aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-01-17 19:43:39 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2012-01-17 19:43:39 -0500
commita25a2b84098eb5e001cb8086603d692aa95bf2ec (patch)
tree02c01b36251f7b0afb1a98093e14efb17d015910
parentf429ee3b808118591d1f3cdf3c0d0793911a5677 (diff)
parentf1be242c95257b199d8b679bc952ca33487c9af6 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: integrity: digital signature config option name change lib: Removed MPILIB, MPILIB_EXTRA, and SIGNATURE prompts lib: MPILIB Kconfig description update lib: digital signature dependency fix lib: digital signature config option name change encrypted-keys: fix rcu and sparse messages keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages KEYS: Add missing smp_rmb() primitives to the keyring search code TOMOYO: Accept \000 as a valid character. security: update MAINTAINERS file with new git repo
-rw-r--r--MAINTAINERS2
-rw-r--r--include/linux/digsig.h4
-rw-r--r--include/linux/key.h3
-rw-r--r--lib/Kconfig19
-rw-r--r--lib/Makefile2
-rw-r--r--security/integrity/Kconfig4
-rw-r--r--security/integrity/Makefile2
-rw-r--r--security/integrity/integrity.h4
-rw-r--r--security/keys/encrypted-keys/encrypted.c6
-rw-r--r--security/keys/encrypted-keys/masterkey_trusted.c4
-rw-r--r--security/keys/gc.c4
-rw-r--r--security/keys/keyring.c22
-rw-r--r--security/keys/trusted.c4
-rw-r--r--security/tomoyo/util.c6
14 files changed, 50 insertions, 36 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index 2a90101309d..ece8935025e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -5846,7 +5846,7 @@ F: drivers/mmc/host/sdhci-spear.c
5846SECURITY SUBSYSTEM 5846SECURITY SUBSYSTEM
5847M: James Morris <jmorris@namei.org> 5847M: James Morris <jmorris@namei.org>
5848L: linux-security-module@vger.kernel.org (suggested Cc:) 5848L: linux-security-module@vger.kernel.org (suggested Cc:)
5849T: git git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6.git 5849T: git git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
5850W: http://security.wiki.kernel.org/ 5850W: http://security.wiki.kernel.org/
5851S: Supported 5851S: Supported
5852F: security/ 5852F: security/
diff --git a/include/linux/digsig.h b/include/linux/digsig.h
index efae755017d..b01558b1581 100644
--- a/include/linux/digsig.h
+++ b/include/linux/digsig.h
@@ -46,7 +46,7 @@ struct signature_hdr {
46 char mpi[0]; 46 char mpi[0];
47} __packed; 47} __packed;
48 48
49#if defined(CONFIG_DIGSIG) || defined(CONFIG_DIGSIG_MODULE) 49#if defined(CONFIG_SIGNATURE) || defined(CONFIG_SIGNATURE_MODULE)
50 50
51int digsig_verify(struct key *keyring, const char *sig, int siglen, 51int digsig_verify(struct key *keyring, const char *sig, int siglen,
52 const char *digest, int digestlen); 52 const char *digest, int digestlen);
@@ -59,6 +59,6 @@ static inline int digsig_verify(struct key *keyring, const char *sig,
59 return -EOPNOTSUPP; 59 return -EOPNOTSUPP;
60} 60}
61 61
62#endif /* CONFIG_DIGSIG */ 62#endif /* CONFIG_SIGNATURE */
63 63
64#endif /* _DIGSIG_H */ 64#endif /* _DIGSIG_H */
diff --git a/include/linux/key.h b/include/linux/key.h
index 183a6af7715..bfc014c5735 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -293,6 +293,9 @@ static inline bool key_is_instantiated(const struct key *key)
293 (rcu_dereference_protected((KEY)->payload.rcudata, \ 293 (rcu_dereference_protected((KEY)->payload.rcudata, \
294 rwsem_is_locked(&((struct key *)(KEY))->sem))) 294 rwsem_is_locked(&((struct key *)(KEY))->sem)))
295 295
296#define rcu_assign_keypointer(KEY, PAYLOAD) \
297 (rcu_assign_pointer((KEY)->payload.rcudata, PAYLOAD))
298
296#ifdef CONFIG_SYSCTL 299#ifdef CONFIG_SYSCTL
297extern ctl_table key_sysctls[]; 300extern ctl_table key_sysctls[];
298#endif 301#endif
diff --git a/lib/Kconfig b/lib/Kconfig
index 201e1b33d72..169eb7c598e 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -286,25 +286,24 @@ config CORDIC
286 calculations are in fixed point. Module will be called cordic. 286 calculations are in fixed point. Module will be called cordic.
287 287
288config MPILIB 288config MPILIB
289 tristate "Multiprecision maths library" 289 tristate
290 help 290 help
291 Multiprecision maths library from GnuPG. 291 Multiprecision maths library from GnuPG.
292 It is used to implement RSA digital signature verification, 292 It is used to implement RSA digital signature verification,
293 which is used by IMA/EVM digital signature extension. 293 which is used by IMA/EVM digital signature extension.
294 294
295config MPILIB_EXTRA 295config MPILIB_EXTRA
296 bool "Multiprecision maths library - additional sources" 296 bool
297 depends on MPILIB 297 depends on MPILIB
298 help 298 help
299 Multiprecision maths library from GnuPG. 299 Additional sources of multiprecision maths library from GnuPG.
300 It is used to implement RSA digital signature verification, 300 This code is unnecessary for RSA digital signature verification,
301 which is used by IMA/EVM digital signature extension. 301 but can be compiled if needed.
302 This code in unnecessary for RSA digital signature verification,
303 and can be compiled if needed.
304 302
305config DIGSIG 303config SIGNATURE
306 tristate "In-kernel signature checker" 304 tristate
307 depends on KEYS 305 depends on KEYS && CRYPTO
306 select CRYPTO_SHA1
308 select MPILIB 307 select MPILIB
309 help 308 help
310 Digital signature verification. Currently only RSA is supported. 309 Digital signature verification. Currently only RSA is supported.
diff --git a/lib/Makefile b/lib/Makefile
index dace162c7e1..d71aae1b01b 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -119,7 +119,7 @@ obj-$(CONFIG_CORDIC) += cordic.o
119obj-$(CONFIG_DQL) += dynamic_queue_limits.o 119obj-$(CONFIG_DQL) += dynamic_queue_limits.o
120 120
121obj-$(CONFIG_MPILIB) += mpi/ 121obj-$(CONFIG_MPILIB) += mpi/
122obj-$(CONFIG_DIGSIG) += digsig.o 122obj-$(CONFIG_SIGNATURE) += digsig.o
123 123
124hostprogs-y := gen_crc32table 124hostprogs-y := gen_crc32table
125clean-files := crc32table.h 125clean-files := crc32table.h
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index d384ea92148..5bd1cc1b4a5 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -3,11 +3,11 @@ config INTEGRITY
3 def_bool y 3 def_bool y
4 depends on IMA || EVM 4 depends on IMA || EVM
5 5
6config INTEGRITY_DIGSIG 6config INTEGRITY_SIGNATURE
7 boolean "Digital signature verification using multiple keyrings" 7 boolean "Digital signature verification using multiple keyrings"
8 depends on INTEGRITY && KEYS 8 depends on INTEGRITY && KEYS
9 default n 9 default n
10 select DIGSIG 10 select SIGNATURE
11 help 11 help
12 This option enables digital signature verification support 12 This option enables digital signature verification support
13 using multiple keyrings. It defines separate keyrings for each 13 using multiple keyrings. It defines separate keyrings for each
diff --git a/security/integrity/Makefile b/security/integrity/Makefile
index bece0563ee5..d43799cc14f 100644
--- a/security/integrity/Makefile
+++ b/security/integrity/Makefile
@@ -3,7 +3,7 @@
3# 3#
4 4
5obj-$(CONFIG_INTEGRITY) += integrity.o 5obj-$(CONFIG_INTEGRITY) += integrity.o
6obj-$(CONFIG_INTEGRITY_DIGSIG) += digsig.o 6obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o
7 7
8integrity-y := iint.o 8integrity-y := iint.o
9 9
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 4da6ba81d15..7a25ecec5aa 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -51,7 +51,7 @@ struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
51#define INTEGRITY_KEYRING_IMA 2 51#define INTEGRITY_KEYRING_IMA 2
52#define INTEGRITY_KEYRING_MAX 3 52#define INTEGRITY_KEYRING_MAX 3
53 53
54#ifdef CONFIG_INTEGRITY_DIGSIG 54#ifdef CONFIG_INTEGRITY_SIGNATURE
55 55
56int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 56int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
57 const char *digest, int digestlen); 57 const char *digest, int digestlen);
@@ -65,7 +65,7 @@ static inline int integrity_digsig_verify(const unsigned int id,
65 return -EOPNOTSUPP; 65 return -EOPNOTSUPP;
66} 66}
67 67
68#endif /* CONFIG_INTEGRITY_DIGSIG */ 68#endif /* CONFIG_INTEGRITY_SIGNATURE */
69 69
70/* set during initialization */ 70/* set during initialization */
71extern int iint_initialized; 71extern int iint_initialized;
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 41144f71d61..2d1bb8af769 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -314,7 +314,7 @@ static struct key *request_user_key(const char *master_desc, u8 **master_key,
314 goto error; 314 goto error;
315 315
316 down_read(&ukey->sem); 316 down_read(&ukey->sem);
317 upayload = rcu_dereference(ukey->payload.data); 317 upayload = ukey->payload.data;
318 *master_key = upayload->data; 318 *master_key = upayload->data;
319 *master_keylen = upayload->datalen; 319 *master_keylen = upayload->datalen;
320error: 320error:
@@ -810,7 +810,7 @@ static int encrypted_instantiate(struct key *key, const void *data,
810 goto out; 810 goto out;
811 } 811 }
812 812
813 rcu_assign_pointer(key->payload.data, epayload); 813 rcu_assign_keypointer(key, epayload);
814out: 814out:
815 kfree(datablob); 815 kfree(datablob);
816 return ret; 816 return ret;
@@ -874,7 +874,7 @@ static int encrypted_update(struct key *key, const void *data, size_t datalen)
874 memcpy(new_epayload->payload_data, epayload->payload_data, 874 memcpy(new_epayload->payload_data, epayload->payload_data,
875 epayload->payload_datalen);