* (no subject)
@ 2021-02-10 14:57 David Howells
0 siblings, 0 replies; only message in thread
From: David Howells @ 2021-02-10 14:57 UTC (permalink / raw)
To: torvalds
Cc: dhowells, Jarkko Sakkinen, Alexander A. Klimov,
Gustavo A. R. Silva, Alex Shi, Ben Boeckel, Denis Efremov,
Gabriel Krisman Bertazi, Jann Horn, Krzysztof Kozlowski,
Mickaël Salaün, Mimi Zohar, Randy Dunlap,
Tianjia Zhang, Tom Rix, YueHaibing, keyrings, linux-crypto,
linux-kernel, linux-security-module
Hi Linus,
Here's a set of minor keyrings fixes/cleanups that I've collected from
various people for the upcoming merge window.
A couple of them might, in theory, be visible to userspace:
(*) Make blacklist_vet_description() reject uppercase letters as they
don't match the all-lowercase hex string generated for a blacklist
search.
This may want reconsideration in the future, but, currently, you can't
add to the blacklist keyring from userspace and the only source of
blacklist keys generates lowercase descriptions.
(*) Fix blacklist_init() to use a new KEY_ALLOC_* flag to indicate that it
wants KEY_FLAG_KEEP to be set rather than passing KEY_FLAG_KEEP into
keyring_alloc() as KEY_FLAG_KEEP isn't a valid alloc flag.
This isn't currently a problem as the blacklist keyring isn't
currently writable by userspace.
The rest of the patches are cleanups and I don't think they should have any
visible effect.
I've fixed the compilation error, added another patch and rebased to
v5.11-rc4 since the last request.
David
---
The following changes since commit 19c329f6808995b142b3966301f217c831e7cf31:
Linux 5.11-rc4 (2021-01-17 16:37:05 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-misc-20210126
for you to fetch changes up to 8f0bfc25c907f38e7f9dc498e8f43000d77327ef:
watch_queue: rectify kernel-doc for init_watch() (2021-01-26 11:16:34 +0000)
----------------------------------------------------------------
Keyrings miscellany
----------------------------------------------------------------
Alex Shi (2):
PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
certs/blacklist: fix kernel doc interface issue
Alexander A. Klimov (1):
encrypted-keys: Replace HTTP links with HTTPS ones
David Howells (1):
certs: Fix blacklist flag type confusion
Denis Efremov (1):
security/keys: use kvfree_sensitive()
Gabriel Krisman Bertazi (1):
watch_queue: Drop references to /dev/watch_queue
Gustavo A. R. Silva (1):
security: keys: Fix fall-through warnings for Clang
Jann Horn (1):
keys: Remove outdated __user annotations
Krzysztof Kozlowski (1):
KEYS: asymmetric: Fix kerneldoc
Lukas Bulwahn (1):
watch_queue: rectify kernel-doc for init_watch()
Mickaël Salaün (3):
certs: Fix blacklisted hexadecimal hash string check
PKCS#7: Fix missing include
certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID
Randy Dunlap (2):
security: keys: delete repeated words in comments
crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
Tianjia Zhang (1):
crypto: public_key: Remove redundant header file from public_key.h
Tom Rix (2):
KEYS: remove redundant memset
keys: remove trailing semicolon in macro definition
YueHaibing (1):
crypto: pkcs7: Use match_string() helper to simplify the code
Documentation/security/keys/core.rst | 4 ++--
certs/blacklist.c | 10 +++++-----
certs/system_keyring.c | 5 +++--
crypto/asymmetric_keys/asymmetric_type.c | 6 ++++--
crypto/asymmetric_keys/pkcs7_parser.h | 5 ++---
crypto/asymmetric_keys/pkcs7_trust.c | 2 +-
crypto/asymmetric_keys/pkcs7_verify.c | 9 ++++-----
include/crypto/public_key.h | 1 -
include/keys/encrypted-type.h | 2 +-
include/linux/key.h | 5 +++--
include/linux/verification.h | 2 ++
kernel/watch_queue.c | 2 +-
samples/Kconfig | 2 +-
samples/watch_queue/watch_test.c | 2 +-
security/integrity/ima/ima_mok.c | 5 ++---
security/keys/Kconfig | 8 ++++----
security/keys/big_key.c | 9 +++------
security/keys/key.c | 2 ++
security/keys/keyctl.c | 2 +-
security/keys/keyctl_pkey.c | 2 --
security/keys/keyring.c | 10 +++++-----
security/keys/process_keys.c | 1 +
22 files changed, 48 insertions(+), 48 deletions(-)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-02-10 14:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-10 14:57 David Howells
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).