From: David Howells <dhowells@redhat.com>
To: torvalds@linux-foundation.org
Cc: dhowells@redhat.com, "Jarkko Sakkinen" <jarkko@kernel.org>,
"Alexander A. Klimov" <grandmaster@al2klimov.de>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
"Alex Shi" <alex.shi@linux.alibaba.com>,
"Ben Boeckel" <mathstuf@gmail.com>,
"Denis Efremov" <efremov@linux.com>,
"Gabriel Krisman Bertazi" <krisman@collabora.com>,
"Jann Horn" <jannh@google.com>,
"Krzysztof Kozlowski" <krzk@kernel.org>,
"Mickaël Salaün" <mic@linux.microsoft.com>,
"Mimi Zohar" <zohar@linux.vnet.ibm.com>,
"Randy Dunlap" <rdunlap@infradead.org>,
"Tianjia Zhang" <tianjia.zhang@linux.alibaba.com>,
"Tom Rix" <trix@redhat.com>, YueHaibing <yuehaibing@huawei.com>,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject:
Date: Wed, 10 Feb 2021 14:57:19 +0000 [thread overview]
Message-ID: <1322700.1612969039@warthog.procyon.org.uk> (raw)
Hi Linus,
Here's a set of minor keyrings fixes/cleanups that I've collected from
various people for the upcoming merge window.
A couple of them might, in theory, be visible to userspace:
(*) Make blacklist_vet_description() reject uppercase letters as they
don't match the all-lowercase hex string generated for a blacklist
search.
This may want reconsideration in the future, but, currently, you can't
add to the blacklist keyring from userspace and the only source of
blacklist keys generates lowercase descriptions.
(*) Fix blacklist_init() to use a new KEY_ALLOC_* flag to indicate that it
wants KEY_FLAG_KEEP to be set rather than passing KEY_FLAG_KEEP into
keyring_alloc() as KEY_FLAG_KEEP isn't a valid alloc flag.
This isn't currently a problem as the blacklist keyring isn't
currently writable by userspace.
The rest of the patches are cleanups and I don't think they should have any
visible effect.
I've fixed the compilation error, added another patch and rebased to
v5.11-rc4 since the last request.
David
---
The following changes since commit 19c329f6808995b142b3966301f217c831e7cf31:
Linux 5.11-rc4 (2021-01-17 16:37:05 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-misc-20210126
for you to fetch changes up to 8f0bfc25c907f38e7f9dc498e8f43000d77327ef:
watch_queue: rectify kernel-doc for init_watch() (2021-01-26 11:16:34 +0000)
----------------------------------------------------------------
Keyrings miscellany
----------------------------------------------------------------
Alex Shi (2):
PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
certs/blacklist: fix kernel doc interface issue
Alexander A. Klimov (1):
encrypted-keys: Replace HTTP links with HTTPS ones
David Howells (1):
certs: Fix blacklist flag type confusion
Denis Efremov (1):
security/keys: use kvfree_sensitive()
Gabriel Krisman Bertazi (1):
watch_queue: Drop references to /dev/watch_queue
Gustavo A. R. Silva (1):
security: keys: Fix fall-through warnings for Clang
Jann Horn (1):
keys: Remove outdated __user annotations
Krzysztof Kozlowski (1):
KEYS: asymmetric: Fix kerneldoc
Lukas Bulwahn (1):
watch_queue: rectify kernel-doc for init_watch()
Mickaël Salaün (3):
certs: Fix blacklisted hexadecimal hash string check
PKCS#7: Fix missing include
certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID
Randy Dunlap (2):
security: keys: delete repeated words in comments
crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
Tianjia Zhang (1):
crypto: public_key: Remove redundant header file from public_key.h
Tom Rix (2):
KEYS: remove redundant memset
keys: remove trailing semicolon in macro definition
YueHaibing (1):
crypto: pkcs7: Use match_string() helper to simplify the code
Documentation/security/keys/core.rst | 4 ++--
certs/blacklist.c | 10 +++++-----
certs/system_keyring.c | 5 +++--
crypto/asymmetric_keys/asymmetric_type.c | 6 ++++--
crypto/asymmetric_keys/pkcs7_parser.h | 5 ++---
crypto/asymmetric_keys/pkcs7_trust.c | 2 +-
crypto/asymmetric_keys/pkcs7_verify.c | 9 ++++-----
include/crypto/public_key.h | 1 -
include/keys/encrypted-type.h | 2 +-
include/linux/key.h | 5 +++--
include/linux/verification.h | 2 ++
kernel/watch_queue.c | 2 +-
samples/Kconfig | 2 +-
samples/watch_queue/watch_test.c | 2 +-
security/integrity/ima/ima_mok.c | 5 ++---
security/keys/Kconfig | 8 ++++----
security/keys/big_key.c | 9 +++------
security/keys/key.c | 2 ++
security/keys/keyctl.c | 2 +-
security/keys/keyctl_pkey.c | 2 --
security/keys/keyring.c | 10 +++++-----
security/keys/process_keys.c | 1 +
22 files changed, 48 insertions(+), 48 deletions(-)
reply other threads:[~2021-02-10 14:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1322700.1612969039@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=alex.shi@linux.alibaba.com \
--cc=efremov@linux.com \
--cc=grandmaster@al2klimov.de \
--cc=gustavoars@kernel.org \
--cc=jannh@google.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=krisman@collabora.com \
--cc=krzk@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mathstuf@gmail.com \
--cc=mic@linux.microsoft.com \
--cc=rdunlap@infradead.org \
--cc=tianjia.zhang@linux.alibaba.com \
--cc=torvalds@linux-foundation.org \
--cc=trix@redhat.com \
--cc=yuehaibing@huawei.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.