From: David Howells <dhowells@redhat.com>
To: torvalds@linux-foundation.org
Cc: dhowells@redhat.com, "Jarkko Sakkinen" <jarkko@kernel.org>,
"Alexander A. Klimov" <grandmaster@al2klimov.de>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
"Alex Shi" <alex.shi@linux.alibaba.com>,
"Ben Boeckel" <mathstuf@gmail.com>,
"Denis Efremov" <efremov@linux.com>,
"Gabriel Krisman Bertazi" <krisman@collabora.com>,
"Jann Horn" <jannh@google.com>,
"Krzysztof Kozlowski" <krzk@kernel.org>,
"Mickaël Salaün" <mic@linux.microsoft.com>,
"Mimi Zohar" <zohar@linux.vnet.ibm.com>,
"Randy Dunlap" <rdunlap@infradead.org>,
"Tianjia Zhang" <tianjia.zhang@linux.alibaba.com>,
"Tom Rix" <trix@redhat.com>, YueHaibing <yuehaibing@huawei.com>,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: [GIT PULL] keys: Collected minor fixes and cleanups
Date: Mon, 14 Dec 2020 10:03:06 +0000 [thread overview]
Message-ID: <2659836.1607940186@warthog.procyon.org.uk> (raw)
Hi Linus,
Here's a set of minor fixes/cleanups that I've collected from various
people for the next merge window.
A couple of them might, in theory, be visible to userspace:
(*) Make blacklist_vet_description() reject uppercase letters as they
don't match the all-lowercase hex string generated for a blacklist
search.
This may want reconsideration in the future, but, currently, you can't
add to the blacklist keyring from userspace and the only source of
blacklist keys generates lowercase descriptions.
(*) Fix blacklist_init() to use a new KEY_ALLOC_* flag to indicate that it
wants KEY_FLAG_KEEP to be set rather than passing KEY_FLAG_KEEP into
keyring_alloc() as KEY_FLAG_KEEP isn't a valid alloc flag.
This isn't currently a problem as the blacklist keyring isn't
currently writable by userspace.
The rest of the patches are cleanups and I don't think they should have any
visible effect.
David
---
The following changes since commit 85a2c56cb4454c73f56d3099d96942e7919b292f:
Merge tag 'pm-5.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm (2020-11-26 11:17:37 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20201214
for you to fetch changes up to 1b91ea77dfeb2c5924ab940f2e43177c78a37d8f:
certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID (2020-12-10 09:24:43 +0000)
----------------------------------------------------------------
Keys fixes
----------------------------------------------------------------
Alex Shi (2):
PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
certs/blacklist: fix kernel doc interface issue
Alexander A. Klimov (1):
encrypted-keys: Replace HTTP links with HTTPS ones
David Howells (1):
certs: Fix blacklist flag type confusion
Denis Efremov (1):
security/keys: use kvfree_sensitive()
Gabriel Krisman Bertazi (1):
watch_queue: Drop references to /dev/watch_queue
Gustavo A. R. Silva (1):
security: keys: Fix fall-through warnings for Clang
Jann Horn (1):
keys: Remove outdated __user annotations
Krzysztof Kozlowski (1):
KEYS: asymmetric: Fix kerneldoc
Mickaël Salaün (3):
certs: Fix blacklisted hexadecimal hash string check
PKCS#7: Fix missing include
certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID
Randy Dunlap (2):
security: keys: delete repeated words in comments
crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
Tianjia Zhang (1):
crypto: public_key: Remove redundant header file from public_key.h
Tom Rix (2):
KEYS: remove redundant memset
keys: remove trailing semicolon in macro definition
YueHaibing (1):
crypto: pkcs7: Use match_string() helper to simplify the code
Documentation/security/keys/core.rst | 4 ++--
certs/blacklist.c | 10 +++++-----
certs/system_keyring.c | 5 +++--
crypto/asymmetric_keys/asymmetric_type.c | 6 ++++--
crypto/asymmetric_keys/pkcs7_parser.h | 5 ++---
crypto/asymmetric_keys/pkcs7_trust.c | 2 +-
crypto/asymmetric_keys/pkcs7_verify.c | 9 ++++-----
include/crypto/public_key.h | 1 -
include/keys/encrypted-type.h | 2 +-
include/linux/key.h | 5 +++--
include/linux/verification.h | 2 ++
samples/Kconfig | 2 +-
samples/watch_queue/watch_test.c | 2 +-
security/integrity/ima/ima_mok.c | 3 +--
security/keys/Kconfig | 8 ++++----
security/keys/big_key.c | 9 +++------
security/keys/key.c | 2 ++
security/keys/keyctl.c | 2 +-
security/keys/keyctl_pkey.c | 2 --
security/keys/keyring.c | 10 +++++-----
security/keys/process_keys.c | 1 +
21 files changed, 46 insertions(+), 46 deletions(-)
next reply other threads:[~2020-12-14 10:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-14 10:03 David Howells [this message]
2020-12-14 20:49 ` [GIT PULL] keys: Collected minor fixes and cleanups Linus Torvalds
2020-12-14 21:05 ` Linus Torvalds
2020-12-14 21:40 ` Stephen Rothwell
2020-12-15 4:57 ` Jarkko Sakkinen
2021-02-10 14:59 David Howells
2021-02-24 0:32 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2659836.1607940186@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=alex.shi@linux.alibaba.com \
--cc=efremov@linux.com \
--cc=grandmaster@al2klimov.de \
--cc=gustavoars@kernel.org \
--cc=jannh@google.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=krisman@collabora.com \
--cc=krzk@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mathstuf@gmail.com \
--cc=mic@linux.microsoft.com \
--cc=rdunlap@infradead.org \
--cc=tianjia.zhang@linux.alibaba.com \
--cc=torvalds@linux-foundation.org \
--cc=trix@redhat.com \
--cc=yuehaibing@huawei.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.