From: David Howells <dhowells@redhat.com>
To: jmorris@namei.org
Cc: dhowells@redhat.com, d.kasatkin@samsung.com,
keyrings@linux-nfs.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [GIT PULL] KEYS:
Date: Mon, 06 Oct 2014 18:25:56 +0100 [thread overview]
Message-ID: <4792.1412616356@warthog.procyon.org.uk> (raw)
Hi James,
Can you pull these fixes into your next branch?
(1) Handle error codes in pointers correctly so as not to crash.
(2) Fix the asymmetric key description to make module signature checking work
right (I changed the description to include the X.509 serial number, but
the module uses the subjectKeyId still).
(3) Bring back matching of keys based on partial matches on the auxiliary
IDs (required for IMA).
(4) Make the PGP fingerprint field in /proc/keys hold the tail end of the
SKID once again (if present).
(5) IMA needs to zero-pad the key ID it requests a match on because the hex
string will be rejected if it's not a multiple of two digits.
David
---
The following changes since commit c867d07e3c861e75509650b8a359351d634db93a:
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next (2014-10-02 19:47:23 +1000)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-next-fixes-20141006
for you to fetch changes up to 594081ee7145cc30a3977cb4e218f81213b63dc5:
integrity: do zero padding of the key id (2014-10-06 17:33:27 +0100)
----------------------------------------------------------------
(from the branch description for keys-next-fixes local branch)
clone of "keys-fixes"
Keyrings fixes for next
----------------------------------------------------------------
David Howells (1):
X.509: If available, use the raw subjKeyId to form the key description
Dmitry Kasatkin (6):
KEYS: handle error code encoded in pointer
KEYS: Restore partial ID matching functionality for asymmetric keys
KEYS: use swapped SKID for performing partial matching
KEYS: strip 'id:' from ca_keyid
KEYS: output last portion of fingerprint in /proc/keys
integrity: do zero padding of the key id
crypto/asymmetric_keys/asymmetric_keys.h | 3 --
crypto/asymmetric_keys/asymmetric_type.c | 84 +++++++++++++++++++++++--------
crypto/asymmetric_keys/pkcs7_trust.c | 9 ++--
crypto/asymmetric_keys/x509_cert_parser.c | 14 +++---
crypto/asymmetric_keys/x509_parser.h | 8 +--
crypto/asymmetric_keys/x509_public_key.c | 29 ++++++++---
include/crypto/public_key.h | 3 +-
include/keys/asymmetric-type.h | 3 ++
security/integrity/digsig_asymmetric.c | 2 +-
9 files changed, 110 insertions(+), 45 deletions(-)
next reply other threads:[~2014-10-06 17:26 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-06 17:25 David Howells [this message]
2014-10-07 4:58 ` [GIT PULL] KEYS: James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4792.1412616356@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=d.kasatkin@samsung.com \
--cc=jmorris@namei.org \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).