.com> |
Merge branch 'enable-devices' into omap-for-v4.5/fixes
|
| #
34bbea91 |
| 25-Jan-2016 |
Mauro Carvalho Chehab <mchehab@osg.samsung.com> |
Merge tag 'v4.5-rc1' into patchwork
Linux 4.5-rc1
* tag 'v4.5-rc1': (11309 commits)
Linux 4.5-rc1
ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list
MAINTAINERS: Combine multiple te
Merge tag 'v4.5-rc1' into patchwork
Linux 4.5-rc1
* tag 'v4.5-rc1': (11309 commits)
Linux 4.5-rc1
ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list
MAINTAINERS: Combine multiple telemetry entries
intel_telemetry_debugfs: Fix unused warnings in telemetry debugfs
vmstat: Remove BUG_ON from vmstat_update
MIPS: zboot: Add support for serial debug using the PROM
MIPS: zboot: Avoid useless rebuilds
MIPS: BMIPS: Enable ARCH_WANT_OPTIONAL_GPIOLIB
MIPS: bcm63xx: nvram: Remove unused bcm63xx_nvram_get_psi_size() function
MIPS: bcm963xx: Update bcm_tag field image_sequence
MIPS: bcm963xx: Move extended flash address to bcm_tag header file
MIPS: bcm963xx: Move Broadcom BCM963xx image tag data structure
MIPS: bcm63xx: nvram: Use nvram structure definition from header file
MIPS: bcm963xx: Add Broadcom BCM963xx board nvram data structure
MAINTAINERS: Add KVM for MIPS entry
MIPS: KVM: Add missing newline to kvm_err()
MIPS: Move KVM specific opcodes into asm/inst.h
MIPS: KVM: Use cacheops.h definitions
MIPS: Break down cacheops.h definitions
MIPS: Use EXCCODE_ constants with set_except_vector()
...
show more ...
|
| #
b45efa30 |
| 02-Feb-2016 |
David S. Miller <davem@davemloft.net> |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
|
|
Revision tags: v4.5-rc1 |
|
| #
5807fcaa |
| 18-Jan-2016 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
- EVM gains support for loading an x509 cert fro
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
- EVM gains support for loading an x509 cert from the kernel
(EVM_LOAD_X509), into the EVM trusted kernel keyring.
- Smack implements 'file receive' process-based permission checking for
sockets, rather than just depending on inode checks.
- Misc enhancments for TPM & TPM2.
- Cleanups and bugfixes for SELinux, Keys, and IMA.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (41 commits)
selinux: Inode label revalidation performance fix
KEYS: refcount bug fix
ima: ima_write_policy() limit locking
IMA: policy can be updated zero times
selinux: rate-limit netlink message warnings in selinux_nlmsg_perm()
selinux: export validatetrans decisions
gfs2: Invalid security labels of inodes when they go invalid
selinux: Revalidate invalid inode security labels
security: Add hook to invalidate inode security labels
selinux: Add accessor functions for inode->i_security
security: Make inode argument of inode_getsecid non-const
security: Make inode argument of inode_getsecurity non-const
selinux: Remove unused variable in selinux_inode_init_security
keys, trusted: seal with a TPM2 authorization policy
keys, trusted: select hash algorithm for TPM2 chips
keys, trusted: fix: *do not* allow duplicate key options
tpm_ibmvtpm: properly handle interrupted packet receptions
tpm_tis: Tighten IRQ auto-probing
tpm_tis: Refactor the interrupt setup
tpm_tis: Get rid of the duplicate IRQ probing code
...
show more ...
|
|
Revision tags: v4.4, v4.4-rc8, v4.4-rc7 |
|
| #
3cb92fe4 |
| 26-Dec-2015 |
James Morris <james.l.morris@oracle.com> |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next
|
|
Revision tags: v4.4-rc6, v4.4-rc5, v4.4-rc4 |
|
| #
41c89b64 |
| 02-Dec-2015 |
Petko Manolov <petkan@mip-labs.com> |
IMA: create machine owner and blacklist keyrings
This option creates IMA MOK and blacklist keyrings. IMA MOK is an
intermediate keyring that sits between .system and .ima keyrings,
effectively form
IMA: create machine owner and blacklist keyrings
This option creates IMA MOK and blacklist keyrings. IMA MOK is an
intermediate keyring that sits between .system and .ima keyrings,
effectively forming a simple CA hierarchy. To successfully import a key
into .ima_mok it must be signed by a key which CA is in .system keyring.
On turn any key that needs to go in .ima keyring must be signed by CA in
either .system or .ima_mok keyrings. IMA MOK is empty at kernel boot.
IMA blacklist keyring contains all revoked IMA keys. It is consulted
before any other keyring. If the search is successful the requested
operation is rejected and error is returned to the caller.
Signed-off-by: Petko Manolov <petkan@mip-labs.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
show more ...
|
|
Revision tags: v4.4-rc3, v4.4-rc2, v4.4-rc1, v4.3, v4.3-rc7, v4.3-rc6, v4.3-rc5, v4.3-rc4, v4.3-rc3, v4.3-rc2, v4.3-rc1, v4.2, v4.2-rc8, v4.2-rc7, v4.2-rc6, v4.2-rc5, v4.2-rc4, v4.2-rc3, v4.2-rc2, v4.2-rc1, v4.1, v4.1-rc8, v4.1-rc7, v4.1-rc6, v4.1-rc5, v4.1-rc4, v4.1-rc3, v4.1-rc2, v4.1-rc1, v4.0, v4.0-rc7, v4.0-rc6, v4.0-rc5, v4.0-rc4, v4.0-rc3, v4.0-rc2, v4.0-rc1 |
|
| #
4ba24fef |
| 10-Feb-2015 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge branch 'next' into for-linus
Prepare first round of input updates for 3.20.
|
|
Revision tags: v3.19, v3.19-rc7, v3.19-rc6, v3.19-rc5 |
|
| #
0c49cd29 |
| 15-Jan-2015 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v3.19-rc4' into next
Merge with mainline to bring in the latest thermal and other changes.
|
|
Revision tags: v3.19-rc4, v3.19-rc3, v3.19-rc2, v3.19-rc1, v3.18, v3.18-rc7, v3.18-rc6 |
|
| #
aeb8f932 |
| 23-Nov-2014 |
Emmanuel Grumbach <emmanuel.grumbach@intel.com> |
Merge remote-tracking branch 'wireless-next/master' into iwlwifi-next
|
| #
a0200108 |
| 20-Nov-2014 |
Jiri Kosina <jkosina@suse.cz> |
Merge Linus' tree to be be to apply submitted patches to newer code than
current trivial.git base
|
| #
760a52e8 |
| 18-Nov-2014 |
Johannes Berg <johannes.berg@intel.com> |
Merge remote-tracking branch 'wireless-next/master' into mac80211-next
This brings in some mwifiex changes that further patches will
need to work on top to not cause merge conflicts.
Signed-off-by:
Merge remote-tracking branch 'wireless-next/master' into mac80211-next
This brings in some mwifiex changes that further patches will
need to work on top to not cause merge conflicts.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
|
Revision tags: v3.18-rc5 |
|
| #
890ca861 |
| 12-Nov-2014 |
Ingo Molnar <mingo@kernel.org> |
Merge tag 'v3.18-rc4' into x86/cleanups, to refresh the tree before pulling new changes.
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|