Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-4.15.y 2017-11-03T14:11:23Z 2017-11-03T14:11:23Z Gilad Ben-Yossef gilad@benyossef.com 2017-10-18T07:00:52Z urn:sha1:aba973c69e3658e3190d8983eed7dddd3c44dd1e The code sample is waiting for an async. crypto op completion. Adapt sample to use the new generic infrastructure to do the same. This also fixes a possible data coruption bug created by the use of wait_for_completion_interruptible() without dealing correctly with an interrupt aborting the wait prior to the async op finishing. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2017-07-14T01:01:38Z Mat Martineau mathew.j.martineau@linux.intel.com 2017-07-13T12:17:03Z urn:sha1:7228b66aaf723a623e578aa4db7d083bb39546c9 Provide more specific examples of keyring restrictions as applied to X.509 signature chain verification. Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2017-07-05T19:22:23Z Linus Torvalds torvalds@linux-foundation.org 2017-07-05T19:22:23Z urn:sha1:8ad06e56dcbc1984ef0ff8f6e3c19982c5809f73 Pull crypto updates from Herbert Xu: "Algorithms: - add private key generation to ecdh Drivers: - add generic gcm(aes) to aesni-intel - add SafeXcel EIP197 crypto engine driver - add ecb(aes), cfb(aes) and ecb(des3_ede) to cavium - add support for CNN55XX adapters in cavium - add ctr mode to chcr - add support for gcm(aes) to omap" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (140 commits) crypto: testmgr - Reenable sha1/aes in FIPS mode crypto: ccp - Release locks before returning crypto: cavium/nitrox - dma_mapping_error() returns bool crypto: doc - fix typo in docs Documentation/bindings: Document the SafeXel cryptographic engine driver crypto: caam - fix gfp allocation flags (part II) crypto: caam - fix gfp allocation flags (part I) crypto: drbg - Fixes panic in wait_for_completion call crypto: caam - make of_device_ids const. crypto: vmx - remove unnecessary check crypto: n2 - make of_device_ids const crypto: inside-secure - use the base_end pointer in ring rollback crypto: inside-secure - increase the batch size crypto: inside-secure - only dequeue when needed crypto: inside-secure - get the backlog before dequeueing the request crypto: inside-secure - stop requeueing failed requests crypto: inside-secure - use one queue per hw ring crypto: inside-secure - update the context and request later crypto: inside-secure - align the cipher and hash send functions crypto: inside-secure - optimize DSE bufferability control ... 2017-06-22T08:54:07Z Benjamin Peterson bp@benjamin.pe 2017-06-19T06:53:41Z urn:sha1:8bd1d400f6a4d1fdcf79c64012602518781573e5 Signed-off-by: Benjamin Peterson <bp@benjamin.pe> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2017-06-19T06:11:56Z Kamil Konieczny k.konieczny@partner.samsung.com 2017-05-12T15:38:02Z urn:sha1:ea644b8ca44b9fcbb41c58e1d51a0c8cdad0a61b - Fixed bugs in example for shash and rng (added missing "*" and " *"). - Corrected pr_info() in calc_hash(). - Added example usage of calc_hash(). - No need for negate PTR_ERR to get error code, as crypto_alloc_rng already returns negative values like ERR_PTR(-ENOMEM). Fixed. Signed-off-by: Kamil Konieczny <k.konieczny@partner.samsung.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2017-05-18T17:03:08Z Jonathan Corbet corbet@lwn.net 2017-05-18T17:03:08Z urn:sha1:6312811be26f4a97fb36f53ffffafa5086833a28 Mauro says: This patch series convert the remaining DocBooks to ReST. The first version was originally send as 3 patch series: [PATCH 00/36] Convert DocBook documents to ReST [PATCH 0/5] Convert more books to ReST [PATCH 00/13] Get rid of DocBook The lsm book was added as if it were a text file under Documentation. The plan is to merge it with another file under Documentation/security, after both this series and a security Documentation patch series gets merged. It also adjusts some Sphinx-pedantic errors/warnings on some kernel-doc markups. I also added some patches here to add PDF output for all existing ReST books. 2017-05-18T16:33:42Z Kees Cook keescook@chromium.org 2017-05-13T11:51:50Z urn:sha1:b68101a1e8f0263dbc7b8375d2a7c57c6216fb76 This creates a new section in the security development index for kernel keys, and adjusts for ReST markup. Cc: David Howells <dhowells@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2017-05-16T11:44:06Z Mauro Carvalho Chehab mchehab@s-opensource.com 2017-05-12T09:14:08Z urn:sha1:8db0b75f4262edc7bb5d25137c2780d9c3186288 The crypto API book was added without the bits required to generate PDF output. Add them. Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> 2017-05-03T15:50:52Z Linus Torvalds torvalds@linux-foundation.org 2017-05-03T15:50:52Z urn:sha1:0302e28dee643932ee7b3c112ebccdbb9f8ec32c Pull security subsystem updates from James Morris: "Highlights: IMA: - provide ">" and "<" operators for fowner/uid/euid rules KEYS: - add a system blacklist keyring - add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction functionality to userland via keyctl() LSM: - harden LSM API with __ro_after_init - add prlmit security hook, implement for SELinux - revive security_task_alloc hook TPM: - implement contextual TPM command 'spaces'" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits) tpm: Fix reference count to main device tpm_tis: convert to using locality callbacks tpm: fix handling of the TPM 2.0 event logs tpm_crb: remove a cruft constant keys: select CONFIG_CRYPTO when selecting DH / KDF apparmor: Make path_max parameter readonly apparmor: fix parameters so that the permission test is bypassed at boot apparmor: fix invalid reference to index variable of iterator line 836 apparmor: use SHASH_DESC_ON_STACK security/apparmor/lsm.c: set debug messages apparmor: fix boolreturn.cocci warnings Smack: Use GFP_KERNEL for smk_netlbl_mls(). smack: fix double free in smack_parse_opts_str() KEYS: add SP800-56A KDF support for DH KEYS: Keyring asymmetric key restrict method with chaining KEYS: Restrict asymmetric key linkage using a specific keychain KEYS: Add a lookup_restriction function for the asymmetric key type KEYS: Add KEYCTL_RESTRICT_KEYRING KEYS: Consistent ordering for __key_link_begin and restrict check KEYS: Add an optional lookup_restriction hook to key_type ... 2017-04-04T21:10:13Z Mat Martineau mathew.j.martineau@linux.intel.com 2016-10-04T23:42:45Z urn:sha1:8e323a02e866014091180443ccb186fee1e3d30d Add a restrict_link_by_key_or_keyring_chain link restriction that searches for signing keys in the destination keyring in addition to the signing key or keyring designated when the destination keyring was created. Userspace enables this behavior by including the "chain" option in the keyring restriction: keyctl(KEYCTL_RESTRICT_KEYRING, keyring, "asymmetric", "key_or_keyring:<signing key>:chain"); Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>