* [PULL] modules
@ 2012-10-10 9:57 ` Rusty Russell
0 siblings, 0 replies; 11+ messages in thread
From: Rusty Russell @ 2012-10-10 9:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells,
David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer,
linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz,
Ralf Baechle, Randy Dunlap, Sam Ravnborg
The following changes since commit 925a6f0bf8bd122d5d2429af7f0ca0fecf4ae71f:
Merge tag 'hwspinlock-3.6-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ohad/hwspinlock (2012-09-18 11:58:54 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux.git modules-next
for you to fetch changes up to dbadc17683e6c673a69b236c0f041b931cc55c42:
X.509: Fix indefinite length element skip error handling (2012-10-10 20:06:39 +1030)
----------------------------------------------------------------
module signing is the highlight, but it's an all-over David Howells frenzy...
----------------------------------------------------------------
David Howells (30):
Make most arch asm/module.h files use asm-generic/module.h
KEYS: Add payload preparsing opportunity prior to key instantiate or update
MPILIB: Provide count_leading/trailing_zeros() based on arch functions
KEYS: Document asymmetric key type
KEYS: Implement asymmetric key type
KEYS: Asymmetric key pluggable data parsers
KEYS: Asymmetric public-key algorithm crypto key subtype
KEYS: Provide signature verification with an asymmetric key
MPILIB: Reinstate mpi_cmp[_ui]() and export for RSA signature verification
RSA: Implement signature verification algorithm [PKCS#1 / RFC3447]
RSA: Fix signature verification for shorter signatures
X.509: Implement simple static OID registry
X.509: Add utility functions to render OIDs as strings
X.509: Add simple ASN.1 grammar compiler
X.509: Add an ASN.1 decoder
MPILIB: Provide a function to read raw data into an MPI
X.509: Add a crypto key parser for binary (DER) X.509 certificates
MODSIGN: Add FIPS policy
MODSIGN: Provide gitignore and make clean rules for extra files
MODSIGN: Provide Kconfig options
MODSIGN: Automatically generate module signing keys if missing
MODSIGN: Provide module signing public keys to the kernel
MODSIGN: Implement module signature checking
MODSIGN: Provide a script for generating a key ID from an X.509 cert
MODSIGN: Sign modules during the build process
MODSIGN: Use the same digest for the autogen key sig as for the module sig
MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs
MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking
X.509: Convert some printk calls to pr_devel
X.509: Fix indefinite length element skip error handling
Matthew Garrett (1):
module: taint kernel when lve module is loaded
Ralf Baechle (1):
MIPS: Fix module.c build for 32 bit
Randy Dunlap (1):
asymmetric keys: fix printk format warning
Rusty Russell (4):
module: fix symbol waiting when module fails before init
module: wait when loading a module which is currently initializing.
module: signature checking hook
MODSIGN: Make mrproper should remove generated files.
.gitignore | 14 +
Documentation/crypto/asymmetric-keys.txt | 312 ++++++
Documentation/kernel-parameters.txt | 6 +
Documentation/security/keys.txt | 50 +-
Makefile | 6 +-
arch/Kconfig | 19 +
arch/alpha/Kconfig | 2 +
arch/alpha/include/asm/module.h | 10 +-
arch/arm/Kconfig | 2 +
arch/arm/include/asm/module.h | 8 +-
arch/avr32/Kconfig | 2 +
arch/avr32/include/asm/module.h | 6 +-
arch/blackfin/Kconfig | 2 +
arch/blackfin/include/asm/module.h | 4 +-
arch/c6x/Kconfig | 1 +
arch/c6x/include/asm/module.h | 12 +-
arch/cris/Kconfig | 1 +
arch/cris/include/asm/Kbuild | 2 +
arch/cris/include/asm/module.h | 9 -
arch/frv/include/asm/module.h | 8 +-
arch/h8300/Kconfig | 1 +
arch/h8300/include/asm/Kbuild | 2 +
arch/h8300/include/asm/module.h | 11 -
arch/hexagon/Kconfig | 1 +
arch/ia64/Kconfig | 2 +
arch/ia64/include/asm/module.h | 6 +-
arch/m32r/Kconfig | 1 +
arch/m32r/include/asm/Kbuild | 2 +
arch/m32r/include/asm/module.h | 10 -
arch/m32r/kernel/module.c | 15 -
arch/m68k/Kconfig | 3 +
arch/m68k/include/asm/module.h | 6 +-
arch/microblaze/Kconfig | 1 +
arch/mips/Kconfig | 3 +
arch/mips/include/asm/module.h | 10 +-
arch/mips/kernel/Makefile | 1 +
arch/mips/kernel/module-rela.c | 145 +++
arch/mips/kernel/module.c | 121 +--
arch/mn10300/Kconfig | 1 +
arch/mn10300/include/asm/module.h | 7 +-
arch/openrisc/Kconfig | 1 +
arch/parisc/Kconfig | 2 +
arch/parisc/include/asm/module.h | 16 +-
arch/powerpc/Kconfig | 2 +
arch/powerpc/include/asm/module.h | 7 +-
arch/s390/Kconfig | 2 +
arch/s390/include/asm/module.h | 18 +-
arch/score/Kconfig | 2 +
arch/score/include/asm/module.h | 6 +-
arch/score/kernel/module.c | 10 -
arch/sh/Kconfig | 2 +
arch/sh/include/asm/module.h | 14 +-
arch/sparc/Kconfig | 1 +
arch/sparc/include/asm/Kbuild | 1 +
arch/sparc/include/asm/module.h | 24 -
arch/tile/Kconfig | 1 +
arch/unicore32/Kconfig | 1 +
arch/x86/Kconfig | 2 +
arch/x86/um/Kconfig | 2 +
arch/xtensa/Kconfig | 1 +
arch/xtensa/include/asm/module.h | 9 +-
crypto/Kconfig | 1 +
crypto/Makefile | 1 +
crypto/asymmetric_keys/.gitignore | 1 +
crypto/asymmetric_keys/Kconfig | 38 +
crypto/asymmetric_keys/Makefile | 27 +
crypto/asymmetric_keys/asymmetric_keys.h | 15 +
crypto/asymmetric_keys/asymmetric_type.c | 274 +++++
crypto/asymmetric_keys/public_key.c | 108 ++
crypto/asymmetric_keys/public_key.h | 30 +
crypto/asymmetric_keys/rsa.c | 277 ++++++
crypto/asymmetric_keys/signature.c | 49 +
crypto/asymmetric_keys/x509.asn1 | 60 ++
crypto/asymmetric_keys/x509_cert_parser.c | 496 +++++++++
crypto/asymmetric_keys/x509_parser.h | 36 +
crypto/asymmetric_keys/x509_public_key.c | 239 +++++
crypto/asymmetric_keys/x509_rsakey.asn1 | 4 +
fs/cifs/cifs_spnego.c | 6 +-
fs/cifs/cifsacl.c | 8 +-
include/asm-generic/bitops/count_zeros.h | 57 ++
include/asm-generic/module.h | 40 +-
include/crypto/public_key.h | 108 ++
include/keys/asymmetric-parser.h | 37 +
include/keys/asymmetric-subtype.h | 55 +
include/keys/asymmetric-type.h | 25 +
include/keys/user-type.h | 6 +-
include/linux/asn1.h | 67 ++
include/linux/asn1_ber_bytecode.h | 87 ++
include/linux/asn1_decoder.h | 24 +
include/linux/key-type.h | 35 +-
include/linux/module.h | 8 +
include/linux/moduleloader.h | 36 +-
include/linux/mpi.h | 1 +
include/linux/oid_registry.h | 92 ++
init/Kconfig | 68 ++
kernel/Makefile | 77 ++
kernel/modsign_pubkey.c | 113 +++
kernel/module-internal.h | 15 +
kernel/module.c | 157 ++-
kernel/module_signing.c | 243 +++++
lib/.gitignore | 2 +-
lib/Kconfig | 5 +
lib/Makefile | 18 +
lib/asn1_decoder.c | 487 +++++++++
lib/build_OID_registry | 209 ++++
lib/mpi/Makefile | 1 +
lib/mpi/longlong.h | 138 +--
lib/mpi/mpi-bit.c | 2 +-
lib/mpi/mpi-cmp.c | 70 ++
lib/mpi/mpi-pow.c | 4 +-
lib/mpi/mpicoder.c | 55 +
lib/oid_registry.c | 170 ++++
net/ceph/crypto.c | 9 +-
net/dns_resolver/dns_key.c | 6 +-
net/rxrpc/ar-key.c | 40 +-
scripts/.gitignore | 1 +
scripts/Makefile | 2 +
scripts/Makefile.build | 11 +
scripts/Makefile.modpost | 77 +-
scripts/asn1_compiler.c | 1545 +++++++++++++++++++++++++++++
scripts/sign-file | 115 +++
scripts/x509keyid | 268 +++++
security/keys/encrypted-keys/encrypted.c | 16 +-
security/keys/key.c | 114 ++-
security/keys/keyctl.c | 18 +-
security/keys/keyring.c | 6 +-
security/keys/request_key_auth.c | 8 +-
security/keys/trusted.c | 16 +-
security/keys/user_defined.c | 14 +-
129 files changed, 6803 insertions(+), 594 deletions(-)
create mode 100644 Documentation/crypto/asymmetric-keys.txt
delete mode 100644 arch/cris/include/asm/module.h
delete mode 100644 arch/h8300/include/asm/module.h
delete mode 100644 arch/m32r/include/asm/module.h
create mode 100644 arch/mips/kernel/module-rela.c
delete mode 100644 arch/sparc/include/asm/module.h
create mode 100644 crypto/asymmetric_keys/.gitignore
create mode 100644 crypto/asymmetric_keys/Kconfig
create mode 100644 crypto/asymmetric_keys/Makefile
create mode 100644 crypto/asymmetric_keys/asymmetric_keys.h
create mode 100644 crypto/asymmetric_keys/asymmetric_type.c
create mode 100644 crypto/asymmetric_keys/public_key.c
create mode 100644 crypto/asymmetric_keys/public_key.h
create mode 100644 crypto/asymmetric_keys/rsa.c
create mode 100644 crypto/asymmetric_keys/signature.c
create mode 100644 crypto/asymmetric_keys/x509.asn1
create mode 100644 crypto/asymmetric_keys/x509_cert_parser.c
create mode 100644 crypto/asymmetric_keys/x509_parser.h
create mode 100644 crypto/asymmetric_keys/x509_public_key.c
create mode 100644 crypto/asymmetric_keys/x509_rsakey.asn1
create mode 100644 include/asm-generic/bitops/count_zeros.h
create mode 100644 include/crypto/public_key.h
create mode 100644 include/keys/asymmetric-parser.h
create mode 100644 include/keys/asymmetric-subtype.h
create mode 100644 include/keys/asymmetric-type.h
create mode 100644 include/linux/asn1.h
create mode 100644 include/linux/asn1_ber_bytecode.h
create mode 100644 include/linux/asn1_decoder.h
create mode 100644 include/linux/oid_registry.h
create mode 100644 kernel/modsign_pubkey.c
create mode 100644 kernel/module-internal.h
create mode 100644 kernel/module_signing.c
create mode 100644 lib/asn1_decoder.c
create mode 100755 lib/build_OID_registry
create mode 100644 lib/mpi/mpi-cmp.c
create mode 100644 lib/oid_registry.c
create mode 100644 scripts/asn1_compiler.c
create mode 100644 scripts/sign-file
create mode 100755 scripts/x509keyid
^ permalink raw reply [flat|nested] 11+ messages in thread* [PULL] modules @ 2012-10-10 9:57 ` Rusty Russell 0 siblings, 0 replies; 11+ messages in thread From: Rusty Russell @ 2012-10-10 9:57 UTC (permalink / raw) To: Linus Torvalds Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells, David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer, linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz, Ralf Baechle, Randy Dunlap, Sam Ravnborg The following changes since commit 925a6f0bf8bd122d5d2429af7f0ca0fecf4ae71f: Merge tag 'hwspinlock-3.6-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ohad/hwspinlock (2012-09-18 11:58:54 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux.git modules-next for you to fetch changes up to dbadc17683e6c673a69b236c0f041b931cc55c42: X.509: Fix indefinite length element skip error handling (2012-10-10 20:06:39 +1030) ---------------------------------------------------------------- module signing is the highlight, but it's an all-over David Howells frenzy... ---------------------------------------------------------------- David Howells (30): Make most arch asm/module.h files use asm-generic/module.h KEYS: Add payload preparsing opportunity prior to key instantiate or update MPILIB: Provide count_leading/trailing_zeros() based on arch functions KEYS: Document asymmetric key type KEYS: Implement asymmetric key type KEYS: Asymmetric key pluggable data parsers KEYS: Asymmetric public-key algorithm crypto key subtype KEYS: Provide signature verification with an asymmetric key MPILIB: Reinstate mpi_cmp[_ui]() and export for RSA signature verification RSA: Implement signature verification algorithm [PKCS#1 / RFC3447] RSA: Fix signature verification for shorter signatures X.509: Implement simple static OID registry X.509: Add utility functions to render OIDs as strings X.509: Add simple ASN.1 grammar compiler X.509: Add an ASN.1 decoder MPILIB: Provide a function to read raw data into an MPI X.509: Add a crypto key parser for binary (DER) X.509 certificates MODSIGN: Add FIPS policy MODSIGN: Provide gitignore and make clean rules for extra files MODSIGN: Provide Kconfig options MODSIGN: Automatically generate module signing keys if missing MODSIGN: Provide module signing public keys to the kernel MODSIGN: Implement module signature checking MODSIGN: Provide a script for generating a key ID from an X.509 cert MODSIGN: Sign modules during the build process MODSIGN: Use the same digest for the autogen key sig as for the module sig MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking X.509: Convert some printk calls to pr_devel X.509: Fix indefinite length element skip error handling Matthew Garrett (1): module: taint kernel when lve module is loaded Ralf Baechle (1): MIPS: Fix module.c build for 32 bit Randy Dunlap (1): asymmetric keys: fix printk format warning Rusty Russell (4): module: fix symbol waiting when module fails before init module: wait when loading a module which is currently initializing. module: signature checking hook MODSIGN: Make mrproper should remove generated files. .gitignore | 14 + Documentation/crypto/asymmetric-keys.txt | 312 ++++++ Documentation/kernel-parameters.txt | 6 + Documentation/security/keys.txt | 50 +- Makefile | 6 +- arch/Kconfig | 19 + arch/alpha/Kconfig | 2 + arch/alpha/include/asm/module.h | 10 +- arch/arm/Kconfig | 2 + arch/arm/include/asm/module.h | 8 +- arch/avr32/Kconfig | 2 + arch/avr32/include/asm/module.h | 6 +- arch/blackfin/Kconfig | 2 + arch/blackfin/include/asm/module.h | 4 +- arch/c6x/Kconfig | 1 + arch/c6x/include/asm/module.h | 12 +- arch/cris/Kconfig | 1 + arch/cris/include/asm/Kbuild | 2 + arch/cris/include/asm/module.h | 9 - arch/frv/include/asm/module.h | 8 +- arch/h8300/Kconfig | 1 + arch/h8300/include/asm/Kbuild | 2 + arch/h8300/include/asm/module.h | 11 - arch/hexagon/Kconfig | 1 + arch/ia64/Kconfig | 2 + arch/ia64/include/asm/module.h | 6 +- arch/m32r/Kconfig | 1 + arch/m32r/include/asm/Kbuild | 2 + arch/m32r/include/asm/module.h | 10 - arch/m32r/kernel/module.c | 15 - arch/m68k/Kconfig | 3 + arch/m68k/include/asm/module.h | 6 +- arch/microblaze/Kconfig | 1 + arch/mips/Kconfig | 3 + arch/mips/include/asm/module.h | 10 +- arch/mips/kernel/Makefile | 1 + arch/mips/kernel/module-rela.c | 145 +++ arch/mips/kernel/module.c | 121 +-- arch/mn10300/Kconfig | 1 + arch/mn10300/include/asm/module.h | 7 +- arch/openrisc/Kconfig | 1 + arch/parisc/Kconfig | 2 + arch/parisc/include/asm/module.h | 16 +- arch/powerpc/Kconfig | 2 + arch/powerpc/include/asm/module.h | 7 +- arch/s390/Kconfig | 2 + arch/s390/include/asm/module.h | 18 +- arch/score/Kconfig | 2 + arch/score/include/asm/module.h | 6 +- arch/score/kernel/module.c | 10 - arch/sh/Kconfig | 2 + arch/sh/include/asm/module.h | 14 +- arch/sparc/Kconfig | 1 + arch/sparc/include/asm/Kbuild | 1 + arch/sparc/include/asm/module.h | 24 - arch/tile/Kconfig | 1 + arch/unicore32/Kconfig | 1 + arch/x86/Kconfig | 2 + arch/x86/um/Kconfig | 2 + arch/xtensa/Kconfig | 1 + arch/xtensa/include/asm/module.h | 9 +- crypto/Kconfig | 1 + crypto/Makefile | 1 + crypto/asymmetric_keys/.gitignore | 1 + crypto/asymmetric_keys/Kconfig | 38 + crypto/asymmetric_keys/Makefile | 27 + crypto/asymmetric_keys/asymmetric_keys.h | 15 + crypto/asymmetric_keys/asymmetric_type.c | 274 +++++ crypto/asymmetric_keys/public_key.c | 108 ++ crypto/asymmetric_keys/public_key.h | 30 + crypto/asymmetric_keys/rsa.c | 277 ++++++ crypto/asymmetric_keys/signature.c | 49 + crypto/asymmetric_keys/x509.asn1 | 60 ++ crypto/asymmetric_keys/x509_cert_parser.c | 496 +++++++++ crypto/asymmetric_keys/x509_parser.h | 36 + crypto/asymmetric_keys/x509_public_key.c | 239 +++++ crypto/asymmetric_keys/x509_rsakey.asn1 | 4 + fs/cifs/cifs_spnego.c | 6 +- fs/cifs/cifsacl.c | 8 +- include/asm-generic/bitops/count_zeros.h | 57 ++ include/asm-generic/module.h | 40 +- include/crypto/public_key.h | 108 ++ include/keys/asymmetric-parser.h | 37 + include/keys/asymmetric-subtype.h | 55 + include/keys/asymmetric-type.h | 25 + include/keys/user-type.h | 6 +- include/linux/asn1.h | 67 ++ include/linux/asn1_ber_bytecode.h | 87 ++ include/linux/asn1_decoder.h | 24 + include/linux/key-type.h | 35 +- include/linux/module.h | 8 + include/linux/moduleloader.h | 36 +- include/linux/mpi.h | 1 + include/linux/oid_registry.h | 92 ++ init/Kconfig | 68 ++ kernel/Makefile | 77 ++ kernel/modsign_pubkey.c | 113 +++ kernel/module-internal.h | 15 + kernel/module.c | 157 ++- kernel/module_signing.c | 243 +++++ lib/.gitignore | 2 +- lib/Kconfig | 5 + lib/Makefile | 18 + lib/asn1_decoder.c | 487 +++++++++ lib/build_OID_registry | 209 ++++ lib/mpi/Makefile | 1 + lib/mpi/longlong.h | 138 +-- lib/mpi/mpi-bit.c | 2 +- lib/mpi/mpi-cmp.c | 70 ++ lib/mpi/mpi-pow.c | 4 +- lib/mpi/mpicoder.c | 55 + lib/oid_registry.c | 170 ++++ net/ceph/crypto.c | 9 +- net/dns_resolver/dns_key.c | 6 +- net/rxrpc/ar-key.c | 40 +- scripts/.gitignore | 1 + scripts/Makefile | 2 + scripts/Makefile.build | 11 + scripts/Makefile.modpost | 77 +- scripts/asn1_compiler.c | 1545 +++++++++++++++++++++++++++++ scripts/sign-file | 115 +++ scripts/x509keyid | 268 +++++ security/keys/encrypted-keys/encrypted.c | 16 +- security/keys/key.c | 114 ++- security/keys/keyctl.c | 18 +- security/keys/keyring.c | 6 +- security/keys/request_key_auth.c | 8 +- security/keys/trusted.c | 16 +- security/keys/user_defined.c | 14 +- 129 files changed, 6803 insertions(+), 594 deletions(-) create mode 100644 Documentation/crypto/asymmetric-keys.txt delete mode 100644 arch/cris/include/asm/module.h delete mode 100644 arch/h8300/include/asm/module.h delete mode 100644 arch/m32r/include/asm/module.h create mode 100644 arch/mips/kernel/module-rela.c delete mode 100644 arch/sparc/include/asm/module.h create mode 100644 crypto/asymmetric_keys/.gitignore create mode 100644 crypto/asymmetric_keys/Kconfig create mode 100644 crypto/asymmetric_keys/Makefile create mode 100644 crypto/asymmetric_keys/asymmetric_keys.h create mode 100644 crypto/asymmetric_keys/asymmetric_type.c create mode 100644 crypto/asymmetric_keys/public_key.c create mode 100644 crypto/asymmetric_keys/public_key.h create mode 100644 crypto/asymmetric_keys/rsa.c create mode 100644 crypto/asymmetric_keys/signature.c create mode 100644 crypto/asymmetric_keys/x509.asn1 create mode 100644 crypto/asymmetric_keys/x509_cert_parser.c create mode 100644 crypto/asymmetric_keys/x509_parser.h create mode 100644 crypto/asymmetric_keys/x509_public_key.c create mode 100644 crypto/asymmetric_keys/x509_rsakey.asn1 create mode 100644 include/asm-generic/bitops/count_zeros.h create mode 100644 include/crypto/public_key.h create mode 100644 include/keys/asymmetric-parser.h create mode 100644 include/keys/asymmetric-subtype.h create mode 100644 include/keys/asymmetric-type.h create mode 100644 include/linux/asn1.h create mode 100644 include/linux/asn1_ber_bytecode.h create mode 100644 include/linux/asn1_decoder.h create mode 100644 include/linux/oid_registry.h create mode 100644 kernel/modsign_pubkey.c create mode 100644 kernel/module-internal.h create mode 100644 kernel/module_signing.c create mode 100644 lib/asn1_decoder.c create mode 100755 lib/build_OID_registry create mode 100644 lib/mpi/mpi-cmp.c create mode 100644 lib/oid_registry.c create mode 100644 scripts/asn1_compiler.c create mode 100644 scripts/sign-file create mode 100755 scripts/x509keyid ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PULL] modules 2012-10-10 9:57 ` Rusty Russell @ 2012-10-14 20:11 ` Linus Torvalds -1 siblings, 0 replies; 11+ messages in thread From: Linus Torvalds @ 2012-10-14 20:11 UTC (permalink / raw) To: Rusty Russell Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells, David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer, linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz, Ralf Baechle, Randy Dunlap, Sam Ravnborg On Wed, Oct 10, 2012 at 2:57 AM, Rusty Russell <rusty@rustcorp.com.au> wrote: > > ---------------------------------------------------------------- > module signing is the highlight, but it's an all-over David Howells frenzy... > > ---------------------------------------------------------------- Hmm. What happened here? It *looks* from your pull request like you had a tag, and you usually do, but there's no tag anywhere.. I've pulled and resolved the branch, and I'm going through it now, but I'd like this verified before I push out if it all looks fine.. Linus ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PULL] modules @ 2012-10-14 20:11 ` Linus Torvalds 0 siblings, 0 replies; 11+ messages in thread From: Linus Torvalds @ 2012-10-14 20:11 UTC (permalink / raw) To: Rusty Russell Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells, David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer, linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz, Ralf Baechle, Randy Dunlap, Sam Ravnborg On Wed, Oct 10, 2012 at 2:57 AM, Rusty Russell <rusty@rustcorp.com.au> wrote: > > ---------------------------------------------------------------- > module signing is the highlight, but it's an all-over David Howells frenzy... > > ---------------------------------------------------------------- Hmm. What happened here? It *looks* from your pull request like you had a tag, and you usually do, but there's no tag anywhere.. I've pulled and resolved the branch, and I'm going through it now, but I'd like this verified before I push out if it all looks fine.. Linus ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PULL] modules 2012-10-14 20:11 ` Linus Torvalds @ 2012-10-14 20:53 ` Linus Torvalds -1 siblings, 0 replies; 11+ messages in thread From: Linus Torvalds @ 2012-10-14 20:53 UTC (permalink / raw) To: Rusty Russell Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells, David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer, linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz, Ralf Baechle, Randy Dunlap, Sam Ravnborg On Sun, Oct 14, 2012 at 1:11 PM, Linus Torvalds <torvalds@linux-foundation.org> wrote: > > I've pulled and resolved the branch, and I'm going through it now, but > I'd like this verified before I push out if it all looks fine.. Hmm. So this thing makes me wonder: /* Not having a signature is only an error if we're strict. */ if (err < 0 && fips_enabled) panic("Module verification failed with error %d in FIPS mode\n", err); do we really want to panic (even in fips_enabled mode)? Sounds like it will just kill the machine if we ever end up having an unsigned module by mistake anywhere. I realize that fips_enabled is only for crazy people, but it's exactly code like this that limits it to only crazy people. Is there some *reason* for this? Linus ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PULL] modules @ 2012-10-14 20:53 ` Linus Torvalds 0 siblings, 0 replies; 11+ messages in thread From: Linus Torvalds @ 2012-10-14 20:53 UTC (permalink / raw) To: Rusty Russell Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells, David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer, linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz, Ralf Baechle, Randy Dunlap, Sam Ravnborg On Sun, Oct 14, 2012 at 1:11 PM, Linus Torvalds <torvalds@linux-foundation.org> wrote: > > I've pulled and resolved the branch, and I'm going through it now, but > I'd like this verified before I push out if it all looks fine.. Hmm. So this thing makes me wonder: /* Not having a signature is only an error if we're strict. */ if (err < 0 && fips_enabled) panic("Module verification failed with error %d in FIPS mode\n", err); do we really want to panic (even in fips_enabled mode)? Sounds like it will just kill the machine if we ever end up having an unsigned module by mistake anywhere. I realize that fips_enabled is only for crazy people, but it's exactly code like this that limits it to only crazy people. Is there some *reason* for this? Linus ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PULL] modules 2012-10-14 20:53 ` Linus Torvalds (?) @ 2012-10-14 21:27 ` Alan Cox -1 siblings, 0 replies; 11+ messages in thread From: Alan Cox @ 2012-10-14 21:27 UTC (permalink / raw) To: Linus Torvalds Cc: Rusty Russell, LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells, David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer, linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz, Ralf Baechle, Randy Dunlap, Sam Ravnborg > I realize that fips_enabled is only for crazy people, but it's exactly > code like this that limits it to only crazy people. Is there some > *reason* for this? Presumably its so a typical server with reboot on panic will reboot so the attacker can hide the attempt better ;-) Alan ^ permalink raw reply [flat|nested] 11+ messages in thread
* FIPS-mode panic? (was Re: [PULL] modules) 2012-10-14 20:53 ` Linus Torvalds (?) (?) @ 2012-10-15 7:50 ` David Howells 2012-10-15 11:28 ` Stephan Mueller -1 siblings, 1 reply; 11+ messages in thread From: David Howells @ 2012-10-15 7:50 UTC (permalink / raw) To: Linus Torvalds, Stephan Mueller Cc: dhowells, Rusty Russell, LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer, linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz, Ralf Baechle, Randy Dunlap, Sam Ravnborg Linus Torvalds <torvalds@linux-foundation.org> wrote: > Hmm. So this thing makes me wonder: > > /* Not having a signature is only an error if we're strict. */ > if (err < 0 && fips_enabled) > panic("Module verification failed with error %d in FIPS mode\n", > err); > > do we really want to panic (even in fips_enabled mode)? That's what the FIPS people want. As I understand it, if there's some indication that the crypto stuff is compromised, the box should be shut down immediately. I've added Stephan Mueller to see if he can illuminate further. David ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: FIPS-mode panic? (was Re: [PULL] modules) 2012-10-15 7:50 ` FIPS-mode panic? (was Re: [PULL] modules) David Howells @ 2012-10-15 11:28 ` Stephan Mueller 0 siblings, 0 replies; 11+ messages in thread From: Stephan Mueller @ 2012-10-15 11:28 UTC (permalink / raw) To: David Howells Cc: Linus Torvalds, Rusty Russell, LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer, linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz, Ralf Baechle, Randy Dunlap, Sam Ravnborg On 15.10.2012 09:50:54, +0200, David Howells <dhowells@redhat.com> wrote: Hi David, > Linus Torvalds <torvalds@linux-foundation.org> wrote: > >> Hmm. So this thing makes me wonder: >> >> /* Not having a signature is only an error if we're strict. */ >> if (err < 0 && fips_enabled) >> panic("Module verification failed with error %d in FIPS mode\n", >> err); >> >> do we really want to panic (even in fips_enabled mode)? > > That's what the FIPS people want. As I understand it, if there's some > indication that the crypto stuff is compromised, the box should be shut down > immediately. > > I've added Stephan Mueller to see if he can illuminate further. > > David > The requirement for a FIPS 140-2 module is to disable the entire module if any component of its self test or integrity test failed. In the kernel, we have the FIPS 140-2 module of the kernel crypto API (the API itself plus the relevant kernel modules implementing the ciphers, block chaining modes, etc). Therefore, the requirement would be translated into the following: the kernel crypto API must be disabled if any of the self test or integrity tests failed. The self tests are the known answer tests in the kernel crypto API test manager. The integrity tests are the DSA signature checks of the kernel modules (at least the kernel crypto API ones) plus the static kernel binary itself (for the static kernel crypto API part -- this is done outside the kernel). The requirement to disable the module implies that the module is technically unavailable. There are two solutions that were contemplated for disabling the module: having a kind of global status of the crypto API that makes it non-responsive in case of an integrity/self-test error. The other solution is to simply terminate the entire kernel. As the former one also will lead to a kernel failure eventually as many parts of the kernel depend on the crypto API, the implementation of the latter option was chosen. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PULL] modules 2012-10-14 20:11 ` Linus Torvalds @ 2012-10-15 9:16 ` Rusty Russell -1 siblings, 0 replies; 11+ messages in thread From: Rusty Russell @ 2012-10-15 9:16 UTC (permalink / raw) To: Linus Torvalds Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells, David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer, linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz, Ralf Baechle, Randy Dunlap, Sam Ravnborg Linus Torvalds <torvalds@linux-foundation.org> writes: > On Wed, Oct 10, 2012 at 2:57 AM, Rusty Russell <rusty@rustcorp.com.au> wrote: >> >> ---------------------------------------------------------------- >> module signing is the highlight, but it's an all-over David Howells frenzy... >> >> ---------------------------------------------------------------- > > Hmm. What happened here? It *looks* from your pull request like you > had a tag, and you usually do, but there's no tag anywhere.. > > I've pulled and resolved the branch, and I'm going through it now, but > I'd like this verified before I push out if it all looks fine.. > > Linus Ah, I missed pushing the tag. I used to fabricate a git tree for you from my quilt series, and that script did the right thing. Thanks, Rusty. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PULL] modules @ 2012-10-15 9:16 ` Rusty Russell 0 siblings, 0 replies; 11+ messages in thread From: Rusty Russell @ 2012-10-15 9:16 UTC (permalink / raw) To: Linus Torvalds Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells, David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer, linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz, Ralf Baechle, Randy Dunlap, Sam Ravnborg Linus Torvalds <torvalds@linux-foundation.org> writes: > On Wed, Oct 10, 2012 at 2:57 AM, Rusty Russell <rusty@rustcorp.com.au> wrote: >> >> ---------------------------------------------------------------- >> module signing is the highlight, but it's an all-over David Howells frenzy... >> >> ---------------------------------------------------------------- > > Hmm. What happened here? It *looks* from your pull request like you > had a tag, and you usually do, but there's no tag anywhere.. > > I've pulled and resolved the branch, and I'm going through it now, but > I'd like this verified before I push out if it all looks fine.. > > Linus Ah, I missed pushing the tag. I used to fabricate a git tree for you from my quilt series, and that script did the right thing. Thanks, Rusty. ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2012-10-15 11:48 UTC | newest] Thread overview: 11+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2012-10-10 9:57 [PULL] modules Rusty Russell 2012-10-10 9:57 ` Rusty Russell 2012-10-14 20:11 ` Linus Torvalds 2012-10-14 20:11 ` Linus Torvalds 2012-10-14 20:53 ` Linus Torvalds 2012-10-14 20:53 ` Linus Torvalds 2012-10-14 21:27 ` Alan Cox 2012-10-15 7:50 ` FIPS-mode panic? (was Re: [PULL] modules) David Howells 2012-10-15 11:28 ` Stephan Mueller 2012-10-15 9:16 ` [PULL] modules Rusty Russell 2012-10-15 9:16 ` Rusty Russell
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.