From: Suniel Mahesh
This fixes the following coccinelle warning:
WARNING: return of 0/1 in function 'ssi_is_hw_key' with return type bool.
return "false" instead of 0.
Signed-off-by: Suniel Mahesh
---
Changes for v3:
- Changed the commit log even more to give an accurate
description of the c
On Tue, Oct 17, 2017 at 5:06 PM, Russell King - ARM Linux
wrote:
> On Sun, Oct 15, 2017 at 10:19:45AM +0100, Gilad Ben-Yossef wrote:
>> Many users of kernel async. crypto services have a pattern of
>> starting an async. crypto op and than using a completion
>> to wait for it to end.
>>
>> This pat
On Wed, Oct 18, 2017 at 07:42:53AM +0530, suni...@techveda.org wrote:
> From: Suniel Mahesh
>
> Return "false" instead of 0.
>
> This fixes the following coccinelle warning:
> WARNING: return of 0/1 in function 'ssi_is_hw_key' with return type bool.
So close! The order of problem description and
On Wed, Oct 18, 2017 at 07:40:14AM +0530, suni...@techveda.org wrote:
> From: Suniel Mahesh
>
> Comparision operator "equal to" not required on a variable
> "foo" of type "bool". Bool has only two values, can be used
> directly or with logical not.
>
> This fixes the following coccinelle warning
From: Suniel Mahesh
Return "false" instead of 0.
This fixes the following coccinelle warning:
WARNING: return of 0/1 in function 'ssi_is_hw_key' with return type bool.
Signed-off-by: Suniel Mahesh
---
Changes for v2:
- Changed the commit log to give a more accurate description
of the changes
From: Suniel Mahesh
Comparision operator "equal to" not required on a variable
"foo" of type "bool". Bool has only two values, can be used
directly or with logical not.
This fixes the following coccinelle warning:
WARNING: Comparison of bool to 0/1
Signed-off-by: Suniel Mahesh
---
Changes for
A non-zero value is converted to 1 when assigned to a bool variable, so the
conditional operator in is_ima_appraise_enabled is redundant.
The value of a comparison operator is either 1 or 0 so the conditional
operator in ima_inode_setxattr is redundant as well.
Confirmed that the patch is correct
Superfluous parentheses just add clutter to the code, making it harder to
read and to understand.
In order to avoid churn and minimize conflicts with other patches from the
community, this patch only removes superfluous parentheses from lines that
are modified by other patches in this series.
Con
This patch removes unnecessary parentheses from all EVM and IMA files
not yet cleaned up by the previous patches.
It is separate from the previous one so that it can be easily dropped if
the churn and conflict potential is deemed not worth it.
Confirmed that the patch is correct by comparing the
The "goto out" statement doesn't have any purpose since there's no cleanup
to be done when returning early, so remove it. This also makes the rc
variable unnecessary so remove it as well.
Also, the xattr_len and fmt variables are redundant so remove them as well.
Signed-off-by: Thiago Jung Bauerm
This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by
a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT
which in turn selects CONFIG_KEYS. Kconfig then complains that
CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS.
Signed-off-by: Thiago Jung Bauermann
Replace nested ifs in the EVM xattr verification logic with a switch
statement, making the code easier to understand.
Also, add comments to the if statements in the out section.
Signed-off-by: Mimi Zohar
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/ima/ima.h | 5 +
ima_read_modsig will need it so that it can show an error message.
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/ima/ima.h| 2 ++
security/integrity/ima/ima_policy.c | 12 ++--
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/security/integrity/ima/im
When module-style signatures appended at the end of files are supported for
IMA appraisal, the code will fallback to the xattr signature if the
appended one fails to verify.
The problem is that we don't know whether we need to fallback to the xattr
signature until the appraise step, and by then th
IMA will need to obtain the keyring used to verify file signatures so that
it can verify the module-style signature appended to files.
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/digsig.c| 28 +++-
security/integrity/integrity.h | 1 +
2 files changed
IMA will need to access the digest used in the signature so that it can
verify files containing module-style appended signatures. For this purpose,
add function pkcs7_get_message_sig.
It will also need to verify an already parsed PKCS#7 message. For this
purpose, add function verify_pkcs7_message_
This is the code needed by IMA-appraise to work with modsig signatures.
It will be used by the next patch.
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/ima/Kconfig | 3 +
security/integrity/ima/ima.h| 34 +++
security/integrity/ima/ima_modsig.c | 119 ++
This patch removes unnecessary parentheses from all EVM and IMA files
touched by this patch series.
The difference from the previous patch is that it cleans up the files as a
whole, not just the lines that were already going to be modified by other
patches. It is separate from the previous one so
IMA will use the module_signature format for append signatures, so export
the relevant definitions and factor out the code which verifies that the
appended signature trailer is valid.
Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
and be able to use validate_module_signat
Add modsig support for templates which require the contents of the file
signature to be included in the measurement list.
Suggested-by: Mimi Zohar
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/ima/ima.h | 8
security/integrity/ima/ima_api.c | 8 +++
Even though struct evm_ima_xattr_data includes a fixed-size array to hold a
SHA1 digest, most of the code ignores the array and uses the struct to mean
"type indicator followed by data of unspecified size" and tracks the real
size of what the struct represents in a separate length variable.
The on
This patch introduces the modsig keyword to the IMA policy syntax to
specify that a given hook should expect the file to have the IMA signature
appended to it. Here is how it can be used in a rule:
appraise func=KEXEC_KERNEL_CHECK appraise_type=modsig|imasig
With this rule, IMA will accept either
This patch actually implements the appraise_type=modsig option, allowing
IMA to read and verify modsig signatures
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/ima/ima.h | 17 +++--
security/integrity/ima/ima_appraise.c | 119 --
security/i
The patch implementing modsig support will retry verifying the xattr
signature if the modsig verification fails, and if we have already passed
the modsig as the xattr_value we'll have problems if we pass the xattr sig
in the second call to evm_verifyxattr.
Since this is an optimization and not act
Hello,
The main highlight in this version is that it fixes a bug where the modsig
wasn't being included in the measurement list if the appraised file was
already measured by another rule. The fix is in the last patch.
Another change is that the last patch in the v4 series ("ima: Support
module-st
On 10/12/2017 11:55 AM, Colin King wrote:
From: Colin Ian King
Variable qim is assigned but never read, it is redundant and can
be removed.
Cleans up clang warning: Value stored to 'qim' is never read
Fixes: 4b394a232df7 ("crypto: ccp - Let a v5 CCP provide the same function as
v3")
Signed-o
Am Dienstag, 17. Oktober 2017, 09:58:31 CEST schrieb Christophe LEROY:
Hi Christophe,
>
> > If you tamper with the code shown above from libkcapi and set
> > alg_max_pages to a low value, the library reverts to sendmsg after the
> > given number of pages.
> Couldn't we get the libkcapi to splice
On 10/16/2017 08:51 AM, Andrey Ryabinin wrote:
> struct sha256_ctx_mgr allocated in sha256_mb_mod_init() via kzalloc()
> and later passed in sha256_mb_flusher_mgr_flush_avx2() function where
> instructions vmovdqa used to access the struct. vmovdqa requires
> 16-bytes aligned argument, but nothing
On Tue, 2017-10-17 at 08:14 +0200, Hannes Reinecke wrote:
> On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> > [ ... ]
> > void target_free_sgl(struct scatterlist *sgl, int nents)
> > {
> > - struct scatterlist *sg;
> > - int count;
> > -
> > - for_each_sg(sgl, sg, nents, count)
> > -
On Tue, 2017-10-17 at 08:21 +0200, Hannes Reinecke wrote:
> On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> > Signed-off-by: Bart Van Assche
> > Reviewed-by: Johannes Thumshirn
> > Cc: linux-s...@vger.kernel.org
> > Cc: Martin K. Petersen
> > Cc: Anil Ravindranath
> > ---
> > drivers/scsi/pmc
On Sun, Oct 15, 2017 at 10:19:45AM +0100, Gilad Ben-Yossef wrote:
> Many users of kernel async. crypto services have a pattern of
> starting an async. crypto op and than using a completion
> to wait for it to end.
>
> This patch set simplifies this common use case in two ways:
>
> First, by separ
Am Dienstag, 17. Oktober 2017, 10:51:06 CEST schrieb Christophe LEROY:
Hi Christophe,
>
> I've now tried a test with 1.0.0, and there seems to be another big
> issue: the error returned by sendmsg() is not taken into account anymore:
It seems that this bug was there before. Can you please check
On Tue, Oct 17, 2017 at 02:55:21PM +0300, Gilad Ben-Yossef wrote:
>
> Would you mind if we used ENOSPC instead of E2BIG?
>
> "No space left on device" seems more appropriate than
> "Argument list too long".
It's fine by me.
Thanks,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~he
On Mon, Oct 16, 2017 at 09:09:53PM -0200, Paulo Flabiano Smorigo wrote:
> Tue, Sep 19, 2017 at 11:18:45AM +0800, Herbert Xu wrote:
> > Hi:
> >
> > I have received a report that ghash on ppc64le does not interoperate
> > with other implementations of ghash, e.g., on x86-64.
> >
> > https://bugzill
+ linux-accelerat...@lists.ozlabs.org
Seems sensible to have this email actually go to the new list so
at least it appears in the archive.
Sorry all, I should have thought of this before pressing send,
Jonathan
On Tue, 17 Oct 2017 13:48:10 +0100
Jonathan Cameron wrote:
> On Tue, 17 Oct 2017 1
On Tue, 17 Oct 2017 11:00:40 +1100
Andrew Donnellan wrote:
> On 17/10/17 01:07, Jonathan Cameron wrote:
> >
> >
> >>> So as ever with a linux community focusing on a particular topic, the
> >>> obvious solution is a mailing list. There are a number of options on how
> >>> do this.
> >>>
> >>>
On Sun, Oct 15, 2017 at 6:38 PM, Herbert Xu wrote:
>
> On Sun, Oct 15, 2017 at 10:19:45AM +0100, Gilad Ben-Yossef wrote:
> >
> > Changes from v8:
> > - Remove the translation of EAGAIN return code to the
> > previous return code of EBUSY for the user space
> > interface of algif as no one seem
Add support for MD5, SHA1, SHA256 hash algorithms for Exynos HW.
It uses the crypto framework asynchronous hash api.
It is based on omap-sham.c driver.
S5P has some HW differencies and is not implemented.
Modifications in s5p-sss:
- Add hash supporting structures and functions.
- Modify irq hand
First patch cleans up spaces in defines, second adds HASH support for Exynos.
Changes:
version 7:
- fix ifdef into if(IS_ENABLED()) as suggested by Krzysztof Kozlowski
version 6:
- fixes suggested by Vladimir Zapolskiy: change HASH_OP enum into bool, fix
comments, change int into unsigned int i
change spaces into tabs in defines
Signed-off-by: Kamil Konieczny
---
drivers/crypto/s5p-sss.c | 190 +++
1 file changed, 95 insertions(+), 95 deletions(-)
diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c
index 7ac657f46d15..dfae1865c3
Le 15/10/2017 à 11:20, Gilad Ben-Yossef a écrit :
The talitos driver starts several async crypto ops and waits for their
completions. Move it over to generic code doing the same.
Signed-off-by: Gilad Ben-Yossef
Tested-by: Christophe Leroy
---
drivers/crypto/talitos.c | 38 +-
On 17.10.2017 12:07, Krzysztof Kozlowski wrote:
> On Mon, Oct 16, 2017 at 7:43 PM, Kamil Konieczny
> wrote:
>> Add support for MD5, SHA1, SHA256 hash algorithms for Exynos HW.
>>[...]
>> +#if IS_ENABLED(CONFIG_CRYPTO_DEV_EXYNOS_HASH)
>
> I missed that in v5 because you wrote it is fixed... but
On Mon, Oct 16, 2017 at 7:43 PM, Kamil Konieczny
wrote:
> Add support for MD5, SHA1, SHA256 hash algorithms for Exynos HW.
> It uses the crypto framework asynchronous hash api.
> It is based on omap-sham.c driver.
> S5P has some HW differencies and is not implemented.
>
> Modifications in s5p-sss:
On Mon, Oct 16, 2017 at 7:43 PM, Kamil Konieczny
wrote:
> Change spaces into tabs in defines.
>
> Signed-off-by: Kamil Konieczny
> ---
> drivers/crypto/s5p-sss.c | 190
> +++
> 1 file changed, 95 insertions(+), 95 deletions(-)
>
Reviewed-by: Krzyszto
Thanks Bart,
Reviewed-by: Johannes Thumshirn
--
Johannes Thumshirn Storage
jthumsh...@suse.de+49 911 74053 689
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG
Hi Again Stephan
Le 17/10/2017 à 09:58, Christophe LEROY a écrit :
Hi Stephan,
Le 16/10/2017 à 23:10, Stephan Mueller a écrit :
Am Montag, 16. Oktober 2017, 08:53:00 CEST schrieb Christophe LEROY:
Hi Christophe,
Hi Stephan,
I get an issue with md5sum of a big file with kernel 4.9. It don't
Hi Stephan,
Le 16/10/2017 à 23:10, Stephan Mueller a écrit :
Am Montag, 16. Oktober 2017, 08:53:00 CEST schrieb Christophe LEROY:
Hi Christophe,
Hi Stephan,
I get an issue with md5sum of a big file with kernel 4.9. It don't get
that issue with kernel 4.13.
The key to the difference in libk
47 matches
Mail list logo
