Check return value from call to of_match_device()
in order to prevent a NULL pointer dereference.
In case of NULL print error message and return -ENODEV
Signed-off-by: Gustavo A. R. Silva
---
drivers/crypto/bcm/cipher.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/drivers/crypto/bcm
Even though struct evm_ima_xattr_data includes a fixed-size array to hold a
SHA1 digest, most of the code ignores the array and uses the struct to mean
"type indicator followed by data of unspecified size" and tracks the real
size of what the struct represents in a separate length variable.
The on
Hello,
The main change in this version is that the process of first trying to
verify a modsig and then trying an xattr sig if the former fails is now done
in ima_appraise_measurement instead of process_measurement. As a result, the
changes needed in the latter are small.
This is possible because
Add function verify_pkcs7_message_signature which takes a struct
pkcs7_message for verification isntead of the raw bytes that
verify_pkcs7_signature takes.
This will be used by IMA to verify files with module-style appended
signatures.
Signed-off-by: Thiago Jung Bauermann
---
certs/system_keyri
This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by
a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT
which in turn selects CONFIG_KEYS. Kconfig then complains that
CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS.
Signed-off-by: Thiago Jung Bauermann
IMA will use the module_signature format for append signatures, so export
the relevant definitions and factor out the code which verifies that the
appended signature trailer is valid.
Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
and be able to use validate_module_signat
When module-style signatures appended at the end of files are supported for
IMA appraisal, the code will fallback to the xattr signature if the
appended one fails to verify.
The problem is that we don't know whether we need to fallback to the xattr
signature until the appraise step, and by then th
IMA will need to obtain the keyring used to verify file signatures so that
it can verify the module-style signature appended to files.
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/digsig.c| 28 +++-
security/integrity/integrity.h | 1 +
2 files changed
This patch introduces the modsig keyword to the IMA policy syntax to
specify that a given hook should expect the file to have the IMA signature
appended to it. Here is how it can be used in a rule:
appraise func=KEXEC_KERNEL_CHECK appraise_type=modsig|imasig
With this rule, IMA will accept either
fixed WARNING: Block comments should align the * on each line
fixed WARNINGs: Missing a blank line after declarations
fixed ERROR: space prohibited before that ',' (ctx:WxE)
Signed-off-by: Chris Gorman
---
drivers/crypto/geode-aes.c | 17 ++---
1 file changed, 10 insertions(+), 7 del
Since SP device driver supports multiples devices (e.g CCP, PSP), we
should not fail the driver init just because CCP device is not found.
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/sp-dev.c | 12
1 file changed, 12 deletions(-)
diff --git a/drivers/
The CCP device is part of the AMD Secure Processor. In order to expand
the usage of the AMD Secure Processor, create a framework that allows
functional components of the AMD Secure Processor to be initialized and
handled appropriately.
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
driv
CCP device initializes is now integerated into higher level SP device,
to avoid the confusion lets rename the ccp driver initialization files
(ccp-platform.c->sp-platform.c, ccp-pci.c->sp-pci.c). The patch does not
make any functional changes other than renaming file and structures
Signed-off-by:
Update pci and platform files to use devres interface to allocate the PCI
and iomap resources. Also add helper functions to consolicate module init,
exit and power mangagement code duplication.
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/ccp-dev-v3.c | 7 +++
d
CCP device (drivers/crypto/ccp/ccp.ko) is part of AMD Secure Processor,
which is not dedicated solely to crypto. The AMD Secure Processor includes
CCP and PSP (Platform Secure Processor) devices.
This patch series adds a framework that allows functional component of the
AMD Secure Processor to be
The CCP and PSP devices part of AMD Secure Procesor may share the same
interrupt. Hence we expand the SP device to register a common interrupt
handler and provide functions to CCP and PSP devices to register their
interrupt callback which will be invoked upon interrupt.
Signed-off-by: Brijesh Sing
Hi Richard,
On 07/06/17 04:30 PM, Richard Weinberger wrote:
> Dave,
>
> On Wed, Jun 14, 2017 at 8:36 PM, Dave Watson wrote:
> > Documentation/networking/tls.txt | 135 +++
> > MAINTAINERS| 10 +
> > include/linux/socket.h | 1 +
> > include/net/inet
Dave,
On Wed, Jun 14, 2017 at 8:36 PM, Dave Watson wrote:
> Documentation/networking/tls.txt | 135 +++
> MAINTAINERS| 10 +
> include/linux/socket.h | 1 +
> include/net/inet_connection_sock.h | 4 +
> include/net/tcp.h | 27 ++
>
On 7/6/17 3:37 AM, kbuild test robot wrote:
> Hi Brijesh,
>
> [auto build test ERROR on cryptodev/master]
> [also build test ERROR on next-20170705]
> [cannot apply to v4.12]
> [if your patch is applied to the wrong git tree, please drop us a note to
> help improve the system]
>
> url:
> http
Hello Antoine Tenart,
The patch 1b44c5a60c13: "crypto: inside-secure - add SafeXcel EIP197
crypto engine driver" from May 24, 2017, leads to the following
static checker warning:
drivers/crypto/inside-secure/safexcel_hash.c:890
safexcel_hmac_sha1_setkey()
error: buffer overflow '
Hi Brijesh,
[auto build test ERROR on cryptodev/master]
[also build test ERROR on next-20170705]
[cannot apply to v4.12]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Brijesh-Singh/Introduce-AM
21 matches
Mail list logo
