* [PATCH 0/9] keys: Miscellaneous fixes
@ 2020-11-27 16:45 David Howells
2020-11-27 16:45 ` [PATCH 1/9] security: keys: Fix fall-through warnings for Clang David Howells
` (10 more replies)
0 siblings, 11 replies; 13+ messages in thread
From: David Howells @ 2020-11-27 16:45 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: James Morris, Krzysztof Kozlowski, Jarkko Sakkinen, Jann Horn,
Gabriel Krisman Bertazi, Jarkko Sakkinen, Alexander A. Klimov,
Ben Boeckel, linux-security-module, Denis Efremov, keyrings,
Gustavo A. R. Silva, Randy Dunlap, Tom Rix, Serge E. Hallyn,
dhowells, keyrings, linux-kernel
Hi Jarkko,
I've collected together a bunch of minor keyrings fixes, but I'm not sure
there's anything that can't wait for the next merge window.
The patches can be found on the following branch:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
David
---
Alexander A. Klimov (1):
encrypted-keys: Replace HTTP links with HTTPS ones
Denis Efremov (1):
security/keys: use kvfree_sensitive()
Gabriel Krisman Bertazi (1):
watch_queue: Drop references to /dev/watch_queue
Gustavo A. R. Silva (1):
security: keys: Fix fall-through warnings for Clang
Jann Horn (1):
keys: Remove outdated __user annotations
Krzysztof Kozlowski (1):
KEYS: asymmetric: Fix kerneldoc
Randy Dunlap (2):
security: keys: delete repeated words in comments
crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
Tom Rix (1):
KEYS: remove redundant memset
Documentation/security/keys/core.rst | 4 ++--
crypto/asymmetric_keys/asymmetric_type.c | 6 ++++--
crypto/asymmetric_keys/pkcs7_parser.h | 5 ++---
include/keys/encrypted-type.h | 2 +-
samples/Kconfig | 2 +-
samples/watch_queue/watch_test.c | 2 +-
security/keys/Kconfig | 8 ++++----
security/keys/big_key.c | 9 +++------
security/keys/keyctl.c | 2 +-
security/keys/keyctl_pkey.c | 2 --
security/keys/keyring.c | 10 +++++-----
11 files changed, 24 insertions(+), 28 deletions(-)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/9] security: keys: Fix fall-through warnings for Clang
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
@ 2020-11-27 16:45 ` David Howells
2020-11-27 16:45 ` [PATCH 2/9] keys: Remove outdated __user annotations David Howells
` (9 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2020-11-27 16:45 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: Gustavo A. R. Silva, Jarkko Sakkinen, dhowells, keyrings, linux-kernel
From: Gustavo A. R. Silva <gustavoars@kernel.org>
In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning
by explicitly adding a break statement instead of letting the code fall
through to the next case.
Link: https://github.com/KSPP/linux/issues/115
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
---
security/keys/process_keys.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 1fe8b934f656..e3d79a7b6db6 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -783,6 +783,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
if (need_perm != KEY_AUTHTOKEN_OVERRIDE &&
need_perm != KEY_DEFER_PERM_CHECK)
goto invalid_key;
+ break;
case 0:
break;
}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 2/9] keys: Remove outdated __user annotations
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
2020-11-27 16:45 ` [PATCH 1/9] security: keys: Fix fall-through warnings for Clang David Howells
@ 2020-11-27 16:45 ` David Howells
2020-11-27 16:45 ` [PATCH 3/9] watch_queue: Drop references to /dev/watch_queue David Howells
` (8 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2020-11-27 16:45 UTC (permalink / raw)
To: Jarkko Sakkinen; +Cc: Jann Horn, dhowells, keyrings, linux-kernel
From: Jann Horn <jannh@google.com>
When the semantics of the ->read() handlers were changed such that "buffer"
is a kernel pointer, some __user annotations survived.
Since they're wrong now, get rid of them.
Fixes: d3ec10aa9581 ("KEYS: Don't write out to userspace while holding key semaphore")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/keyring.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 14abfe765b7e..977066208387 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -452,7 +452,7 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m)
struct keyring_read_iterator_context {
size_t buflen;
size_t count;
- key_serial_t __user *buffer;
+ key_serial_t *buffer;
};
static int keyring_read_iterator(const void *object, void *data)
@@ -479,7 +479,7 @@ static int keyring_read_iterator(const void *object, void *data)
* times.
*/
static long keyring_read(const struct key *keyring,
- char __user *buffer, size_t buflen)
+ char *buffer, size_t buflen)
{
struct keyring_read_iterator_context ctx;
long ret;
@@ -491,7 +491,7 @@ static long keyring_read(const struct key *keyring,
/* Copy as many key IDs as fit into the buffer */
if (buffer && buflen) {
- ctx.buffer = (key_serial_t __user *)buffer;
+ ctx.buffer = (key_serial_t *)buffer;
ctx.buflen = buflen;
ctx.count = 0;
ret = assoc_array_iterate(&keyring->keys,
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 3/9] watch_queue: Drop references to /dev/watch_queue
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
2020-11-27 16:45 ` [PATCH 1/9] security: keys: Fix fall-through warnings for Clang David Howells
2020-11-27 16:45 ` [PATCH 2/9] keys: Remove outdated __user annotations David Howells
@ 2020-11-27 16:45 ` David Howells
2020-11-27 16:45 ` [PATCH 4/9] security/keys: use kvfree_sensitive() David Howells
` (7 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2020-11-27 16:45 UTC (permalink / raw)
To: Jarkko Sakkinen; +Cc: Gabriel Krisman Bertazi, dhowells, keyrings, linux-kernel
From: Gabriel Krisman Bertazi <krisman@collabora.com>
The merged API doesn't use a watch_queue device, but instead relies on
pipes, so let the documentation reflect that.
Fixes: f7e47677e39a ("watch_queue: Add a key/keyring notification facility")
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
Documentation/security/keys/core.rst | 4 ++--
samples/Kconfig | 2 +-
samples/watch_queue/watch_test.c | 2 +-
security/keys/Kconfig | 8 ++++----
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
index aa0081685ee1..b3ed5c581034 100644
--- a/Documentation/security/keys/core.rst
+++ b/Documentation/security/keys/core.rst
@@ -1040,8 +1040,8 @@ The keyctl syscall functions are:
"key" is the ID of the key to be watched.
- "queue_fd" is a file descriptor referring to an open "/dev/watch_queue"
- which manages the buffer into which notifications will be delivered.
+ "queue_fd" is a file descriptor referring to an open pipe which
+ manages the buffer into which notifications will be delivered.
"filter" is either NULL to remove a watch or a filter specification to
indicate what events are required from the key.
diff --git a/samples/Kconfig b/samples/Kconfig
index 0ed6e4d71d87..e76cdfc50e25 100644
--- a/samples/Kconfig
+++ b/samples/Kconfig
@@ -210,7 +210,7 @@ config SAMPLE_WATCHDOG
depends on CC_CAN_LINK
config SAMPLE_WATCH_QUEUE
- bool "Build example /dev/watch_queue notification consumer"
+ bool "Build example watch_queue notification API consumer"
depends on CC_CAN_LINK && HEADERS_INSTALL
help
Build example userspace program to use the new mount_notify(),
diff --git a/samples/watch_queue/watch_test.c b/samples/watch_queue/watch_test.c
index 46e618a897fe..8c6cb57d5cfc 100644
--- a/samples/watch_queue/watch_test.c
+++ b/samples/watch_queue/watch_test.c
@@ -1,5 +1,5 @@
// SPDX-License-Identifier: GPL-2.0
-/* Use /dev/watch_queue to watch for notifications.
+/* Use watch_queue API to watch for notifications.
*
* Copyright (C) 2020 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index 83bc23409164..c161642a8484 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -119,7 +119,7 @@ config KEY_NOTIFICATIONS
bool "Provide key/keyring change notifications"
depends on KEYS && WATCH_QUEUE
help
- This option provides support for getting change notifications on keys
- and keyrings on which the caller has View permission. This makes use
- of the /dev/watch_queue misc device to handle the notification
- buffer and provides KEYCTL_WATCH_KEY to enable/disable watches.
+ This option provides support for getting change notifications
+ on keys and keyrings on which the caller has View permission.
+ This makes use of pipes to handle the notification buffer and
+ provides KEYCTL_WATCH_KEY to enable/disable watches.
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 4/9] security/keys: use kvfree_sensitive()
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
` (2 preceding siblings ...)
2020-11-27 16:45 ` [PATCH 3/9] watch_queue: Drop references to /dev/watch_queue David Howells
@ 2020-11-27 16:45 ` David Howells
2020-11-27 16:46 ` [PATCH 5/9] KEYS: asymmetric: Fix kerneldoc David Howells
` (6 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2020-11-27 16:45 UTC (permalink / raw)
To: Jarkko Sakkinen; +Cc: Denis Efremov, dhowells, keyrings, linux-kernel
From: Denis Efremov <efremov@linux.com>
Use kvfree_sensitive() instead of open-coding it.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
security/keys/big_key.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index 691347dea3c1..d17e5f09eeb8 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -121,8 +121,7 @@ int big_key_preparse(struct key_preparsed_payload *prep)
*path = file->f_path;
path_get(path);
fput(file);
- memzero_explicit(buf, enclen);
- kvfree(buf);
+ kvfree_sensitive(buf, enclen);
} else {
/* Just store the data in a buffer */
void *data = kmalloc(datalen, GFP_KERNEL);
@@ -140,8 +139,7 @@ int big_key_preparse(struct key_preparsed_payload *prep)
err_enckey:
kfree_sensitive(enckey);
error:
- memzero_explicit(buf, enclen);
- kvfree(buf);
+ kvfree_sensitive(buf, enclen);
return ret;
}
@@ -273,8 +271,7 @@ long big_key_read(const struct key *key, char *buffer, size_t buflen)
err_fput:
fput(file);
error:
- memzero_explicit(buf, enclen);
- kvfree(buf);
+ kvfree_sensitive(buf, enclen);
} else {
ret = datalen;
memcpy(buffer, key->payload.data[big_key_data], datalen);
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 5/9] KEYS: asymmetric: Fix kerneldoc
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
` (3 preceding siblings ...)
2020-11-27 16:45 ` [PATCH 4/9] security/keys: use kvfree_sensitive() David Howells
@ 2020-11-27 16:46 ` David Howells
2020-11-27 16:46 ` [PATCH 6/9] security: keys: delete repeated words in comments David Howells
` (5 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2020-11-27 16:46 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: Krzysztof Kozlowski, Randy Dunlap, Ben Boeckel, Jarkko Sakkinen,
dhowells, keyrings, linux-kernel
From: Krzysztof Kozlowski <krzk@kernel.org>
Fix W=1 compile warnings (invalid kerneldoc):
crypto/asymmetric_keys/asymmetric_type.c:160: warning: Function parameter or member 'kid1' not described in 'asymmetric_key_id_same'
crypto/asymmetric_keys/asymmetric_type.c:160: warning: Function parameter or member 'kid2' not described in 'asymmetric_key_id_same'
crypto/asymmetric_keys/asymmetric_type.c:160: warning: Excess function parameter 'kid_1' description in 'asymmetric_key_id_same'
crypto/asymmetric_keys/asymmetric_type.c:160: warning: Excess function parameter 'kid_2' description in 'asymmetric_key_id_same'
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Ben Boeckel <mathstuf@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
---
crypto/asymmetric_keys/asymmetric_type.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index 33e77d846caa..ad8af3d70ac0 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -152,7 +152,8 @@ EXPORT_SYMBOL_GPL(asymmetric_key_generate_id);
/**
* asymmetric_key_id_same - Return true if two asymmetric keys IDs are the same.
- * @kid_1, @kid_2: The key IDs to compare
+ * @kid1: The key ID to compare
+ * @kid2: The key ID to compare
*/
bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
const struct asymmetric_key_id *kid2)
@@ -168,7 +169,8 @@ EXPORT_SYMBOL_GPL(asymmetric_key_id_same);
/**
* asymmetric_key_id_partial - Return true if two asymmetric keys IDs
* partially match
- * @kid_1, @kid_2: The key IDs to compare
+ * @kid1: The key ID to compare
+ * @kid2: The key ID to compare
*/
bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
const struct asymmetric_key_id *kid2)
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 6/9] security: keys: delete repeated words in comments
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
` (4 preceding siblings ...)
2020-11-27 16:46 ` [PATCH 5/9] KEYS: asymmetric: Fix kerneldoc David Howells
@ 2020-11-27 16:46 ` David Howells
2020-11-27 16:46 ` [PATCH 7/9] KEYS: remove redundant memset David Howells
` (4 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2020-11-27 16:46 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: Randy Dunlap, keyrings, James Morris, Serge E. Hallyn,
linux-security-module, dhowells, keyrings, linux-kernel
From: Randy Dunlap <rdunlap@infradead.org>
Drop repeated words in comments.
{to, will, the}
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: keyrings@vger.kernel.org
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: linux-security-module@vger.kernel.org
---
security/keys/keyctl.c | 2 +-
security/keys/keyring.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 61a614c21b9b..96a92a645216 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -506,7 +506,7 @@ long keyctl_keyring_clear(key_serial_t ringid)
* keyring, otherwise replace the link to the matching key with a link to the
* new key.
*
- * The key must grant the caller Link permission and the the keyring must grant
+ * The key must grant the caller Link permission and the keyring must grant
* the caller Write permission. Furthermore, if an additional link is created,
* the keyring's quota will be extended.
*
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 977066208387..5e6a90760753 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -881,7 +881,7 @@ static bool search_nested_keyrings(struct key *keyring,
*
* Keys are matched to the type provided and are then filtered by the match
* function, which is given the description to use in any way it sees fit. The
- * match function may use any attributes of a key that it wishes to to
+ * match function may use any attributes of a key that it wishes to
* determine the match. Normally the match function from the key type would be
* used.
*
@@ -1204,7 +1204,7 @@ static int keyring_detect_cycle_iterator(const void *object,
}
/*
- * See if a cycle will will be created by inserting acyclic tree B in acyclic
+ * See if a cycle will be created by inserting acyclic tree B in acyclic
* tree A at the topmost level (ie: as a direct child of A).
*
* Since we are adding B to A at the top level, checking for cycles should just
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 7/9] KEYS: remove redundant memset
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
` (5 preceding siblings ...)
2020-11-27 16:46 ` [PATCH 6/9] security: keys: delete repeated words in comments David Howells
@ 2020-11-27 16:46 ` David Howells
2020-11-27 16:46 ` [PATCH 8/9] crypto: asymmetric_keys: fix some comments in pkcs7_parser.h David Howells
` (3 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2020-11-27 16:46 UTC (permalink / raw)
To: Jarkko Sakkinen; +Cc: Tom Rix, dhowells, keyrings, linux-kernel
From: Tom Rix <trix@redhat.com>
Reviewing use of memset in keyctrl_pkey.c
keyctl_pkey_params_get prologue code to set params up
memset(params, 0, sizeof(*params));
params->encoding = "raw";
keyctl_pkey_query has the same prologue
and calls keyctl_pkey_params_get.
So remove the prologue.
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/keyctl_pkey.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c
index 931d8dfb4a7f..5de0d599a274 100644
--- a/security/keys/keyctl_pkey.c
+++ b/security/keys/keyctl_pkey.c
@@ -166,8 +166,6 @@ long keyctl_pkey_query(key_serial_t id,
struct kernel_pkey_query res;
long ret;
- memset(¶ms, 0, sizeof(params));
-
ret = keyctl_pkey_params_get(id, _info, ¶ms);
if (ret < 0)
goto error;
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 8/9] crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
` (6 preceding siblings ...)
2020-11-27 16:46 ` [PATCH 7/9] KEYS: remove redundant memset David Howells
@ 2020-11-27 16:46 ` David Howells
2020-11-27 16:46 ` [PATCH 9/9] encrypted-keys: Replace HTTP links with HTTPS ones David Howells
` (2 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2020-11-27 16:46 UTC (permalink / raw)
To: Jarkko Sakkinen; +Cc: Randy Dunlap, keyrings, dhowells, keyrings, linux-kernel
From: Randy Dunlap <rdunlap@infradead.org>
Drop the doubled word "the" in a comment.
Change "THis" to "This".
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
---
crypto/asymmetric_keys/pkcs7_parser.h | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_parser.h b/crypto/asymmetric_keys/pkcs7_parser.h
index 6565fdc2d4ca..e17f7ce4fb43 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.h
+++ b/crypto/asymmetric_keys/pkcs7_parser.h
@@ -41,10 +41,9 @@ struct pkcs7_signed_info {
*
* This contains the generated digest of _either_ the Content Data or
* the Authenticated Attributes [RFC2315 9.3]. If the latter, one of
- * the attributes contains the digest of the the Content Data within
- * it.
+ * the attributes contains the digest of the Content Data within it.
*
- * THis also contains the issuing cert serial number and issuer's name
+ * This also contains the issuing cert serial number and issuer's name
* [PKCS#7 or CMS ver 1] or issuing cert's SKID [CMS ver 3].
*/
struct public_key_signature *sig;
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 9/9] encrypted-keys: Replace HTTP links with HTTPS ones
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
` (7 preceding siblings ...)
2020-11-27 16:46 ` [PATCH 8/9] crypto: asymmetric_keys: fix some comments in pkcs7_parser.h David Howells
@ 2020-11-27 16:46 ` David Howells
2020-11-29 3:38 ` [PATCH 0/9] keys: Miscellaneous fixes Jarkko Sakkinen
2020-11-30 9:21 ` David Howells
10 siblings, 0 replies; 13+ messages in thread
From: David Howells @ 2020-11-27 16:46 UTC (permalink / raw)
To: Jarkko Sakkinen; +Cc: Alexander A. Klimov, dhowells, keyrings, linux-kernel
From: Alexander A. Klimov <grandmaster@al2klimov.de>
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.
Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.
Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Signed-off-by: David Howells <dhowells@redhat.com>
---
include/keys/encrypted-type.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/keys/encrypted-type.h b/include/keys/encrypted-type.h
index 38afb341c3f2..abfcbe02001a 100644
--- a/include/keys/encrypted-type.h
+++ b/include/keys/encrypted-type.h
@@ -2,7 +2,7 @@
/*
* Copyright (C) 2010 IBM Corporation
* Copyright (C) 2010 Politecnico di Torino, Italy
- * TORSEC group -- http://security.polito.it
+ * TORSEC group -- https://security.polito.it
*
* Authors:
* Mimi Zohar <zohar@us.ibm.com>
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 0/9] keys: Miscellaneous fixes
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
` (8 preceding siblings ...)
2020-11-27 16:46 ` [PATCH 9/9] encrypted-keys: Replace HTTP links with HTTPS ones David Howells
@ 2020-11-29 3:38 ` Jarkko Sakkinen
2020-11-30 9:21 ` David Howells
10 siblings, 0 replies; 13+ messages in thread
From: Jarkko Sakkinen @ 2020-11-29 3:38 UTC (permalink / raw)
To: David Howells
Cc: Jarkko Sakkinen, James Morris, Krzysztof Kozlowski,
Jarkko Sakkinen, Jann Horn, Gabriel Krisman Bertazi,
Alexander A. Klimov, Ben Boeckel, linux-security-module,
Denis Efremov, keyrings, Gustavo A. R. Silva, Randy Dunlap,
Tom Rix, Serge E. Hallyn, linux-kernel
On Fri, Nov 27, 2020 at 04:45:24PM +0000, David Howells wrote:
>
> Hi Jarkko,
>
> I've collected together a bunch of minor keyrings fixes, but I'm not sure
> there's anything that can't wait for the next merge window.
>
> The patches can be found on the following branch:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
>
> David
I think that looks good, thank you. I'm sending PR next week. Should I
bundle those to that?
/Jarkko
> ---
> Alexander A. Klimov (1):
> encrypted-keys: Replace HTTP links with HTTPS ones
>
> Denis Efremov (1):
> security/keys: use kvfree_sensitive()
>
> Gabriel Krisman Bertazi (1):
> watch_queue: Drop references to /dev/watch_queue
>
> Gustavo A. R. Silva (1):
> security: keys: Fix fall-through warnings for Clang
>
> Jann Horn (1):
> keys: Remove outdated __user annotations
>
> Krzysztof Kozlowski (1):
> KEYS: asymmetric: Fix kerneldoc
>
> Randy Dunlap (2):
> security: keys: delete repeated words in comments
> crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
>
> Tom Rix (1):
> KEYS: remove redundant memset
>
>
> Documentation/security/keys/core.rst | 4 ++--
> crypto/asymmetric_keys/asymmetric_type.c | 6 ++++--
> crypto/asymmetric_keys/pkcs7_parser.h | 5 ++---
> include/keys/encrypted-type.h | 2 +-
> samples/Kconfig | 2 +-
> samples/watch_queue/watch_test.c | 2 +-
> security/keys/Kconfig | 8 ++++----
> security/keys/big_key.c | 9 +++------
> security/keys/keyctl.c | 2 +-
> security/keys/keyctl_pkey.c | 2 --
> security/keys/keyring.c | 10 +++++-----
> 11 files changed, 24 insertions(+), 28 deletions(-)
>
>
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/9] keys: Miscellaneous fixes
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
` (9 preceding siblings ...)
2020-11-29 3:38 ` [PATCH 0/9] keys: Miscellaneous fixes Jarkko Sakkinen
@ 2020-11-30 9:21 ` David Howells
2020-12-02 16:43 ` Jarkko Sakkinen
10 siblings, 1 reply; 13+ messages in thread
From: David Howells @ 2020-11-30 9:21 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: dhowells, Jarkko Sakkinen, James Morris, Krzysztof Kozlowski,
Jarkko Sakkinen, Jann Horn, Gabriel Krisman Bertazi,
Alexander A. Klimov, Ben Boeckel, linux-security-module,
Denis Efremov, keyrings, Gustavo A. R. Silva, Randy Dunlap,
Tom Rix, Serge E. Hallyn, linux-kernel
Jarkko Sakkinen <jarkko@kernel.org> wrote:
> I think that looks good, thank you. I'm sending PR next week. Should I
> bundle those to that?
I've updated the branch to include an ack from you, plus added the
semicolon-removal patch and a #include-removal patch.
You can try sending them on, though I don't think any of them are really
critical patches (and we are in -rc6).
David
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/9] keys: Miscellaneous fixes
2020-11-30 9:21 ` David Howells
@ 2020-12-02 16:43 ` Jarkko Sakkinen
0 siblings, 0 replies; 13+ messages in thread
From: Jarkko Sakkinen @ 2020-12-02 16:43 UTC (permalink / raw)
To: David Howells
Cc: Jarkko Sakkinen, James Morris, Krzysztof Kozlowski,
Jarkko Sakkinen, Jann Horn, Gabriel Krisman Bertazi,
Alexander A. Klimov, Ben Boeckel, linux-security-module,
Denis Efremov, keyrings, Gustavo A. R. Silva, Randy Dunlap,
Tom Rix, Serge E. Hallyn, linux-kernel
On Mon, Nov 30, 2020 at 09:21:32AM +0000, David Howells wrote:
> Jarkko Sakkinen <jarkko@kernel.org> wrote:
>
> > I think that looks good, thank you. I'm sending PR next week. Should I
> > bundle those to that?
>
> I've updated the branch to include an ack from you, plus added the
> semicolon-removal patch and a #include-removal patch.
>
> You can try sending them on, though I don't think any of them are really
> critical patches (and we are in -rc6).
>
> David
I think I'll pass then and focus on SGX for the time being. Getting that
to the mainline will release quite a lot of bandwidth, i.e. on average
the best way to go forward.
I'll test this patch set once we are in 5.11-rc1:
https://lore.kernel.org/keyrings/20201120180426.922572-1-mic@digikod.net/
/Jarkko
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2020-12-02 16:44 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-27 16:45 [PATCH 0/9] keys: Miscellaneous fixes David Howells
2020-11-27 16:45 ` [PATCH 1/9] security: keys: Fix fall-through warnings for Clang David Howells
2020-11-27 16:45 ` [PATCH 2/9] keys: Remove outdated __user annotations David Howells
2020-11-27 16:45 ` [PATCH 3/9] watch_queue: Drop references to /dev/watch_queue David Howells
2020-11-27 16:45 ` [PATCH 4/9] security/keys: use kvfree_sensitive() David Howells
2020-11-27 16:46 ` [PATCH 5/9] KEYS: asymmetric: Fix kerneldoc David Howells
2020-11-27 16:46 ` [PATCH 6/9] security: keys: delete repeated words in comments David Howells
2020-11-27 16:46 ` [PATCH 7/9] KEYS: remove redundant memset David Howells
2020-11-27 16:46 ` [PATCH 8/9] crypto: asymmetric_keys: fix some comments in pkcs7_parser.h David Howells
2020-11-27 16:46 ` [PATCH 9/9] encrypted-keys: Replace HTTP links with HTTPS ones David Howells
2020-11-29 3:38 ` [PATCH 0/9] keys: Miscellaneous fixes Jarkko Sakkinen
2020-11-30 9:21 ` David Howells
2020-12-02 16:43 ` Jarkko Sakkinen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).