diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-14 16:39:34 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-14 16:39:34 -0400 |
| commit | d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d (patch) | |
| tree | f414482d768b015a609924293b779b4ad0b8f764 /net/rxrpc | |
| parent | b6eea87fc6850d3531a64a27d2323a4498cd4e43 (diff) | |
| parent | dbadc17683e6c673a69b236c0f041b931cc55c42 (diff) | |
Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull module signing support from Rusty Russell:
"module signing is the highlight, but it's an all-over David Howells frenzy..."
Hmm "Magrathea: Glacier signing key". Somebody has been reading too much HHGTTG.
* 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits)
X.509: Fix indefinite length element skip error handling
X.509: Convert some printk calls to pr_devel
asymmetric keys: fix printk format warning
MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking
MODSIGN: Make mrproper should remove generated files.
MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs
MODSIGN: Use the same digest for the autogen key sig as for the module sig
MODSIGN: Sign modules during the build process
MODSIGN: Provide a script for generating a key ID from an X.509 cert
MODSIGN: Implement module signature checking
MODSIGN: Provide module signing public keys to the kernel
MODSIGN: Automatically generate module signing keys if missing
MODSIGN: Provide Kconfig options
MODSIGN: Provide gitignore and make clean rules for extra files
MODSIGN: Add FIPS policy
module: signature checking hook
X.509: Add a crypto key parser for binary (DER) X.509 certificates
MPILIB: Provide a function to read raw data into an MPI
X.509: Add an ASN.1 decoder
X.509: Add simple ASN.1 grammar compiler
...
Diffstat (limited to 'net/rxrpc')
| -rw-r--r-- | net/rxrpc/ar-key.c | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c index 011d2384b115..7633a752c65e 100644 --- a/net/rxrpc/ar-key.c +++ b/net/rxrpc/ar-key.c | |||
| @@ -26,8 +26,8 @@ | |||
| 26 | #include "ar-internal.h" | 26 | #include "ar-internal.h" |
| 27 | 27 | ||
| 28 | static int rxrpc_vet_description_s(const char *); | 28 | static int rxrpc_vet_description_s(const char *); |
| 29 | static int rxrpc_instantiate(struct key *, const void *, size_t); | 29 | static int rxrpc_instantiate(struct key *, struct key_preparsed_payload *); |
| 30 | static int rxrpc_instantiate_s(struct key *, const void *, size_t); | 30 | static int rxrpc_instantiate_s(struct key *, struct key_preparsed_payload *); |
| 31 | static void rxrpc_destroy(struct key *); | 31 | static void rxrpc_destroy(struct key *); |
| 32 | static void rxrpc_destroy_s(struct key *); | 32 | static void rxrpc_destroy_s(struct key *); |
| 33 | static void rxrpc_describe(const struct key *, struct seq_file *); | 33 | static void rxrpc_describe(const struct key *, struct seq_file *); |
| @@ -678,7 +678,7 @@ error: | |||
| 678 | * | 678 | * |
| 679 | * if no data is provided, then a no-security key is made | 679 | * if no data is provided, then a no-security key is made |
| 680 | */ | 680 | */ |
| 681 | static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) | 681 | static int rxrpc_instantiate(struct key *key, struct key_preparsed_payload *prep) |
| 682 | { | 682 | { |
| 683 | const struct rxrpc_key_data_v1 *v1; | 683 | const struct rxrpc_key_data_v1 *v1; |
| 684 | struct rxrpc_key_token *token, **pp; | 684 | struct rxrpc_key_token *token, **pp; |
| @@ -686,26 +686,26 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) | |||
| 686 | u32 kver; | 686 | u32 kver; |
| 687 | int ret; | 687 | int ret; |
| 688 | 688 | ||
| 689 | _enter("{%x},,%zu", key_serial(key), datalen); | 689 | _enter("{%x},,%zu", key_serial(key), prep->datalen); |
| 690 | 690 | ||
| 691 | /* handle a no-security key */ | 691 | /* handle a no-security key */ |
| 692 | if (!data && datalen == 0) | 692 | if (!prep->data && prep->datalen == 0) |
| 693 | return 0; | 693 | return 0; |
| 694 | 694 | ||
| 695 | /* determine if the XDR payload format is being used */ | 695 | /* determine if the XDR payload format is being used */ |
| 696 | if (datalen > 7 * 4) { | 696 | if (prep->datalen > 7 * 4) { |
| 697 | ret = rxrpc_instantiate_xdr(key, data, datalen); | 697 | ret = rxrpc_instantiate_xdr(key, prep->data, prep->datalen); |
| 698 | if (ret != -EPROTO) | 698 | if (ret != -EPROTO) |
| 699 | return ret; | 699 | return ret; |
| 700 | } | 700 | } |
| 701 | 701 | ||
| 702 | /* get the key interface version number */ | 702 | /* get the key interface version number */ |
| 703 | ret = -EINVAL; | 703 | ret = -EINVAL; |
| 704 | if (datalen <= 4 || !data) | 704 | if (prep->datalen <= 4 || !prep->data) |
| 705 | goto error; | 705 | goto error; |
| 706 | memcpy(&kver, data, sizeof(kver)); | 706 | memcpy(&kver, prep->data, sizeof(kver)); |
| 707 | data += sizeof(kver); | 707 | prep->data += sizeof(kver); |
| 708 | datalen -= sizeof(kver); | 708 | prep->datalen -= sizeof(kver); |
| 709 | 709 | ||
| 710 | _debug("KEY I/F VERSION: %u", kver); | 710 | _debug("KEY I/F VERSION: %u", kver); |
| 711 | 711 | ||
| @@ -715,11 +715,11 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) | |||
| 715 | 715 | ||
| 716 | /* deal with a version 1 key */ | 716 | /* deal with a version 1 key */ |
| 717 | ret = -EINVAL; | 717 | ret = -EINVAL; |
| 718 | if (datalen < sizeof(*v1)) | 718 | if (prep->datalen < sizeof(*v1)) |
| 719 | goto error; | 719 | goto error; |
| 720 | 720 | ||
| 721 | v1 = data; | 721 | v1 = prep->data; |
| 722 | if (datalen != sizeof(*v1) + v1->ticket_length) | 722 | if (prep->datalen != sizeof(*v1) + v1->ticket_length) |
| 723 | goto error; | 723 | goto error; |
| 724 | 724 | ||
| 725 | _debug("SCIX: %u", v1->security_index); | 725 | _debug("SCIX: %u", v1->security_index); |
| @@ -784,17 +784,17 @@ error: | |||
| 784 | * instantiate a server secret key | 784 | * instantiate a server secret key |
| 785 | * data should be a pointer to the 8-byte secret key | 785 | * data should be a pointer to the 8-byte secret key |
| 786 | */ | 786 | */ |
| 787 | static int rxrpc_instantiate_s(struct key *key, const void *data, | 787 | static int rxrpc_instantiate_s(struct key *key, |
| 788 | size_t datalen) | 788 | struct key_preparsed_payload *prep) |
| 789 | { | 789 | { |
| 790 | struct crypto_blkcipher *ci; | 790 | struct crypto_blkcipher *ci; |
| 791 | 791 | ||
| 792 | _enter("{%x},,%zu", key_serial(key), datalen); | 792 | _enter("{%x},,%zu", key_serial(key), prep->datalen); |
| 793 | 793 | ||
| 794 | if (datalen != 8) | 794 | if (prep->datalen != 8) |
| 795 | return -EINVAL; | 795 | return -EINVAL; |
| 796 | 796 | ||
| 797 | memcpy(&key->type_data, data, 8); | 797 | memcpy(&key->type_data, prep->data, 8); |
| 798 | 798 | ||
| 799 | ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); | 799 | ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); |
| 800 | if (IS_ERR(ci)) { | 800 | if (IS_ERR(ci)) { |
| @@ -802,7 +802,7 @@ static int rxrpc_instantiate_s(struct key *key, const void *data, | |||
| 802 | return PTR_ERR(ci); | 802 | return PTR_ERR(ci); |
| 803 | } | 803 | } |
| 804 | 804 | ||
| 805 | if (crypto_blkcipher_setkey(ci, data, 8) < 0) | 805 | if (crypto_blkcipher_setkey(ci, prep->data, 8) < 0) |
| 806 | BUG(); | 806 | BUG(); |
| 807 | 807 | ||
| 808 | key->payload.data = ci; | 808 | key->payload.data = ci; |