Am 25.03.21 um 22:20 schrieb Stefan Metzmacher:
>
> Am 25.03.21 um 21:55 schrieb Eric W. Biederman:
>> Oleg Nesterov writes:
>>
>>> On 03/25, Linus Torvalds wrote:
>>>>
>>>> The whole "signals are very special for IO threads" th
Am 25.03.21 um 21:55 schrieb Eric W. Biederman:
> Oleg Nesterov writes:
>
>> On 03/25, Linus Torvalds wrote:
>>>
>>> The whole "signals are very special for IO threads" thing has caused
>>> so many problems, that maybe the solution is simply to _not_ make them
>>> special?
>>
>> Or may be IO
Am 24.03.21 um 16:34 schrieb Nicolas Saenz Julienne:
> Hi Stefan,
>
> On Wed, 2021-03-24 at 16:16 +0100, Stefan Wahren wrote:
>> Hi Nicolas,
>>
>> Am 22.03.21 um 19:58 schrieb Nicolas Saenz Julienne:
>>> From: Nicolas Saenz Julienne
>>>
>>> F
Am 25.03.21 um 14:38 schrieb Jens Axboe:
> On 3/25/21 6:11 AM, Stefan Metzmacher wrote:
>>
>> Am 25.03.21 um 13:04 schrieb Eric W. Biederman:
>>> Stefan Metzmacher writes:
>>>
>>>> Am 25.03.21 um 12:24 schrieb Sasha Levin:
>>>>&
Am 25.03.21 um 13:04 schrieb Eric W. Biederman:
> Stefan Metzmacher writes:
>
>> Am 25.03.21 um 12:24 schrieb Sasha Levin:
>>> From: "Eric W. Biederman"
>>>
>>> [ Upstream commit 4db4b1a0d1779dc159f7b87feb97030ec0b12597 ]
>>>
>&g
t; thread. Linux does allow this kind of behavior for regular threads, but
> it's really a compatability thing that we need not care about for the IO
> threads.
>
> Reported-by: Stefan Metzmacher
> Signed-off-by: Jens Axboe
> Signed-off-by: Sasha Levin
> ---
> kernel/sig
threads don't take
> signals in general, and have no means of flushing out a stop either.
>
> Longer term, we may want to look into allowing stop of these threads,
> as it relates to eg process freezing. For now, this prevents a spin
> issue if a SIGSTOP is delivered to the parent task.
&g
version.
Signed-off-by: Stefan Riedmueller
---
drivers/mtd/nand/raw/nand_bbt.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/drivers/mtd/nand/raw/nand_bbt.c b/drivers/mtd/nand/raw/nand_bbt.c
index dced32a126d9..6e25a5ce5ba9 100644
--- a/drivers/mtd/nand/raw/nand_bbt.c
+++ b/drivers/mtd/nand
Hi Nicolas,
Am 22.03.21 um 19:58 schrieb Nicolas Saenz Julienne:
> From: Nicolas Saenz Julienne
>
> Force emmc2's frequency to 150MHz as the default 100MHz (set by FW)
> seems to interfere with the VPU clock when setup at frequencies bigger
> than 500MHz (a pretty common case). This ends up
ng remoteproc support between
> Linux on the main processor and whatever you have on the CM3. You can
> use RPMsg to send requests back and forth between Linux and the CM3. It
> can request that the shared parts of the packet processor are set up for it.
> Linux can tell it when the link comes up? It can request how the PHY auto-
> neg should be configured.
>
> Andrew
I would check this option.
Thanks,
Stefan.
who cannot use it?
>
> Andrew
I can add CM3 SRAM update into ethtool priv flag callback, so CM3 won't use
port till it was reserved to CM3.
Stefan.
_i.h| 5 +
> fs/fuse/inode.c | 7 +++
> fs/fuse/virtio_fs.c | 14 ++
> 3 files changed, 26 insertions(+)
Nice that FUSE already has max_pages :-).
Reviewed-by: Stefan Hajnoczi
signature.asc
Description: PGP signature
Am 22.03.21 um 07:50 schrieb Christoph Hellwig:
> On Mon, Mar 22, 2021 at 09:47:13AM +0300, Dan Carpenter wrote:
>> On Mon, Mar 22, 2021 at 02:13:41PM +0900, Namjae Jeon wrote:
>>> +static unsigned char
>>> +asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch)
>>> +{
>>> + if
Am 19.03.21 um 14:08 schrieb Jens Axboe:
> On 3/19/21 2:02 AM, Stefan Metzmacher wrote:
>>
>> Am 19.03.21 um 00:25 schrieb Jens Axboe:
>>> On 3/18/21 5:16 PM, Stephen Rothwell wrote:
>>>> Hi all,
>>>>
>>>> Commit
>>>>
&g
Am 19.03.21 um 00:25 schrieb Jens Axboe:
> On 3/18/21 5:16 PM, Stephen Rothwell wrote:
>> Hi all,
>>
>> Commit
>>
>> c2c6c067c050 ("io_uring: remove structures from include/linux/io_uring.h")
>>
>> is missing a Signed-off-by from its autho
_sys_finit_module+0xb5/0x120
> [<ad2f48c6>] do_syscall_64+0x33/0x40
> [<809526b5>] entry_SYSCALL_64_after_hwframe+0x44/0xae
>
> Cc: sta...@vger.kernel.org
> Signed-off-by: Luis Henriques
> ---
> Changes since v1:
> - Use kfree() to free fs->vqs instead of calling virtio_fs_put()
>
> fs/fuse/virtio_fs.c | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Stefan Hajnoczi
signature.asc
Description: PGP signature
Herbert,
if you could queue patches 1-9 in a topic branch, that would be great!
Regards,
Stefan
On 3/16/21 5:07 PM, Stefan Berger wrote:
This series of patches adds support for x509 certificates signed by a CA
that uses NIST P384, P256 or P192 keys for signing. It also adds support
certs/signing_key.*) when falling
back to building an older version of a kernel that only supports RSA
keys since otherwise ECDSA-signed modules will not be usable when that
older kernel runs and the ECDSA key was still used for signing modules.
Signed-off-by: Stefan Berger
Reviewed-by: Mimi Zohar
- add OID_ansip384r1
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
v10->v11:
- renamed OID_id_secp384r1 to OID_id_ansip384r1 (spec name)
---
crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
include/linux/oid_registry.h | 1 +
2 files changed, 4 insertions(+)
d
* crypto/testmgr.h
- add test vector params for P384(sha1, sha224, sha256, sha384
and sha512)
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
Acked-by: Jarkko Sakkinen
---
crypto/ecdsa.c | 33 +-
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 157
type to be driven by the key's signature scheme rather
than by the hash type.
Cc: Dmitry Kasatkin
Cc: linux-integr...@vger.kernel.org
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Vitaly Chikunov
Reviewed-by: Tianjia Zhang
Acked-by: Mimi Zohar
:
* crypto/ecc.c
- add vli_mmod_fast_384
- change some routines to pass ecc_curve forward until vli_mmod_fast
* crypto/ecc.h
- add ECC_CURVE_NIST_P384_DIGITS
- change ECC_MAX_DIGITS to P384 size
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecc.c | 266
ecc_get_curve to accept nist_p384
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
Acked-by: Jarkko Sakkinen
---
crypto/ecc.c| 2 ++
crypto/ecc_curve_defs.h | 32
include/crypto/ecdh.h | 1 +
3 files changed, 35 insertions(+)
diff --git
verification
is implemented.
Cc: Herbert Xu
Cc: "David S. Miller"
Cc: linux-cry...@vger.kernel.org
Signed-off-by: Stefan Berger
---
v10->v11:
- Split off OID definitions for ECDSA with sha224/256/384/512
- Addressed Jarkko's comments
v8->v9:
- unregister nist_p192 curve if
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
Tested-by: Tianjia
/Using-Pkcs11-Device-(SoftHSM)-for-Signing-Linux-Kernel-Modules
Stefan and Saulo
v11->v12:
- Added Jarkko's Acked-by's
v10->v11:
- Addressed Jarkko's comments
- Split off OID definitions from first patch into own patch
- Renamed OID_id_secp384r1 to OID_id_ansip384r1 (spec name
Add OIDs for ECDSA with SHA224/256/384/512.
Signed-off-by: Stefan Berger
Acked-by: Jarkko Sakkinen
---
include/linux/oid_registry.h | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 4462ed2c18cd
Add support for parsing of x509 certificates that contain ECDSA keys,
such as NIST P256, that have been signed by a CA using any of the
current SHA hash algorithms.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
---
v7->v8:
- do not detect key algo us
wants to enable it or not for his platform.
For the main CM3 management port use case, security is not an issue since the
CM3 processor is secured by hardware in the device and its code is
authenticated.
Stefan.
> Hi Stefan
>
> Thanks for the strings change. Looks a lot better.
>
> Now i took a look at the bigger picture.
>
> > According to Armada SoC architecture and design, all the PPv2 ports
> > which are populated on the same communication processor silicon die
> &g
on(card, TCODE_WRITE_QUADLET_REQUEST,
> device->node_id, generation, device->max_speed,
> - CSR_REGISTER_BASE + CSR_BROADCAST_CHANNEL,
> + CSR_REGISTER_BASE | CSR_BROADCAST_CHANNEL,
>
On Thu, Mar 11, 2021 at 7:33 PM Yu, Yu-cheng wrote:
>
> On 3/11/2021 9:17 AM, Stefan Puiu wrote:
> > Hi,
> >
> > My 2 cents below.
> >
> > On Tue, Mar 9, 2021, 16:33 Borislav Petkov > <mailto:b...@alien8.de>> wrote:
> >
> >
On 3/10/21 6:24 PM, Jarkko Sakkinen wrote:
On Thu, Mar 11, 2021 at 01:21:47AM +0200, Jarkko Sakkinen wrote:
On Wed, Mar 10, 2021 at 05:19:14PM -0500, Stefan Berger wrote:
When tpm_read_log_efi is called multiple times, which happens when
one loads and unloads a TPM2 driver multiple times
> > From: Stefan Chulski
> >
> > According to Armada SoC architecture and design, all the PPv2 ports
> > which are populated on the same communication processor silicon die
> > (CP11x) share the same Classifier and Parser engines.
> >
> > Ar
:35:12 hibinst kernel: worker_thread+0x53/0x3e0
Mar 8 15:35:12 hibinst kernel: ? process_one_work+0x370/0x370
Signed-off-by: Stefan Berger
---
drivers/char/tpm/eventlog/efi.c | 29 +
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/drivers/char/tpm
pport for event log pointer found in TPM2 ACPI
table")
Signed-off-by: Stefan Berger
---
drivers/char/tpm/eventlog/acpi.c | 33 +++-
1 file changed, 32 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/ac
river for supporting multiple emulated TPMs")
Signed-off-by: Stefan Berger
---
drivers/char/tpm/eventlog/common.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/char/tpm/eventlog/common.c
b/drivers/char/tpm/eventlog/common.c
index 7460f230bae4..8512ec76d526 100644
--- a/drivers/char/tp
This series of patches fixes a couple of issues related to TPM2
event logs, such as the disappearance of the TPM2 log on QEMU machines
running with UEFI (my fault) and a kernel fault due to an integer under-
flow when reading the TPM 2 log multiple times.
Regards,
Stefan
v1->v2:
- Revi
On 3/10/21 10:35 AM, Jarkko Sakkinen wrote:
On Fri, Mar 05, 2021 at 03:59:47PM -0500, Stefan Berger wrote:
From: Stefan Berger
Add OIDs for ECDSA with sha224/256/384/512.
Nit: SHA224/256/384/512 (sorry cannot help myself with these, have been
doing this way too much, consider me as a bot
> -Original Message-
> From: Andrew Lunn
> Sent: Wednesday, March 10, 2021 5:51 PM
> To: Stefan Chulski
> Cc: net...@vger.kernel.org; thomas.petazz...@bootlin.com;
> da...@davemloft.net; Nadav Haklai ; Yan
> Markman ; linux-kernel@vger.kernel.org;
pport for event log pointer found in TPM2 ACPI
table")
Signed-off-by: Stefan Berger
---
drivers/char/tpm/eventlog/acpi.c | 31 ++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/ac
river for supporting multiple emulated TPMs")
Signed-off-by: Stefan Berger
---
drivers/char/tpm/eventlog/common.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/char/tpm/eventlog/common.c
b/drivers/char/tpm/eventlog/common.c
index 7460f230bae4..8512ec76d526 100644
--- a/drivers/char/tp
/0x370
Mar 8 15:35:12 hibinst kernel: worker_thread+0x53/0x3e0
Mar 8 15:35:12 hibinst kernel: ? process_one_work+0x370/0x370
Signed-off-by: Stefan Berger
---
drivers/char/tpm/eventlog/efi.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/eventlog
This series of patches fixes a couple of issues related to TPM2
event logs, such as the disappearance of the TPM2 log on QEMU machines
running with UEFI (my fault) and a kernel fault due to an integer under-
flow when reading the TPM 2 log multiple times.
Regards,
Stefan
Stefan Berger (3
On 3/5/21 3:59 PM, Stefan Berger wrote:
diff --git a/crypto/Kconfig b/crypto/Kconfig
index a367fcfeb5d4..a31df40591f5 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -247,6 +247,16 @@ config CRYPTO_ECDH
help
Generic implementation of the ECDH algorithm
@@ -70,6 +72,30
Am 08.03.21 um 12:11 schrieb David Laight:
> From: Stefan Metzmacher
>> Sent: 07 March 2021 11:35
>>
>> Hi André,
>>> ** The wait on multiple problem
>>>
>>> The use case lies in the Wine implementation of the Windows NT interface
>>&g
Am 07.03.21 um 12:56 schrieb Daurnimator:
> On Sun, 7 Mar 2021 at 22:35, Stefan Metzmacher wrote:
>> Instead of having a blocked futex_waitv() waiting on an fd (maybe a generic
>> eventfd() or a new futex2fd())
>> would be a better interface?
>
> Like bring back F
ey->tfm[i])
+ if (!IS_ERR_OR_NULL(key->tfm[i]))
crypto_free_aead(key->tfm[i]);
kfree_sensitive(key);
Alex, are you happy with this patch now? I would like to get it applied.
Waiting for your review or ack given you had comments on the first version.
regards
Stefan Schmidt
Hi André,
> ** The wait on multiple problem
>
> The use case lies in the Wine implementation of the Windows NT interface
> WaitMultipleObjects. This Windows API function allows a thread to sleep
> waiting on the first of a set of event sources (mutexes, timers, signal,
> console input,
On 3/6/21 7:03 PM, Vitaly Chikunov wrote:
Stefan,
On Sat, Mar 06, 2021 at 06:29:18PM -0500, Stefan Berger wrote:
On 3/6/21 2:25 PM, Vitaly Chikunov wrote:
On Thu, Mar 04, 2021 at 07:51:57PM -0500, Stefan Berger wrote:
From: Saulo Alessandre
* crypto/ecc.c
- add vli_mmod_fast_384
On 3/6/21 2:25 PM, Vitaly Chikunov wrote:
Stefan,
On Thu, Mar 04, 2021 at 07:51:57PM -0500, Stefan Berger wrote:
From: Saulo Alessandre
* crypto/ecc.c
- add vli_mmod_fast_384
- change some routines to pass ecc_curve forward until vli_mmod_fast
* crypto/ecc.h
- add
Thanks for looking into this. I am fine with the SPDX identifier.
Regards,
Stefan
- add OID_ansip384r1
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
v10->v11:
- renamed OID_id_secp384r1 to OID_id_ansip384r1 (spec name)
---
crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
include/linux/oid_registry.h | 1 +
2 files changed, 4 insertions(+)
d
From: Stefan Berger
Add OIDs for ECDSA with sha224/256/384/512.
Signed-off-by: Stefan Berger
---
include/linux/oid_registry.h | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 4462ed2c18cd..b504e2f36b25
From: Stefan Berger
Add support for using elliptic curve keys for signing modules. It uses
a NIST P384 (secp384r1) key if the user chooses an elliptic curve key
and will have ECDSA support built into the kernel.
Note: A developer choosing an ECDSA key for signing modules has to
manually delete
From: Stefan Berger
Add support for IMA signature verification for EC keys. Since SHA type
of hashes can be used by RSA and ECDSA signature schemes we need to
look at the key and derive from the key which signature scheme to use.
Since this can be applied to all types of keys, we change
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
ecc_get_curve to accept nist_p384
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecc.c| 2 ++
crypto/ecc_curve_defs.h | 32
include/crypto/ecdh.h | 1 +
3 files changed, 35 insertions(+)
diff --git a/crypto/ecc.c b/crypto
* crypto/testmgr.h
- add test vector params for P384(sha1, sha224, sha256, sha384
and sha512)
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecdsa.c | 33 +-
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 157 +++
3
:
* crypto/ecc.c
- add vli_mmod_fast_384
- change some routines to pass ecc_curve forward until vli_mmod_fast
* crypto/ecc.h
- add ECC_CURVE_NIST_P384_DIGITS
- change ECC_MAX_DIGITS to P384 size
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecc.c | 266
From: Stefan Berger
Add support for parsing of x509 certificates that contain ECDSA keys,
such as NIST P256, that have been signed by a CA using any of the
current SHA hash algorithms.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
---
v7->v8:
- do not det
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST P384, P256 or P192 keys for signing. It also adds support for
certificates where the public key is one of this type of a key. The math
for ECDSA signature verification is also added
From: Stefan Berger
Add support for parsing the parameters of a NIST P256 or NIST P192 key.
Enable signature verification using these keys. The new module is
enabled with CONFIG_ECDSA:
Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
is A NIST cryptographic standard
On 3/5/21 12:10 PM, Jarkko Sakkinen wrote:
On Thu, Mar 04, 2021 at 07:51:58PM -0500, Stefan Berger wrote:
From: Saulo Alessandre
* crypto/ecdsa.c
- add ecdsa_nist_p384_init_tfm
- register and unregister P384 tfm
* crypto/testmgr.c
- add test vector for P384 on vector of tests
On 3/5/21 12:16 PM, Jarkko Sakkinen wrote:
On Thu, Mar 04, 2021 at 07:51:59PM -0500, Stefan Berger wrote:
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which
On 3/5/21 2:37 AM, Tianjia Zhang wrote:
Hi,
On 3/4/21 7:46 AM, Stefan Berger wrote:
Tianjia,
can you say whether SM2 support works for you before and after
applying this patch? I cannot verify it with an sm2 key I have
created using a sequence of commands like this:
> modpr
Herbert,
you can take patches 1-8. 9 will not apply without Nayna's series as
mentioned in the patch.
Regards,
Stefan
On 3/4/21 7:51 PM, Stefan Berger wrote:
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST P384, P256
-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecdsa.c | 33 +-
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 157 +++
3 files changed, 195 insertions(+), 1 deletion(-)
diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index 04fbb3d2abc5
From: Saulo Alessandre
* crypto/asymmetric_keys/x509_cert_parser.c
- prepare x509 parser to load nist_secp384r1
* include/linux/oid_registry.h
- add OID_id_secp384r1
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
include
From: Saulo Alessandre
* crypto/ecc.c
- add vli_mmod_fast_384
- change some routines to pass ecc_curve forward until vli_mmod_fast
* crypto/ecc.h
- add ECC_CURVE_NIST_P384_DIGITS
- change ECC_MAX_DIGITS to P384 size
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto
From: Saulo Alessandre
* crypto/ecc_curve_defs.h
- add nist_p384 params
* include/crypto/ecdh.h
- add ECC_CURVE_NIST_P384
* crypto/ecc.c
- change ecc_get_curve to accept nist_p384
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecc.c| 2 ++
crypto
From: Stefan Berger
Add support for IMA signature verification for EC keys. Since SHA type
of hashes can be used by RSA and ECDSA signature schemes we need to
look at the key and derive from the key which signature scheme to use.
Since this can be applied to all types of keys, we change
From: Stefan Berger
This patch adds support for using elliptic curve keys for signing
modules. It uses a NIST P384 (secp384r1) key if the user chooses an
elliptic curve key and will have ECDSA support built into the kernel.
Note: A developer choosing an ECDSA key for signing modules has
From: Stefan Berger
Add support for parsing the parameters of a NIST P256 or NIST P192 key.
Enable signature verification using these keys. The new module is
enabled with CONFIG_ECDSA:
Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
is A NIST cryptographic standard
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST P384, P256 or P192 keys for signing. It also adds support for
certificates where the public key is one of this type of a key. The math
for ECDSA signature verification is also added
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
From: Stefan Berger
This patch adds support for parsing of x509 certificates that contain
ECDSA keys, such as NIST P256, that have been signed by a CA using any
of the current SHA hash algorithms.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
---
v7->v8:
-
On Wed, Mar 03, 2021 at 01:43:39PM +, Colin King wrote:
> From: Colin Ian King
>
> The variable ret is being initialized with a value that is never read
> and it is being updated later with a new value. The initialization is
> redundant and can be removed.
>
> Addresses-Coverity: ("Unused
On 3/4/21 12:28 AM, Herbert Xu wrote:
On Thu, Feb 25, 2021 at 11:07:59AM -0500, Stefan Berger wrote:
From: Saulo Alessandre
* crypto/ecc_curve_defs.h
- add nist_p384 params
* include/crypto/ecdh.h
- add ECC_CURVE_NIST_P384
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
Maczdk46MEugmOsY/u+puf5qoi7JdLd/w3VpdixvDd26
vrxLKL7lCTVn5w3a07G7QB1dgdMDpzIRgWrVXC6jUzBRMB0GA1UdDgQWBBSxOVnE7ihvTb6Nczb4
/mow+HIc9TAfBgNVHSMEGDAWgBSxOVnE7ihvTb6Nczb4/mow+HIc9TAPBgNVHRMBAf8EBTADAQH/
MAoGCCqGSM49BAMCA0gAMEUCIE1kiji2ABUy663NANe0iCPjCeeqg02Yk4b3K+Ci/Qh4AiEA/cFB
eJEVklyveRMvuTP7BN7FG4U8iRdtedjiX+YrNio
On Tue, Mar 02, 2021 at 11:54:02AM +0100, Arnd Bergmann wrote:
> On Tue, Mar 2, 2021 at 10:51 AM Stefan Hajnoczi wrote:
> > On Tue, Mar 02, 2021 at 10:42:06AM +0800, Jie Deng wrote:
> > > > > +/*
> > > > > + * Definitions for virtio I2C Adpter
> > >
c(sizeof(*e) + request->length, GFP_KERNEL);
> if (e == NULL)
> return -ENOMEM;
There is already a length check for asynchronous stream requests.
It happens in ioctl_send_stream_packet().
--
Stefan Richter
-==--=-= --== ---=-
http://arcgraph.de/sr/
--
Greetings my beloved,
My name is Mrs.Julianna Stefan Ndoi,I am a deaf woman and also a cancer
patient who had decided to donate what I have to you for God's works. I
want to donate $8.5 million to you so that you will use part of the this
fund to help the poor ones,while you use the rest
> In particular, this structure looks like it is only ever usable between
> > the transfer functions in the driver itself, it is shared with neither
> > user space nor the virtio host side.
I agree. This struct is not part of the device interface. It's part of
the Linux driver implementation. This belongs inside the driver code and
not in include/uapi/ where public headers are located.
Stefan
signature.asc
Description: PGP signature
On 2/26/21 10:35 PM, yumeng wrote:
在 2021/2/26 0:08, Stefan Berger 写道:
From: Stefan Berger
diff --git a/certs/Makefile b/certs/Makefile
index 3fe6b73786fa..c487d7021c54 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -69,6 +69,18 @@ else
SIGNER = -signkey $(obj)/signing_key.key
Alessandre
Tested-by: Stefan Berger
---
crypto/ecc.c | 268 +--
crypto/ecc.h | 3 +-
2 files changed, 196 insertions(+), 75 deletions(-)
diff --git a/crypto/ecc.c b/crypto/ecc.c
index 25e79fd70566..c125576cda6b 100644
--- a/crypto/ecc.c
+++ b/crypto
From: Stefan Berger
Add support for parsing the parameters of a NIST P256 or NIST P192 key.
Enable signature verification using these keys. The new module is
enabled with CONFIG_ECDSA:
Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
is A NIST cryptographic standard
-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecdsa.c | 33 +-
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 157 +++
3 files changed, 195 insertions(+), 1 deletion(-)
diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index 04fbb3d2abc5
From: Saulo Alessandre
* crypto/asymmetric_keys/x509_cert_parser.c
- prepare x509 parser to load nist_secp384r1
* include/linux/oid_registry.h
- add OID_id_secp384r1
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
include
From: Saulo Alessandre
* crypto/ecc_curve_defs.h
- add nist_p384 params
* include/crypto/ecdh.h
- add ECC_CURVE_NIST_P384
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecc_curve_defs.h | 32
include/crypto/ecdh.h | 1 +
2 files
From: Stefan Berger
Add support for IMA signature verification for EC keys. Since SHA type
of hashes can be used by RSA and ECDSA signature schemes we need to
look at the key and derive from the key which signature scheme to use.
Since this can be applied to all types of keys, we change
From: Stefan Berger
This patch adds support for using elliptic curve keys for signing
modules. It uses a NIST P384 (secp384r1) key if the user chooses an
elliptic curve key and will have ECDSA support built into the kernel.
Note: A developer choosing an ECDSA key for signing modules has
From: Stefan Berger
This patch adds support for parsing of x509 certificates that contain
ECDSA keys, such as NIST P256, that have been signed by a CA using any
of the current SHA hash algorithms.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
---
v7->v8:
-
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST P384, P256 or P192 keys for signing. It also adds support for
certificates where the public key is one of this type of a key. The math
for ECDSA signature verification is also added
at these?
Yes, I have it on my list. I will try to fix them at the weekend.
Great, thank you!
Thanks for handling these. Your first batch is reviewed and applied. I
will wait for the next round before I send a pull request to net.
regards
Stefan Schmidt
re this patch helps the consistency
and clarity of the code.
If you do go ahead, please update the blk_get_request() doc comment
explicitly mentioning that blk_mq_free_request() needs to be called.
Stefan
signature.asc
Description: PGP signature
patches over the weekend with my endless test tool
creating keys in user space and loading them into the kernel. It worked
fine for NIST p256 & p384. Also signing kernel modules with NIST p384 is
working fine.
So, for the series:
Tested-by: Stefan Berger
Regards,
Stefan
765625.000)Kibits/s
> rngtest: FIPS tests speed: (min=34.742; avg=39.905; max=66.458)Mibits/s
> rngtest: Program run time: 97829648 microseconds
>
> 1000 successes and 0 failures -> 100% success rate
>
> Signed-off-by: Álvaro Fernández Rojas
i just want to mention that th
On 2/19/21 11:52 AM, Mimi Zohar wrote:
On Fri, 2021-02-19 at 10:41 -0500, Stefan Berger wrote:
From: Stefan Berger
This patch adds support for using elliptic curve keys for signing
modules. It uses a NIST P256 (prime256v1) key if the user chooses an
elliptic curve key.
A developer choosing
101 - 200 of 12116 matches
Mail list logo