* Re: [PATCH v2 0/2] crypto: streebog - add Streebog hash function [not found] ` <20181017060851.r5mxvpq3l2ycvpio@gondor.apana.org.au> @ 2018-11-03 5:51 ` Vitaly Chikunov 2018-11-05 12:48 ` Mimi Zohar 0 siblings, 1 reply; 4+ messages in thread From: Vitaly Chikunov @ 2018-11-03 5:51 UTC (permalink / raw) To: Herbert Xu Cc: David S. Miller, linux-crypto, linux-kernel, linux-integrity, Mimi Zohar, Dmitry Kasatkin Herbert, On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote: > On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote: > > > > It is the first part of attempts to add to the Integrity subsystem > > ability of verifying file and module signatures by Russian GOST > > algorithms. > > It would be better if these patches are posted together. That > way we don't end up with a situation where the algorithm goes into > the kernel but the ultimate user is rejected. IMA does not need any particular patching inside of their subtree to support new hash, because it is using any hash registered in Hash Info which is still under crypto subtree. I added appropriate patch into v3 which is already posted a week ago, and tested it to work correctly with ima_appraise=fix. Thanks, ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] crypto: streebog - add Streebog hash function 2018-11-03 5:51 ` [PATCH v2 0/2] crypto: streebog - add Streebog hash function Vitaly Chikunov @ 2018-11-05 12:48 ` Mimi Zohar 2018-11-05 12:55 ` Vitaly Chikunov 0 siblings, 1 reply; 4+ messages in thread From: Mimi Zohar @ 2018-11-05 12:48 UTC (permalink / raw) To: Vitaly Chikunov, Herbert Xu Cc: David S. Miller, linux-crypto, linux-kernel, linux-integrity, Mimi Zohar, Dmitry Kasatkin On Sat, 2018-11-03 at 08:51 +0300, Vitaly Chikunov wrote: > Herbert, > > On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote: > > On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote: > > > > > > It is the first part of attempts to add to the Integrity subsystem > > > ability of verifying file and module signatures by Russian GOST > > > algorithms. > > > > It would be better if these patches are posted together. That > > way we don't end up with a situation where the algorithm goes into > > the kernel but the ultimate user is rejected. > > IMA does not need any particular patching inside of their subtree to > support new hash, because it is using any hash registered in Hash Info > which is still under crypto subtree. I added appropriate patch into v3 > which is already posted a week ago, and tested it to work correctly with > ima_appraise=fix. That's true, but the target subsystem should be made aware of the new usage. Thanks, Herbert. Mimi ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] crypto: streebog - add Streebog hash function 2018-11-05 12:48 ` Mimi Zohar @ 2018-11-05 12:55 ` Vitaly Chikunov 2018-11-05 13:01 ` Mimi Zohar 0 siblings, 1 reply; 4+ messages in thread From: Vitaly Chikunov @ 2018-11-05 12:55 UTC (permalink / raw) To: Mimi Zohar Cc: Herbert Xu, David S. Miller, linux-crypto, linux-kernel, linux-integrity, Mimi Zohar, Dmitry Kasatkin Mimi, On Mon, Nov 05, 2018 at 07:48:33AM -0500, Mimi Zohar wrote: > On Sat, 2018-11-03 at 08:51 +0300, Vitaly Chikunov wrote: > > On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote: > > > On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote: > > > > > > > > It is the first part of attempts to add to the Integrity subsystem > > > > ability of verifying file and module signatures by Russian GOST > > > > algorithms. > > > > > > It would be better if these patches are posted together. That > > > way we don't end up with a situation where the algorithm goes into > > > the kernel but the ultimate user is rejected. > > > > IMA does not need any particular patching inside of their subtree to > > support new hash, because it is using any hash registered in Hash Info > > which is still under crypto subtree. I added appropriate patch into v3 > > which is already posted a week ago, and tested it to work correctly with > > ima_appraise=fix. > > That's true, but the target subsystem should be made aware of the new > usage. Did you mean by re-sending the patch with Cc to linux-integrity? Or something more? Thanks, ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] crypto: streebog - add Streebog hash function 2018-11-05 12:55 ` Vitaly Chikunov @ 2018-11-05 13:01 ` Mimi Zohar 0 siblings, 0 replies; 4+ messages in thread From: Mimi Zohar @ 2018-11-05 13:01 UTC (permalink / raw) To: Vitaly Chikunov Cc: Herbert Xu, David S. Miller, linux-crypto, linux-kernel, linux-integrity, Mimi Zohar, Dmitry Kasatkin On Mon, 2018-11-05 at 15:55 +0300, Vitaly Chikunov wrote: > Mimi, > > On Mon, Nov 05, 2018 at 07:48:33AM -0500, Mimi Zohar wrote: > > On Sat, 2018-11-03 at 08:51 +0300, Vitaly Chikunov wrote: > > > On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote: > > > > On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote: > > > > > > > > > > It is the first part of attempts to add to the Integrity subsystem > > > > > ability of verifying file and module signatures by Russian GOST > > > > > algorithms. > > > > > > > > It would be better if these patches are posted together. That > > > > way we don't end up with a situation where the algorithm goes into > > > > the kernel but the ultimate user is rejected. > > > > > > IMA does not need any particular patching inside of their subtree to > > > support new hash, because it is using any hash registered in Hash Info > > > which is still under crypto subtree. I added appropriate patch into v3 > > > which is already posted a week ago, and tested it to work correctly with > > > ima_appraise=fix. > > > > That's true, but the target subsystem should be made aware of the new > > usage. > > Did you mean by re-sending the patch with Cc to linux-integrity? Or > something more? Just as future reference. For now, please feel free to add my Reviewed-by on the "crypto: streebog - register Streebog in hash info for IMA" patch. Mimi ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-11-05 13:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20181010121254.12220-1-vt@altlinux.org>
[not found] ` <20181012061659.mextetc3v7urqkzx@gondor.apana.org.au>
[not found] ` <20181012064105.bchujbwoaszrcu3l@sole.flsd.net>
[not found] ` <20181017060851.r5mxvpq3l2ycvpio@gondor.apana.org.au>
2018-11-03 5:51 ` [PATCH v2 0/2] crypto: streebog - add Streebog hash function Vitaly Chikunov
2018-11-05 12:48 ` Mimi Zohar
2018-11-05 12:55 ` Vitaly Chikunov
2018-11-05 13:01 ` Mimi Zohar
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).