eed in salt length of a PSS signature.
> - 'mgfhash' to feed in the hash function used for MGF.
>
> Signed-off-by: Varad Gautam
> CC: Jarkko Sakkinen
> CC: Ben Boeckel
> ---
> v3: Rename slen to saltlen, update Documentation/security/keys/core.rst.
>
>
On Thu, Apr 08, 2021 at 16:15:16 +0200, Varad Gautam wrote:
> keyctl pkey_* operations accept enc and hash parameters at present.
> RSASSA-PSS signatures also require passing in the signature salt
> length and the mgf hash function.
>
> Add parameters:
> - 'slen' to feed in salt length of a PSS
On Sat, Feb 20, 2021 at 05:09:07 +0200, Jarkko Sakkinen wrote:
> Something popped into mind: could we make PCR 23 reservation dynamic
> instead of a config option.
>
> E.g. if the user space uses it, then it's dirty and hibernate will
> fail. I really dislike the static compilation time firewall
On Wed, Jan 13, 2021 at 10:57:58 -0500, Ben Boeckel wrote:
> > Cc: sta...@vger.kernel.org # 5.6.x
>
> Note that keyutils is not in the kernel, so I don't know how useful this
> is.
Scratch that; I remember a similar patch for keyutils; this is for the
kernel.
--Ben
On Wed, Jan 13, 2021 at 13:49:12 +0100, Rolf Eike Beer wrote:
> Otherwise build fails if the headers are not in the default location. While at
> it also ask pkg-config for the libs, with fallback to the existing value.
>
> Signed-off-by: Rolf Eike Beer
Reviewed-by: Ben Boeckel
://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
1-16 LGTM (modulo the typo in patch 7's commit message). 17 and 18 are
outside my knowledge right now.
Reviewed-by: Ben Boeckel
--Ben
On Wed, Dec 09, 2020 at 12:15:19 +, David Howells wrote:
> From: Tom Rix
>
> Reviewing use of memset in keyctrl_pkey.c
Typo: `keyctl_pkey.c`
--Ben
_keys/asymmetric_type.c:160: warning: Excess function
> parameter 'kid_2' description in 'asymmetric_key_id_same'
>
> Signed-off-by: Krzysztof Kozlowski
> Acked-by: Randy Dunlap
Reviewed-by: Ben Boeckel
--Ben
On Tue, Oct 20, 2020 at 14:50:01 +0800, Lee, Chun-Yi wrote:
> +config CHECK_CODESIGN_EKU
> + bool "Check codeSigning extended key usage"
> + depends on PKCS7_MESSAGE_PARSER=y
> + depends on SYSTEM_DATA_VERIFICATION
> + help
> + This option provides support for checking the
On Mon, Aug 24, 2020 at 16:27:32 +0100, David Howells wrote:
> Ben Boeckel wrote:
>
> > > +In the case of message loss,
> > > +.BR read (2)
> > > +will fabricate a loss message and pass that to userspace immediately
> > > after the
> > > +poi
On Fri, Aug 07, 2020 at 16:06:16 +0100, David Howells wrote:
> Add a manual page for the notifications/watch_queue facility.
>
> Signed-off-by: David Howells
> ---
>
> man7/watch_queue.7 | 285
>
> 1 file changed, 285 insertions(+)
>
s! Looks good to me.
Reviewed-by: Ben Boeckel
--Ben
On Tue, May 19, 2020 at 14:39:40 +0100, David Howells wrote:
> Ben Boeckel wrote:
> > Is there precedent for this config file format?
>
> Okay, I can change it to:
>
> default_ttl =
>
> and strip spaces all over the place.
Thanks. This is at least a subset
On Mon, May 18, 2020 at 15:22:45 +0100, David Howells wrote:
> Address records obtained from getaddrinfo() don't come with any TTL
> information, even if they're obtained from the DNS, with the result that
> key.dns_resolver upcall program doesn't set an expiry time on dns_resolver
> records
From: Ben Boeckel
This argument was just never documented in the first place.
Signed-off-by: Ben Boeckel
---
Documentation/security/keys/core.rst | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/Documentation/security/keys/core.rst
b/Documentation/security/keys
From: Ben Boeckel
This is the way the code parses the arguments and libkeyutils calls the
syscall.
Note on the email split: I'm still in the process of migrating emails
for various usages hence the email From mismatch here (I've migrated my
list subscription, but not my general contribution
quot;, options_NOENCRYPT,
> strlen(options_NOENCRYPT), KEY_SPEC_THREAD_KEYRING);
Thanks. Looks good to me.
Reviewed-by: Ben Boeckel
--Ben
On Mon, Aug 05, 2019 at 13:31:02 -0700, Alison Schofield wrote:
> It's not currently checked, but should be.
> I'll add it as shown above.
> Thanks for the review,
Thanks. Seeing how this works elsewhere now, feel free to add my review
with the proposed check to the new patch.
Reviewe
On Wed, Jul 31, 2019 at 18:07:39 +0300, Kirill A. Shutemov wrote:
> From: Alison Schofield
> +/* Make sure arguments are correct for the TYPE of key requested */
> +static int mktme_check_options(u32 *payload, unsigned long token_mask,
> +enum mktme_type type, enum
On Wed, Jul 31, 2019 at 18:08:11 +0300, Kirill A. Shutemov wrote:
> + key = add_key("mktme", "name", "no-encrypt", strlen(options_CPU),
> + KEY_SPEC_THREAD_KEYRING);
Should this be `type=no-encrypt` here? Also, seems like copy/paste from
the `type=cpu` case for the `strlen`
20 matches
Mail list logo