On 11/01/2021 19:03, Borislav Petkov wrote:
> On Mon, Jan 11, 2021 at 06:51:59PM +0800, Tony W Wang-oc wrote:
>> This issue will be enhanced by hardware and patch submit will be pending.
>
> I have no clue what that has to do with your current patch... you might
> need to explain more verbosely.
>
On Thu, 14 Jan 2021 at 11:25, Reshetova, Elena
wrote:
>
> > > On Mon, Jan 04, 2021 at 08:04:15AM +, Reshetova, Elena wrote:
> > > > > 2. The OCS ECC HW does not support the NIST P-192 curve. We were
> > > > > planning
> > to
> > > > >add SW fallback for P-192 in the driver, but the Intel
The accelerated, instruction based implementations of SHA1, SHA2 and
SHA3 are autoloaded based on CPU capabilities, given that the code is
modest in size, and widely used, which means that resolving the algo
name, loading all compatible modules and picking the one with the
highest priority is taken
Hi Allen,
On Tue, Jan 12, 2021 at 07:16:45AM +0530, Allen Pais wrote:
> From: Allen Pais
>
> In preparation for unconditionally passing the
> struct tasklet_struct pointer to all tasklet
> callbacks, switch to using the new tasklet_setup()
> and from_tasklet() to pass the tasklet pointer explici
Hi Ignat,
On 13.01.2021 20:17, Ignat Korchagin wrote:
On some specific hardware on early boot we occasionally get
[ 1193.920255][T0] BUG: sleeping function called from invalid context at
mm/mempool.c:381
[ 1193.936616][T0] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid:
0, name
From: Mickaël Salaün
Add a kernel option SYSTEM_BLACKLIST_AUTH_UPDATE to enable the root user
to dynamically add new keys to the blacklist keyring. This enables to
invalidate new certificates, either from being loaded in a keyring, or
from being trusted in a PKCS#7 certificate chain. This also
From: Alex Shi
certs/blacklist.c:84: warning: Function parameter or member 'hash' not
described in 'mark_hash_blacklisted'
Cc: David Woodhouse
Cc: keyri...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Alex Shi
Signed-off-by: David Howells
Reviewed-by: Ben Boeckel
Signed-of
From: Mickaël Salaün
Add a new helper print-cert-tbs-hash.sh to generate a TBSCertificate
hash from a given certificate. This is useful to generate a blacklist
key description used to forbid loading a specific certificate in a
keyring, or to invalidate a certificate provided by a PKCS#7 file.
C
From: Mickaël Salaün
Add and use a check-blacklist-hashes.awk script to make sure that the
builtin blacklist hashes will be approved by the run time blacklist
description checks. This is useful to debug invalid hash formats, and
it make sure that previous hashes which could have been loaded in t
From: Mickaël Salaün
Align with the new macros and add appropriate include files.
Cc: David Woodhouse
Signed-off-by: Mickaël Salaün
Signed-off-by: David Howells
---
Changes since v2:
* Cherry-pick v1 patch from
https://lore.kernel.org/lkml/2659836.1607940...@warthog.procyon.org.uk/
to re
From: Mickaël Salaün
When looking for a blacklisted hash, bin2hex() is used to transform a
binary hash to an ascii (lowercase) hexadecimal string. This string is
then search for in the description of the keys from the blacklist
keyring. When adding a key to the blacklist keyring,
blacklist_vet_
From: Mickaël Salaün
Add missing linux/types.h for size_t.
[DH: Changed from stddef.h]
Signed-off-by: Mickaël Salaün
Signed-off-by: David Howells
Reviewed-by: Ben Boeckel
---
Changes since v2:
* Cherry-pick v1 patch from
https://lore.kernel.org/lkml/2659836.1607940...@warthog.procyon.org.
From: David Howells
KEY_FLAG_KEEP is not meant to be passed to keyring_alloc() or key_alloc(),
as these only take KEY_ALLOC_* flags. KEY_FLAG_KEEP has the same value as
KEY_ALLOC_BYPASS_RESTRICTION, but fortunately only key_create_or_update()
uses it. LSMs using the key_alloc hook don't check t
From: Mickaël Salaün
Factor out the blacklist hash creation with the get_raw_hash() helper.
This also centralize the "tbs" and "bin" prefixes and make them private,
which help to manage them consistently.
Cc: David Howells
Cc: David S. Miller
Cc: David Woodhouse
Cc: Herbert Xu
Signed-off-by:
From: Mickaël Salaün
Before exposing this new key type to user space, make sure that only
meaningful blacklisted hashes are accepted. This is also checked for
builtin blacklisted hashes, but a following commit make sure that the
user will notice (at built time) and will fix the configuration if
This third patch series includes back three fix patches taken from the first
series (and cherry-picked from David Howells's tree [1]), and one cosmetic fix
from Alex Shi which helps avoid future conflicts. I also added some Acked-by
and improved comments. As requested, this series is based on v5.
> > On Mon, Jan 04, 2021 at 08:04:15AM +, Reshetova, Elena wrote:
> > > > 2. The OCS ECC HW does not support the NIST P-192 curve. We were
> > > > planning
> to
> > > >add SW fallback for P-192 in the driver, but the Intel Crypto team
> > > >(which, internally, has to approve any code
On Sat, 19 Dec 2020 at 03:05, Herbert Xu wrote:
>
> On Fri, Dec 18, 2020 at 06:01:01PM +0100, Ard Biesheuvel wrote:
> >
> > Questions:
> > - what did I miss or break horribly?
> > - does any of this matter for RT? AIUI, RT runs softirqs from a dedicated
> > kthread, so I don't think it cares.
>
18 matches
Mail list logo