Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris: "In this release: - PKCS#7 parser for the key management subsystem from David Howells - appoint Kees Cook as seccomp maintainer - bugfixes and general maintenance across the subsystem" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (94 commits) X.509: Need to export x509_request_asymmetric_key() netlabel: shorter names for the NetLabel catmap funcs/structs netlabel: fix the catmap walking functions netlabel: fix the horribly broken catmap functions netlabel: fix a problem when setting bits below the previously lowest bit PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1 tpm: simplify code by using %*phN specifier tpm: Provide a generic means to override the chip returned timeouts tpm: missing tpm_chip_put in tpm_get_random() tpm: Properly clean sysfs entries in error path tpm: Add missing tpm_do_selftest to ST33 I2C driver PKCS#7: Use x509_request_asymmetric_key() Revert "selinux: fix the default socket labeling in sock_graft()" X.509: x509_request_asymmetric_keys() doesn't need string length arguments PKCS#7: fix sparse non static symbol warning KEYS: revert encrypted key change ima: add support for measuring and appraising firmware firmware_class: perform new LSM checks security: introduce kernel_fw_from_file hook PKCS#7: Missing inclusion of linux/err.h ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-08-06 11:06:39 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-08-06 11:06:39 -0400
commit: bb2cbf5e9367d8598fecd0c48dead69560750223 (patch)
tree: fb2c620451b90f41a31726bdd82077813f941e39 /include/crypto
parent: e7fda6c4c3c1a7d6996dd75fd84670fa0b5d448f (diff)
parent: 478d085524c57cf4283699f529d5a4c22188ea69 (diff)
2 files changed, 40 insertions, 0 deletions
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
new file mode 100644
index 000000000000..691c79172a26
--- /dev/null
+++ b/include/crypto/pkcs7.h
@@ -0,0 +1,36 @@
+/* PKCS#7 crypto data parser
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+struct key;
+struct pkcs7_message;
+/*
+ * pkcs7_parser.c
+ */
+extern struct pkcs7_message *pkcs7_parse_message(const void *data,
+                                                 size_t datalen);
+extern void pkcs7_free_message(struct pkcs7_message *pkcs7);
+extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
+                                  const void **_data, size_t *_datalen,
+                                  bool want_wrapper);
+/*
+ * pkcs7_trust.c
+ */
+extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
+                                struct key *trust_keyring,
+                                bool *_trusted);
+/*
+ * pkcs7_verify.c
+ */
+extern int pkcs7_verify(struct pkcs7_message *pkcs7);
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index fc09732613ad..0d164c6af539 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -98,4 +98,8 @@ struct key;
 extern int verify_signature(const struct key *key,
                            const struct public_key_signature *sig);
+extern struct key *x509_request_asymmetric_key(struct key *keyring,
+                                               const char *issuer,
+                                               const char *key_id);
 #endif /* _LINUX_PUBLIC_KEY_H */
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-08-06 11:06:39 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-08-06 11:06:39 -0400
commit	bb2cbf5e9367d8598fecd0c48dead69560750223 (patch)
tree	fb2c620451b90f41a31726bdd82077813f941e39 /include/crypto
parent	e7fda6c4c3c1a7d6996dd75fd84670fa0b5d448f (diff)
parent	478d085524c57cf4283699f529d5a4c22188ea69 (diff)

diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h new file mode 100644 index 000000000000..691c79172a26 --- /dev/null +++ b/include/crypto/pkcs7.h
@@ -0,0 +1,36 @@
		1	/* PKCS#7 crypto data parser
		2	*
		3	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
		4	* Written by David Howells (dhowells@redhat.com)
		5	*
		6	* This program is free software; you can redistribute it and/or
		7	* modify it under the terms of the GNU General Public Licence
		8	* as published by the Free Software Foundation; either version
		9	* 2 of the Licence, or (at your option) any later version.
		10	*/
		11
		12	struct key;
		13	struct pkcs7_message;
		14
		15	/*
		16	* pkcs7_parser.c
		17	*/
		18	extern struct pkcs7_message pkcs7_parse_message(const void data,
		19	size_t datalen);
		20	extern void pkcs7_free_message(struct pkcs7_message *pkcs7);
		21
		22	extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
		23	const void *_data, size_t _datalen,
		24	bool want_wrapper);
		25
		26	/*
		27	* pkcs7_trust.c
		28	*/
		29	extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
		30	struct key *trust_keyring,
		31	bool *_trusted);
		32
		33	/*
		34	* pkcs7_verify.c
		35	*/
		36	extern int pkcs7_verify(struct pkcs7_message *pkcs7);


diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index fc09732613ad..0d164c6af539 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h
@@ -98,4 +98,8 @@ struct key;
98	extern int verify_signature(const struct key *key,	98	extern int verify_signature(const struct key *key,
99	const struct public_key_signature *sig);	99	const struct public_key_signature *sig);
100		100
		101	extern struct key x509_request_asymmetric_key(struct key keyring,
		102	const char *issuer,
		103	const char *key_id);
		104
101	#endif /* _LINUX_PUBLIC_KEY_H */	105	#endif /* _LINUX_PUBLIC_KEY_H */