[GIT] Security subsystem updates for 3.3

[GIT] Security subsystem updates for 3.3

[James Morris]

The most significant change here is the addition of the digital signature 
verification API, for use by IMA, EVM and module loading.  The rest is 
general maintenance.

Please pull.


The following changes since commit 805a6af8dba5dfdd35ec35dc52ec0122400b2610:
  Linus Torvalds (1):
        Linux 3.2

are available in the git repository at:

  git://selinuxproject.org/~jmorris/linux-security for-linus

Andrew Morton (1):
      include/linux/security.h: fix security_inode_init_security() arg

Andy Shevchenko (1):
      selinuxfs: remove custom hex_to_bin()

Dan Carpenter (1):
      mpi/mpi-mpow: NULL dereference on allocation failure

David Howells (1):
      KEYS: Give key types their own lockdep class for key->sem

Dmitry Kasatkin (10):
      crypto: GnuPG based MPI lib - source files (part 1)
      crypto: GnuPG based MPI lib - header files (part 2)
      crypto: GnuPG based MPI lib - make files (part 3)
      crypto: GnuPG based MPI lib - additional sources (part 4)
      crypto: digital signature verification support
      integrity: digital signature verification using multiple keyrings
      evm: digital signature verification support
      digsig: build dependency fix
      evm: key must be set once during initialization
      evm: prevent racing during tfm allocation

Greg Kroah-Hartman (1):
      Security: tomoyo: add .gitignore file

James Morris (4):
      Merge branch 'master'; commit 'v3.2-rc2' into next
      Merge branch 'for-james' of git://github.com/srajiv/tpm into next
      Merge branch 'next-evm-digsig' of git://git.kernel.org/.../kasatkin/linux-digsig into next
      Merge branch 'next' into for-linus

Kees Cook (4):
      Documentation: clarify the purpose of LSMs
      apparmor: add missing rcu_dereference()
      tomoyo: add missing rcu_dereference()
      security: update security_file_mmap() docs

Rajiv Andrade (4):
      TPM: Use vendor specific function for status probe
      TPM: Export wait_for_stat for other vendor specific drivers
      TPM: NSC and TIS drivers X86 dependency fix
      TPM: fix transmit_cmd error logic

Roberto Sassu (2):
      ima: free duplicate measurement memory
      ima: fix invalid memory reference

Rusty Russell (1):
      apparmor: fix module parameter handling

Stefan Berger (5):
      tpm: Have tpm_get_timeouts return an error code
      tpm: Cleanup tpm_continue_selftest
      tpm: Introduce function to poll for result of self test
      tpm_tis: Check return code from getting timeouts/durations
      tpm_tis: add delay after aborting command

Thomas Meyer (1):
      selinux: Casting (void *) value returned by kmalloc is useless

 Documentation/digsig.txt               |   96 ++
 Documentation/security/00-INDEX        |    2 +
 Documentation/security/LSM.txt         |   34 +
 Documentation/security/credentials.txt |    6 +-
 drivers/char/tpm/Kconfig               |    2 +
 drivers/char/tpm/tpm.c                 |  137 +++-
 drivers/char/tpm/tpm.h                 |    9 +-
 drivers/char/tpm/tpm_tis.c             |   84 +--
 include/linux/digsig.h                 |   64 ++
 include/linux/key-type.h               |    1 +
 include/linux/mpi.h                    |  146 ++++
 include/linux/security.h               |    4 +-
 lib/Kconfig                            |   25 +
 lib/Makefile                           |    3 +
 lib/digsig.c                           |  284 ++++++
 lib/mpi/Makefile                       |   32 +
 lib/mpi/generic_mpi-asm-defs.h         |    4 +
 lib/mpi/generic_mpih-add1.c            |   61 ++
 lib/mpi/generic_mpih-lshift.c          |   63 ++
 lib/mpi/generic_mpih-mul1.c            |   57 ++
 lib/mpi/generic_mpih-mul2.c            |   60 ++
 lib/mpi/generic_mpih-mul3.c            |   61 ++
 lib/mpi/generic_mpih-rshift.c          |   63 ++
 lib/mpi/generic_mpih-sub1.c            |   60 ++
 lib/mpi/longlong.h                     | 1478 ++++++++++++++++++++++++++++++++
 lib/mpi/mpi-add.c                      |  234 +++++
 lib/mpi/mpi-bit.c                      |  236 +++++
 lib/mpi/mpi-cmp.c                      |   68 ++
 lib/mpi/mpi-div.c                      |  333 +++++++
 lib/mpi/mpi-gcd.c                      |   59 ++
 lib/mpi/mpi-inline.c                   |   31 +
 lib/mpi/mpi-inline.h                   |  122 +++
 lib/mpi/mpi-internal.h                 |  261 ++++++
 lib/mpi/mpi-inv.c                      |  187 ++++
 lib/mpi/mpi-mpow.c                     |  134 +++
 lib/mpi/mpi-mul.c                      |  194 +++++
 lib/mpi/mpi-pow.c                      |  323 +++++++
 lib/mpi/mpi-scan.c                     |  136 +++
 lib/mpi/mpicoder.c                     |  365 ++++++++
 lib/mpi/mpih-cmp.c                     |   56 ++
 lib/mpi/mpih-div.c                     |  541 ++++++++++++
 lib/mpi/mpih-mul.c                     |  527 ++++++++++++
 lib/mpi/mpiutil.c                      |  208 +++++
 security/apparmor/audit.c              |    2 +-
 security/apparmor/lsm.c                |    6 +-
 security/integrity/Kconfig             |   14 +
 security/integrity/Makefile            |    1 +
 security/integrity/digsig.c            |   48 +
 security/integrity/evm/evm.h           |   12 +
 security/integrity/evm/evm_crypto.c    |   76 ++-
 security/integrity/evm/evm_main.c      |   94 ++-
 security/integrity/ima/ima_api.c       |    4 +-
 security/integrity/ima/ima_queue.c     |   17 +-
 security/integrity/integrity.h         |   21 +
 security/keys/key.c                    |    3 +
 security/selinux/selinuxfs.c           |   14 +-
 security/selinux/ss/conditional.c      |    2 +-
 security/tomoyo/.gitignore             |    2 +
 security/tomoyo/common.h               |    2 +-
 59 files changed, 7026 insertions(+), 143 deletions(-)
 create mode 100644 Documentation/digsig.txt
 create mode 100644 Documentation/security/LSM.txt
 create mode 100644 include/linux/digsig.h
 create mode 100644 include/linux/mpi.h
 create mode 100644 lib/digsig.c
 create mode 100644 lib/mpi/Makefile
 create mode 100644 lib/mpi/generic_mpi-asm-defs.h
 create mode 100644 lib/mpi/generic_mpih-add1.c
 create mode 100644 lib/mpi/generic_mpih-lshift.c
 create mode 100644 lib/mpi/generic_mpih-mul1.c
 create mode 100644 lib/mpi/generic_mpih-mul2.c
 create mode 100644 lib/mpi/generic_mpih-mul3.c
 create mode 100644 lib/mpi/generic_mpih-rshift.c
 create mode 100644 lib/mpi/generic_mpih-sub1.c
 create mode 100644 lib/mpi/longlong.h
 create mode 100644 lib/mpi/mpi-add.c
 create mode 100644 lib/mpi/mpi-bit.c
 create mode 100644 lib/mpi/mpi-cmp.c
 create mode 100644 lib/mpi/mpi-div.c
 create mode 100644 lib/mpi/mpi-gcd.c
 create mode 100644 lib/mpi/mpi-inline.c
 create mode 100644 lib/mpi/mpi-inline.h
 create mode 100644 lib/mpi/mpi-internal.h
 create mode 100644 lib/mpi/mpi-inv.c
 create mode 100644 lib/mpi/mpi-mpow.c
 create mode 100644 lib/mpi/mpi-mul.c
 create mode 100644 lib/mpi/mpi-pow.c
 create mode 100644 lib/mpi/mpi-scan.c
 create mode 100644 lib/mpi/mpicoder.c
 create mode 100644 lib/mpi/mpih-cmp.c
 create mode 100644 lib/mpi/mpih-div.c
 create mode 100644 lib/mpi/mpih-mul.c
 create mode 100644 lib/mpi/mpiutil.c
 create mode 100644 security/integrity/digsig.c
 create mode 100644 security/tomoyo/.gitignore

Re: [GIT] Security subsystem updates for 3.3

[Linus Torvalds]

On Sun, Jan 8, 2012 at 6:22 PM, James Morris <jmorris@namei.org> wrote:
> The most significant change here is the addition of the digital signature
> verification API, for use by IMA, EVM and module loading.  The rest is
> general maintenance.

Hmm. The CONFIG_MPI/DIGSIG thing really should go away as a question,
I think. I'd expect modules that need it to select it, there's no
point in asking a user "do you want this enabled" afaik.

And "DIGSIG" is really a horrible config name. Did somebody run out of
letters suddenly? Is there some global letter shortage that I haven't
been told of and that we should do something about?

But I pulled it. Please do fix it up, though.

                    Linus

Re: [GIT] Security subsystem updates for 3.3

[James Morris]

On Tue, 10 Jan 2012, Linus Torvalds wrote:

> Hmm. The CONFIG_MPI/DIGSIG thing really should go away as a question,
> I think. I'd expect modules that need it to select it, there's no
> point in asking a user "do you want this enabled" afaik.

Ok.

> 
> And "DIGSIG" is really a horrible config name. Did somebody run out of
> letters suddenly? Is there some global letter shortage that I haven't
> been told of and that we should do something about?

Any objections to DIGITAL_SIGNATURE_API ?

> But I pulled it. Please do fix it up, though.

Thanks, will do.


- James
-- 
James Morris
<jmorris@namei.org>

Re: [GIT] Security subsystem updates for 3.3

[Sam Ravnborg]

> > 
> > And "DIGSIG" is really a horrible config name. Did somebody run out of
> > letters suddenly? Is there some global letter shortage that I haven't
> > been told of and that we should do something about?
> 
> Any objections to DIGITAL_SIGNATURE_API ?
Naming is always fun..

In general when applicable it is nice when config options are prefixed
whith something that indicate their relation ship.
But many config symbols fails to do so today - so no strong feeling.

	Sam

Re: [GIT] Security subsystem updates for 3.3

[Linus Torvalds]

On Tue, Jan 10, 2012 at 11:35 PM, James Morris <jmorris@namei.org> wrote:
>> And "DIGSIG" is really a horrible config name. Did somebody run out of
>> letters suddenly? Is there some global letter shortage that I haven't
>> been told of and that we should do something about?
>
> Any objections to DIGITAL_SIGNATURE_API ?

Sounds much better. Slightly more typing, but CONFIG_DIGSIG really
didn't tell me anything and sounded like some odd new device to me.

                          Linus

Re: [GIT] Security subsystem updates for 3.3

[Kasatkin, Dmitry]

On Wed, Jan 11, 2012 at 4:51 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Tue, Jan 10, 2012 at 11:35 PM, James Morris <jmorris@namei.org> wrote:
>>> And "DIGSIG" is really a horrible config name. Did somebody run out of
>>> letters suddenly? Is there some global letter shortage that I haven't
>>> been told of and that we should do something about?
>>
>> Any objections to DIGITAL_SIGNATURE_API ?
>
> Sounds much better. Slightly more typing, but CONFIG_DIGSIG really
> didn't tell me anything and sounded like some odd new device to me.
>
>                          Linus

Would just DIGITAL_SIGNATURE be enough?

- Dmitry

Re: [GIT] Security subsystem updates for 3.3

[Linus Torvalds]

On Wed, Jan 11, 2012 at 7:15 AM, Kasatkin, Dmitry
<dmitry.kasatkin@intel.com> wrote:
>
> Would just DIGITAL_SIGNATURE be enough?

I'm certainly ok with that too. It still clearly talks about what it
is, rather than become something only somebody "in the know" knows
what it means.

                   Linus

Re: [GIT] Security subsystem updates for 3.3

[Pavel Machek]

> On Wed, Jan 11, 2012 at 4:51 PM, Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> > On Tue, Jan 10, 2012 at 11:35 PM, James Morris <jmorris@namei.org> wrote:
> >>> And "DIGSIG" is really a horrible config name. Did somebody run out of
> >>> letters suddenly? Is there some global letter shortage that I haven't
> >>> been told of and that we should do something about?
> >>
> >> Any objections to DIGITAL_SIGNATURE_API ?
> >
> > Sounds much better. Slightly more typing, but CONFIG_DIGSIG really
> > didn't tell me anything and sounded like some odd new device to me.
> >
> >                          Linus
> 
> Would just DIGITAL_SIGNATURE be enough?

Actually, "CONFIG_SIGNATURE" should be enough.

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html