Update modsign and include secure boot
- Update modsign patch to latest upstream - Add initial UEFI Secure Boot patchset. Work in progress.
This commit is contained in:
parent
e5daab5438
commit
306dfccc03
16
kernel.spec
16
kernel.spec
@ -62,7 +62,7 @@ Summary: The Linux kernel
|
|||||||
# For non-released -rc kernels, this will be appended after the rcX and
|
# For non-released -rc kernels, this will be appended after the rcX and
|
||||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||||
#
|
#
|
||||||
%global baserelease 1
|
%global baserelease 2
|
||||||
%global fedora_build %{baserelease}
|
%global fedora_build %{baserelease}
|
||||||
|
|
||||||
# base_sublevel is the kernel version we're starting with and patching
|
# base_sublevel is the kernel version we're starting with and patching
|
||||||
@ -672,7 +672,10 @@ Patch700: linux-2.6-e1000-ich9-montevina.patch
|
|||||||
Patch800: linux-2.6-crash-driver.patch
|
Patch800: linux-2.6-crash-driver.patch
|
||||||
|
|
||||||
# crypto/
|
# crypto/
|
||||||
Patch900: modsign-20120718.patch
|
Patch900: modsign-20120724.patch
|
||||||
|
|
||||||
|
# secure boot
|
||||||
|
Patch1000: secure-boot-20120724.patch
|
||||||
|
|
||||||
# virt + ksm patches
|
# virt + ksm patches
|
||||||
Patch1555: fix_xen_guest_on_old_EC2.patch
|
Patch1555: fix_xen_guest_on_old_EC2.patch
|
||||||
@ -1374,7 +1377,10 @@ ApplyPatch linux-2.6-crash-driver.patch
|
|||||||
ApplyPatch linux-2.6-e1000-ich9-montevina.patch
|
ApplyPatch linux-2.6-e1000-ich9-montevina.patch
|
||||||
|
|
||||||
# crypto/
|
# crypto/
|
||||||
ApplyPatch modsign-20120718.patch
|
ApplyPatch modsign-20120724.patch
|
||||||
|
|
||||||
|
# secure boot
|
||||||
|
ApplyPatch secure-boot-20120724.patch
|
||||||
|
|
||||||
# Assorted Virt Fixes
|
# Assorted Virt Fixes
|
||||||
ApplyPatch fix_xen_guest_on_old_EC2.patch
|
ApplyPatch fix_xen_guest_on_old_EC2.patch
|
||||||
@ -2295,6 +2301,10 @@ fi
|
|||||||
# ||----w |
|
# ||----w |
|
||||||
# || ||
|
# || ||
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jul 24 2012 Josh Boyer <jwboyer@redhat.com>
|
||||||
|
- Update modsign patch to latest upstream
|
||||||
|
- Add initial UEFI Secure Boot patchset. Work in progress.
|
||||||
|
|
||||||
* Tue Jul 24 2012 Justin M. Forbes <jforbes@redhat.com> - 3.6.0-0.rc0.git1.1
|
* Tue Jul 24 2012 Justin M. Forbes <jforbes@redhat.com> - 3.6.0-0.rc0.git1.1
|
||||||
- Linux v3.5-1643-gf0a08fc
|
- Linux v3.5-1643-gf0a08fc
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
From d1ff3781d12ad616073b4f1f3b04cef22d8c7c21 Mon Sep 17 00:00:00 2001
|
From d012ed16fd7eff5498ddd9be8ad9960a644db518 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 13:12:20 +0100
|
Date: Tue, 24 Jul 2012 13:59:15 +0100
|
||||||
Subject: [PATCH 01/27] MPILIB: Provide count_leading/trailing_zeros() based
|
Subject: [PATCH 01/27] MPILIB: Provide count_leading/trailing_zeros() based
|
||||||
on arch functions
|
on arch functions
|
||||||
|
|
||||||
@ -17,14 +17,11 @@ Cc: David S. Miller <davem@davemloft.net>
|
|||||||
Cc: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
|
Cc: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
|
||||||
Cc: Arnd Bergmann <arnd@arndb.com>
|
Cc: Arnd Bergmann <arnd@arndb.com>
|
||||||
---
|
---
|
||||||
include/asm-generic/bitops/count_zeros.h | 57 ++++++++++++
|
include/asm-generic/bitops/count_zeros.h | 57 +++++++++++++
|
||||||
lib/mpi/longlong.h | 138 +-----------------------------
|
lib/mpi/longlong.h | 138 +------------------------------
|
||||||
lib/mpi/mpi-bit.c | 2 +-
|
lib/mpi/mpi-bit.c | 2 +-
|
||||||
lib/mpi/mpi-div.c | 2 +-
|
|
||||||
lib/mpi/mpi-pow.c | 4 +-
|
lib/mpi/mpi-pow.c | 4 +-
|
||||||
lib/mpi/mpi-scan.c | 2 +-
|
4 files changed, 62 insertions(+), 139 deletions(-)
|
||||||
lib/mpi/mpih-div.c | 8 +-
|
|
||||||
7 files changed, 68 insertions(+), 145 deletions(-)
|
|
||||||
create mode 100644 include/asm-generic/bitops/count_zeros.h
|
create mode 100644 include/asm-generic/bitops/count_zeros.h
|
||||||
|
|
||||||
diff --git a/include/asm-generic/bitops/count_zeros.h b/include/asm-generic/bitops/count_zeros.h
|
diff --git a/include/asm-generic/bitops/count_zeros.h b/include/asm-generic/bitops/count_zeros.h
|
||||||
@ -324,7 +321,7 @@ index 29f9862..678ce4f 100644
|
|||||||
#define UDIV_NEEDS_NORMALIZATION 0
|
#define UDIV_NEEDS_NORMALIZATION 0
|
||||||
#endif
|
#endif
|
||||||
diff --git a/lib/mpi/mpi-bit.c b/lib/mpi/mpi-bit.c
|
diff --git a/lib/mpi/mpi-bit.c b/lib/mpi/mpi-bit.c
|
||||||
index 0c50536..3fc00bf 100644
|
index 5687248..503537e 100644
|
||||||
--- a/lib/mpi/mpi-bit.c
|
--- a/lib/mpi/mpi-bit.c
|
||||||
+++ b/lib/mpi/mpi-bit.c
|
+++ b/lib/mpi/mpi-bit.c
|
||||||
@@ -45,7 +45,7 @@ unsigned mpi_get_nbits(MPI a)
|
@@ -45,7 +45,7 @@ unsigned mpi_get_nbits(MPI a)
|
||||||
@ -336,19 +333,6 @@ index 0c50536..3fc00bf 100644
|
|||||||
else
|
else
|
||||||
n = BITS_PER_MPI_LIMB;
|
n = BITS_PER_MPI_LIMB;
|
||||||
n = BITS_PER_MPI_LIMB - n + (a->nlimbs - 1) * BITS_PER_MPI_LIMB;
|
n = BITS_PER_MPI_LIMB - n + (a->nlimbs - 1) * BITS_PER_MPI_LIMB;
|
||||||
diff --git a/lib/mpi/mpi-div.c b/lib/mpi/mpi-div.c
|
|
||||||
index f68cbbb..51f105c 100644
|
|
||||||
--- a/lib/mpi/mpi-div.c
|
|
||||||
+++ b/lib/mpi/mpi-div.c
|
|
||||||
@@ -217,7 +217,7 @@ int mpi_tdiv_qr(MPI quot, MPI rem, MPI num, MPI den)
|
|
||||||
} else /* Put quotient at top of remainder. */
|
|
||||||
qp = rp + dsize;
|
|
||||||
|
|
||||||
- count_leading_zeros(normalization_steps, dp[dsize - 1]);
|
|
||||||
+ normalization_steps = count_leading_zeros(dp[dsize - 1]);
|
|
||||||
|
|
||||||
/* Normalize the denominator, i.e. make its most significant bit set by
|
|
||||||
* shifting it NORMALIZATION_STEPS bits to the left. Also shift the
|
|
||||||
diff --git a/lib/mpi/mpi-pow.c b/lib/mpi/mpi-pow.c
|
diff --git a/lib/mpi/mpi-pow.c b/lib/mpi/mpi-pow.c
|
||||||
index 67f3e79..5464c87 100644
|
index 67f3e79..5464c87 100644
|
||||||
--- a/lib/mpi/mpi-pow.c
|
--- a/lib/mpi/mpi-pow.c
|
||||||
@ -371,66 +355,13 @@ index 67f3e79..5464c87 100644
|
|||||||
e = (e << c) << 1; /* shift the exp bits to the left, lose msb */
|
e = (e << c) << 1; /* shift the exp bits to the left, lose msb */
|
||||||
c = BITS_PER_MPI_LIMB - 1 - c;
|
c = BITS_PER_MPI_LIMB - 1 - c;
|
||||||
|
|
||||||
diff --git a/lib/mpi/mpi-scan.c b/lib/mpi/mpi-scan.c
|
|
||||||
index b2da5ad..58556b5 100644
|
|
||||||
--- a/lib/mpi/mpi-scan.c
|
|
||||||
+++ b/lib/mpi/mpi-scan.c
|
|
||||||
@@ -125,7 +125,7 @@ unsigned mpi_trailing_zeros(const MPI a)
|
|
||||||
unsigned nn;
|
|
||||||
mpi_limb_t alimb = a->d[n];
|
|
||||||
|
|
||||||
- count_trailing_zeros(nn, alimb);
|
|
||||||
+ nn = count_trailing_zeros(alimb);
|
|
||||||
count += nn;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
diff --git a/lib/mpi/mpih-div.c b/lib/mpi/mpih-div.c
|
|
||||||
index cde1aae..d6483792 100644
|
|
||||||
--- a/lib/mpi/mpih-div.c
|
|
||||||
+++ b/lib/mpi/mpih-div.c
|
|
||||||
@@ -65,7 +65,7 @@ mpihelp_mod_1(mpi_ptr_t dividend_ptr, mpi_size_t dividend_size,
|
|
||||||
&& (UDIV_TIME - (2 * UMUL_TIME + 6)) * dividend_size > UDIV_TIME) {
|
|
||||||
int normalization_steps;
|
|
||||||
|
|
||||||
- count_leading_zeros(normalization_steps, divisor_limb);
|
|
||||||
+ normalization_steps = count_leading_zeros(divisor_limb);
|
|
||||||
if (normalization_steps) {
|
|
||||||
mpi_limb_t divisor_limb_inverted;
|
|
||||||
|
|
||||||
@@ -142,7 +142,7 @@ mpihelp_mod_1(mpi_ptr_t dividend_ptr, mpi_size_t dividend_size,
|
|
||||||
if (UDIV_NEEDS_NORMALIZATION) {
|
|
||||||
int normalization_steps;
|
|
||||||
|
|
||||||
- count_leading_zeros(normalization_steps, divisor_limb);
|
|
||||||
+ normalization_steps = count_leading_zeros(divisor_limb);
|
|
||||||
if (normalization_steps) {
|
|
||||||
divisor_limb <<= normalization_steps;
|
|
||||||
|
|
||||||
@@ -421,7 +421,7 @@ mpihelp_divmod_1(mpi_ptr_t quot_ptr,
|
|
||||||
&& (UDIV_TIME - (2 * UMUL_TIME + 6)) * dividend_size > UDIV_TIME) {
|
|
||||||
int normalization_steps;
|
|
||||||
|
|
||||||
- count_leading_zeros(normalization_steps, divisor_limb);
|
|
||||||
+ normalization_steps = count_leading_zeros(divisor_limb);
|
|
||||||
if (normalization_steps) {
|
|
||||||
mpi_limb_t divisor_limb_inverted;
|
|
||||||
|
|
||||||
@@ -496,7 +496,7 @@ mpihelp_divmod_1(mpi_ptr_t quot_ptr,
|
|
||||||
if (UDIV_NEEDS_NORMALIZATION) {
|
|
||||||
int normalization_steps;
|
|
||||||
|
|
||||||
- count_leading_zeros(normalization_steps, divisor_limb);
|
|
||||||
+ normalization_steps = count_leading_zeros(divisor_limb);
|
|
||||||
if (normalization_steps) {
|
|
||||||
divisor_limb <<= normalization_steps;
|
|
||||||
|
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 7611bb8e543cb2255c69bfb5edd85ed0d2cdb9e9 Mon Sep 17 00:00:00 2001
|
From e2faf6ee3cc2f8cfe1c18e8d31eaf01fa653fd79 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 13:12:20 +0100
|
Date: Tue, 24 Jul 2012 13:59:51 +0100
|
||||||
Subject: [PATCH 02/27] KEYS: Create a key type that can be used for general
|
Subject: [PATCH 02/27] KEYS: Create a key type that can be used for general
|
||||||
cryptographic operations
|
cryptographic operations
|
||||||
|
|
||||||
@ -442,7 +373,7 @@ algorithms.
|
|||||||
|
|
||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
Documentation/security/keys-crypto.txt | 181 +++++++++++++++++++++++++
|
Documentation/security/keys-crypto.txt | 181 ++++++++++++++++++++++++++
|
||||||
include/keys/crypto-subtype.h | 56 ++++++++
|
include/keys/crypto-subtype.h | 56 ++++++++
|
||||||
include/keys/crypto-type.h | 25 ++++
|
include/keys/crypto-type.h | 25 ++++
|
||||||
security/keys/Kconfig | 2 +
|
security/keys/Kconfig | 2 +
|
||||||
@ -450,7 +381,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
security/keys/crypto/Kconfig | 7 +
|
security/keys/crypto/Kconfig | 7 +
|
||||||
security/keys/crypto/Makefile | 7 +
|
security/keys/crypto/Makefile | 7 +
|
||||||
security/keys/crypto/crypto_keys.h | 28 ++++
|
security/keys/crypto/crypto_keys.h | 28 ++++
|
||||||
security/keys/crypto/crypto_type.c | 228 ++++++++++++++++++++++++++++++++
|
security/keys/crypto/crypto_type.c | 228 +++++++++++++++++++++++++++++++++
|
||||||
9 files changed, 535 insertions(+)
|
9 files changed, 535 insertions(+)
|
||||||
create mode 100644 Documentation/security/keys-crypto.txt
|
create mode 100644 Documentation/security/keys-crypto.txt
|
||||||
create mode 100644 include/keys/crypto-subtype.h
|
create mode 100644 include/keys/crypto-subtype.h
|
||||||
@ -1054,12 +985,12 @@ index 0000000..33d279b
|
|||||||
+module_init(crypto_key_init);
|
+module_init(crypto_key_init);
|
||||||
+module_exit(crypto_key_cleanup);
|
+module_exit(crypto_key_cleanup);
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 23d7c6d8927420846af94823a90de1c24120bfea Mon Sep 17 00:00:00 2001
|
From f7b41b16f3c6d24b46100b259a83c50615be5a23 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 13:12:20 +0100
|
Date: Tue, 24 Jul 2012 13:59:51 +0100
|
||||||
Subject: [PATCH 03/27] KEYS: Add signature verification facility
|
Subject: [PATCH 03/27] KEYS: Add signature verification facility
|
||||||
|
|
||||||
Add a facility whereby a key subtype may be asked to verify a signature against
|
Add a facility whereby a key subtype may be asked to verify a signature against
|
||||||
@ -1092,11 +1023,11 @@ This adds four routines:
|
|||||||
|
|
||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
Documentation/security/keys-crypto.txt | 101 ++++++++++++++++++++++++++++
|
Documentation/security/keys-crypto.txt | 101 +++++++++++++++++++++++++++++
|
||||||
include/keys/crypto-subtype.h | 21 ++++++
|
include/keys/crypto-subtype.h | 21 +++++++
|
||||||
include/keys/crypto-type.h | 9 +++
|
include/keys/crypto-type.h | 9 +++
|
||||||
security/keys/crypto/Makefile | 2 +-
|
security/keys/crypto/Makefile | 2 +-
|
||||||
security/keys/crypto/crypto_verify.c | 112 ++++++++++++++++++++++++++++++++
|
security/keys/crypto/crypto_verify.c | 112 +++++++++++++++++++++++++++++++++
|
||||||
5 files changed, 244 insertions(+), 1 deletion(-)
|
5 files changed, 244 insertions(+), 1 deletion(-)
|
||||||
create mode 100644 security/keys/crypto/crypto_verify.c
|
create mode 100644 security/keys/crypto/crypto_verify.c
|
||||||
|
|
||||||
@ -1428,12 +1359,12 @@ index 0000000..3f2964b
|
|||||||
+}
|
+}
|
||||||
+EXPORT_SYMBOL_GPL(verify_sig_cancel);
|
+EXPORT_SYMBOL_GPL(verify_sig_cancel);
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 2fd136dec4682c1fa2609a7a94cf0353c334615c Mon Sep 17 00:00:00 2001
|
From dfa8292f4527f46cabbbd64bd89766ac1dbe6546 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 13:12:20 +0100
|
Date: Tue, 24 Jul 2012 13:59:52 +0100
|
||||||
Subject: [PATCH 04/27] KEYS: Asymmetric public-key algorithm crypto key
|
Subject: [PATCH 04/27] KEYS: Asymmetric public-key algorithm crypto key
|
||||||
subtype
|
subtype
|
||||||
|
|
||||||
@ -1444,8 +1375,8 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
---
|
---
|
||||||
security/keys/crypto/Kconfig | 10 ++++
|
security/keys/crypto/Kconfig | 10 ++++
|
||||||
security/keys/crypto/Makefile | 3 +-
|
security/keys/crypto/Makefile | 3 +-
|
||||||
security/keys/crypto/public_key.c | 55 +++++++++++++++++++
|
security/keys/crypto/public_key.c | 55 ++++++++++++++++++++
|
||||||
security/keys/crypto/public_key.h | 106 +++++++++++++++++++++++++++++++++++++
|
security/keys/crypto/public_key.h | 106 ++++++++++++++++++++++++++++++++++++++
|
||||||
4 files changed, 173 insertions(+), 1 deletion(-)
|
4 files changed, 173 insertions(+), 1 deletion(-)
|
||||||
create mode 100644 security/keys/crypto/public_key.c
|
create mode 100644 security/keys/crypto/public_key.c
|
||||||
create mode 100644 security/keys/crypto/public_key.h
|
create mode 100644 security/keys/crypto/public_key.h
|
||||||
@ -1654,45 +1585,120 @@ index 0000000..81ed603
|
|||||||
+
|
+
|
||||||
+#endif /* _LINUX_PUBLIC_KEY_H */
|
+#endif /* _LINUX_PUBLIC_KEY_H */
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From ba785b97c90fc4403b2124dc2cecc842ba49be54 Mon Sep 17 00:00:00 2001
|
From 0a8e7f4cc41d3cddf8a2367b1f0ed2bb1f6ccc91 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 13:12:21 +0100
|
Date: Tue, 24 Jul 2012 14:10:37 +0100
|
||||||
Subject: [PATCH 05/27] KEYS: RSA: Add exports from MPILIB
|
Subject: [PATCH 05/27] MPILIB: Reinstate mpi_cmp[_ui]() and export for RSA
|
||||||
|
signature verification
|
||||||
|
|
||||||
Export mpi_cmp() and mpi_cmp_ui() from the MPI library for use by RSA.
|
Reinstate and export mpi_cmp() and mpi_cmp_ui() from the MPI library for use by
|
||||||
|
RSA signature verification as per RFC3447 section 5.2.2 step 1.
|
||||||
|
|
||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
lib/mpi/mpi-cmp.c | 2 ++
|
lib/mpi/Makefile | 1 +
|
||||||
1 file changed, 2 insertions(+)
|
lib/mpi/mpi-cmp.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 71 insertions(+)
|
||||||
|
create mode 100644 lib/mpi/mpi-cmp.c
|
||||||
|
|
||||||
|
diff --git a/lib/mpi/Makefile b/lib/mpi/Makefile
|
||||||
|
index 45ca90a..019a68c 100644
|
||||||
|
--- a/lib/mpi/Makefile
|
||||||
|
+++ b/lib/mpi/Makefile
|
||||||
|
@@ -14,6 +14,7 @@ mpi-y = \
|
||||||
|
generic_mpih-add1.o \
|
||||||
|
mpicoder.o \
|
||||||
|
mpi-bit.o \
|
||||||
|
+ mpi-cmp.o \
|
||||||
|
mpih-cmp.o \
|
||||||
|
mpih-div.o \
|
||||||
|
mpih-mul.o \
|
||||||
diff --git a/lib/mpi/mpi-cmp.c b/lib/mpi/mpi-cmp.c
|
diff --git a/lib/mpi/mpi-cmp.c b/lib/mpi/mpi-cmp.c
|
||||||
index 914bc42..1871e7b 100644
|
new file mode 100644
|
||||||
--- a/lib/mpi/mpi-cmp.c
|
index 0000000..1871e7b
|
||||||
|
--- /dev/null
|
||||||
+++ b/lib/mpi/mpi-cmp.c
|
+++ b/lib/mpi/mpi-cmp.c
|
||||||
@@ -39,6 +39,7 @@ int mpi_cmp_ui(MPI u, unsigned long v)
|
@@ -0,0 +1,70 @@
|
||||||
else
|
+/* mpi-cmp.c - MPI functions
|
||||||
return -1;
|
+ * Copyright (C) 1998, 1999 Free Software Foundation, Inc.
|
||||||
}
|
+ *
|
||||||
|
+ * This file is part of GnuPG.
|
||||||
|
+ *
|
||||||
|
+ * GnuPG is free software; you can redistribute it and/or modify
|
||||||
|
+ * it under the terms of the GNU General Public License as published by
|
||||||
|
+ * the Free Software Foundation; either version 2 of the License, or
|
||||||
|
+ * (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * GnuPG is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+ * GNU General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License
|
||||||
|
+ * along with this program; if not, write to the Free Software
|
||||||
|
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include "mpi-internal.h"
|
||||||
|
+
|
||||||
|
+int mpi_cmp_ui(MPI u, unsigned long v)
|
||||||
|
+{
|
||||||
|
+ mpi_limb_t limb = v;
|
||||||
|
+
|
||||||
|
+ mpi_normalize(u);
|
||||||
|
+ if (!u->nlimbs && !limb)
|
||||||
|
+ return 0;
|
||||||
|
+ if (u->sign)
|
||||||
|
+ return -1;
|
||||||
|
+ if (u->nlimbs > 1)
|
||||||
|
+ return 1;
|
||||||
|
+
|
||||||
|
+ if (u->d[0] == limb)
|
||||||
|
+ return 0;
|
||||||
|
+ else if (u->d[0] > limb)
|
||||||
|
+ return 1;
|
||||||
|
+ else
|
||||||
|
+ return -1;
|
||||||
|
+}
|
||||||
+EXPORT_SYMBOL_GPL(mpi_cmp_ui);
|
+EXPORT_SYMBOL_GPL(mpi_cmp_ui);
|
||||||
|
+
|
||||||
int mpi_cmp(MPI u, MPI v)
|
+int mpi_cmp(MPI u, MPI v)
|
||||||
{
|
+{
|
||||||
@@ -66,3 +67,4 @@ int mpi_cmp(MPI u, MPI v)
|
+ mpi_size_t usize, vsize;
|
||||||
return 1;
|
+ int cmp;
|
||||||
return -1;
|
+
|
||||||
}
|
+ mpi_normalize(u);
|
||||||
|
+ mpi_normalize(v);
|
||||||
|
+ usize = u->nlimbs;
|
||||||
|
+ vsize = v->nlimbs;
|
||||||
|
+ if (!u->sign && v->sign)
|
||||||
|
+ return 1;
|
||||||
|
+ if (u->sign && !v->sign)
|
||||||
|
+ return -1;
|
||||||
|
+ if (usize != vsize && !u->sign && !v->sign)
|
||||||
|
+ return usize - vsize;
|
||||||
|
+ if (usize != vsize && u->sign && v->sign)
|
||||||
|
+ return vsize + usize;
|
||||||
|
+ if (!usize)
|
||||||
|
+ return 0;
|
||||||
|
+ cmp = mpihelp_cmp(u->d, v->d, usize);
|
||||||
|
+ if (!cmp)
|
||||||
|
+ return 0;
|
||||||
|
+ if ((cmp < 0 ? 1 : 0) == (u->sign ? 1 : 0))
|
||||||
|
+ return 1;
|
||||||
|
+ return -1;
|
||||||
|
+}
|
||||||
+EXPORT_SYMBOL_GPL(mpi_cmp);
|
+EXPORT_SYMBOL_GPL(mpi_cmp);
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 650edd748b92eea0622ecb26a5ee81c7b582d04c Mon Sep 17 00:00:00 2001
|
From de86fda3085f6586bfd28517c07a2cd8cd4f9893 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:15:36 +0100
|
Date: Tue, 24 Jul 2012 14:10:39 +0100
|
||||||
Subject: [PATCH 06/27] KEYS: RSA: Implement signature verification algorithm
|
Subject: [PATCH 06/27] KEYS: RSA: Implement signature verification algorithm
|
||||||
[PKCS#1 / RFC3447]
|
[PKCS#1 / RFC3447]
|
||||||
|
|
||||||
@ -1704,7 +1710,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
---
|
---
|
||||||
security/keys/crypto/Kconfig | 7 +
|
security/keys/crypto/Kconfig | 7 +
|
||||||
security/keys/crypto/Makefile | 1 +
|
security/keys/crypto/Makefile | 1 +
|
||||||
security/keys/crypto/crypto_rsa.c | 264 +++++++++++++++++++++++++++++++++++++
|
security/keys/crypto/crypto_rsa.c | 264 ++++++++++++++++++++++++++++++++++++++
|
||||||
security/keys/crypto/public_key.h | 2 +
|
security/keys/crypto/public_key.h | 2 +
|
||||||
4 files changed, 274 insertions(+)
|
4 files changed, 274 insertions(+)
|
||||||
create mode 100644 security/keys/crypto/crypto_rsa.c
|
create mode 100644 security/keys/crypto/crypto_rsa.c
|
||||||
@ -2017,12 +2023,12 @@ index 81ed603..7913615 100644
|
|||||||
* Asymmetric public key data
|
* Asymmetric public key data
|
||||||
*/
|
*/
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 7da10c257377762e1a6ac747b48791cf610ba4c5 Mon Sep 17 00:00:00 2001
|
From 2363851f3eeae9ec32ee6d5f868085eb11afa717 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:15:39 +0100
|
Date: Tue, 24 Jul 2012 14:11:19 +0100
|
||||||
Subject: [PATCH 07/27] KEYS: RSA: Fix signature verification for shorter
|
Subject: [PATCH 07/27] KEYS: RSA: Fix signature verification for shorter
|
||||||
signatures
|
signatures
|
||||||
|
|
||||||
@ -2073,12 +2079,12 @@ index 845285c..a4a63be 100644
|
|||||||
ret = RSAVP1(key, sig->rsa.s, &m);
|
ret = RSAVP1(key, sig->rsa.s, &m);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 4366c59a624398d1aba4d6651191ba880da9e694 Mon Sep 17 00:00:00 2001
|
From edfd057d757164e207edfb3d3affa87cf0b126e6 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:15:52 +0100
|
Date: Tue, 24 Jul 2012 14:11:19 +0100
|
||||||
Subject: [PATCH 08/27] PGPLIB: PGP definitions (RFC 4880)
|
Subject: [PATCH 08/27] PGPLIB: PGP definitions (RFC 4880)
|
||||||
|
|
||||||
Provide some useful PGP definitions from RFC 4880. These describe details of
|
Provide some useful PGP definitions from RFC 4880. These describe details of
|
||||||
@ -2087,7 +2093,7 @@ verification.
|
|||||||
|
|
||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
include/linux/pgp.h | 206 +++++++++++++++++++++++++++++++++++++++++++++++++++
|
include/linux/pgp.h | 206 ++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
1 file changed, 206 insertions(+)
|
1 file changed, 206 insertions(+)
|
||||||
create mode 100644 include/linux/pgp.h
|
create mode 100644 include/linux/pgp.h
|
||||||
|
|
||||||
@ -2304,12 +2310,12 @@ index 0000000..1359f64
|
|||||||
+
|
+
|
||||||
+#endif /* _LINUX_PGP_H */
|
+#endif /* _LINUX_PGP_H */
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 0409a338e01de5025cec2a1b291442651163aafd Mon Sep 17 00:00:00 2001
|
From 36f2b76a6ee5c6d86f6d7725ead9e5252b1d29a6 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:17:46 +0100
|
Date: Tue, 24 Jul 2012 14:11:20 +0100
|
||||||
Subject: [PATCH 09/27] PGPLIB: Basic packet parser
|
Subject: [PATCH 09/27] PGPLIB: Basic packet parser
|
||||||
|
|
||||||
Provide a simple parser that extracts the packets from a PGP packet blob and
|
Provide a simple parser that extracts the packets from a PGP packet blob and
|
||||||
@ -2334,7 +2340,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
include/linux/pgplib.h | 47 +++++++
|
include/linux/pgplib.h | 47 +++++++
|
||||||
security/keys/crypto/Kconfig | 6 +
|
security/keys/crypto/Kconfig | 6 +
|
||||||
security/keys/crypto/Makefile | 1 +
|
security/keys/crypto/Makefile | 1 +
|
||||||
security/keys/crypto/pgp_library.c | 268 ++++++++++++++++++++++++++++++++++++
|
security/keys/crypto/pgp_library.c | 268 +++++++++++++++++++++++++++++++++++++
|
||||||
4 files changed, 322 insertions(+)
|
4 files changed, 322 insertions(+)
|
||||||
create mode 100644 include/linux/pgplib.h
|
create mode 100644 include/linux/pgplib.h
|
||||||
create mode 100644 security/keys/crypto/pgp_library.c
|
create mode 100644 security/keys/crypto/pgp_library.c
|
||||||
@ -2690,12 +2696,12 @@ index 0000000..af396d6
|
|||||||
+}
|
+}
|
||||||
+EXPORT_SYMBOL_GPL(pgp_parse_public_key);
|
+EXPORT_SYMBOL_GPL(pgp_parse_public_key);
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 2a76433139dbdc6d57d38da6ceb79ce05ab603a4 Mon Sep 17 00:00:00 2001
|
From 6f830b85b1e32e44291c2bdff6b936025c48b40d Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:21:24 +0100
|
Date: Tue, 24 Jul 2012 14:11:20 +0100
|
||||||
Subject: [PATCH 10/27] PGPLIB: Signature parser
|
Subject: [PATCH 10/27] PGPLIB: Signature parser
|
||||||
|
|
||||||
Provide some PGP signature parsing helpers:
|
Provide some PGP signature parsing helpers:
|
||||||
@ -2715,7 +2721,7 @@ Provide some PGP signature parsing helpers:
|
|||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
include/linux/pgplib.h | 25 ++++
|
include/linux/pgplib.h | 25 ++++
|
||||||
security/keys/crypto/pgp_library.c | 280 ++++++++++++++++++++++++++++++++++++
|
security/keys/crypto/pgp_library.c | 280 +++++++++++++++++++++++++++++++++++++
|
||||||
2 files changed, 305 insertions(+)
|
2 files changed, 305 insertions(+)
|
||||||
|
|
||||||
diff --git a/include/linux/pgplib.h b/include/linux/pgplib.h
|
diff --git a/include/linux/pgplib.h b/include/linux/pgplib.h
|
||||||
@ -3043,12 +3049,12 @@ index af396d6..c9218df 100644
|
|||||||
+}
|
+}
|
||||||
+EXPORT_SYMBOL_GPL(pgp_parse_sig_params);
|
+EXPORT_SYMBOL_GPL(pgp_parse_sig_params);
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 91a05bc308c1e177410882a119f388d3b6b53c22 Mon Sep 17 00:00:00 2001
|
From c0e901a1ce72ddf259de219506327271cf3bb700 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:21:26 +0100
|
Date: Tue, 24 Jul 2012 14:11:21 +0100
|
||||||
Subject: [PATCH 11/27] KEYS: PGP data parser
|
Subject: [PATCH 11/27] KEYS: PGP data parser
|
||||||
|
|
||||||
Implement a PGP data parser for the crypto key type to use when instantiating a
|
Implement a PGP data parser for the crypto key type to use when instantiating a
|
||||||
@ -3069,7 +3075,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
security/keys/crypto/Kconfig | 12 ++
|
security/keys/crypto/Kconfig | 12 ++
|
||||||
security/keys/crypto/Makefile | 4 +
|
security/keys/crypto/Makefile | 4 +
|
||||||
security/keys/crypto/pgp_parser.h | 23 +++
|
security/keys/crypto/pgp_parser.h | 23 +++
|
||||||
security/keys/crypto/pgp_public_key.c | 348 +++++++++++++++++++++++++++++++++
|
security/keys/crypto/pgp_public_key.c | 348 ++++++++++++++++++++++++++++++++++
|
||||||
4 files changed, 387 insertions(+)
|
4 files changed, 387 insertions(+)
|
||||||
create mode 100644 security/keys/crypto/pgp_parser.h
|
create mode 100644 security/keys/crypto/pgp_parser.h
|
||||||
create mode 100644 security/keys/crypto/pgp_public_key.c
|
create mode 100644 security/keys/crypto/pgp_public_key.c
|
||||||
@ -3490,12 +3496,12 @@ index 0000000..8a8b7c0
|
|||||||
+module_init(pgp_key_init);
|
+module_init(pgp_key_init);
|
||||||
+module_exit(pgp_key_exit);
|
+module_exit(pgp_key_exit);
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 14191eaae2f9ccba2563a4bf9c30ffcbf153f521 Mon Sep 17 00:00:00 2001
|
From b830627f3b864530540ad88df21d2ceefcba7459 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:22:19 +0100
|
Date: Tue, 24 Jul 2012 14:11:21 +0100
|
||||||
Subject: [PATCH 12/27] KEYS: PGP-based public key signature verification
|
Subject: [PATCH 12/27] KEYS: PGP-based public key signature verification
|
||||||
|
|
||||||
Provide handlers for PGP-based public-key algorithm signature verification.
|
Provide handlers for PGP-based public-key algorithm signature verification.
|
||||||
@ -3510,7 +3516,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
---
|
---
|
||||||
security/keys/crypto/Makefile | 3 +-
|
security/keys/crypto/Makefile | 3 +-
|
||||||
security/keys/crypto/pgp_parser.h | 6 +
|
security/keys/crypto/pgp_parser.h | 6 +
|
||||||
security/keys/crypto/pgp_sig_verify.c | 325 +++++++++++++++++++++++++++++++++
|
security/keys/crypto/pgp_sig_verify.c | 325 ++++++++++++++++++++++++++++++++++
|
||||||
3 files changed, 333 insertions(+), 1 deletion(-)
|
3 files changed, 333 insertions(+), 1 deletion(-)
|
||||||
create mode 100644 security/keys/crypto/pgp_sig_verify.c
|
create mode 100644 security/keys/crypto/pgp_sig_verify.c
|
||||||
|
|
||||||
@ -3871,12 +3877,12 @@ index 0000000..82c89da
|
|||||||
+ kleave("");
|
+ kleave("");
|
||||||
+}
|
+}
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 3ca6d54c9bbd0633b7f8e1b033c7d8b2ebe85489 Mon Sep 17 00:00:00 2001
|
From fbd1b578b58a197da42428fda49654d38c794f31 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:22:40 +0100
|
Date: Tue, 24 Jul 2012 14:11:21 +0100
|
||||||
Subject: [PATCH 13/27] KEYS: PGP format signature parser
|
Subject: [PATCH 13/27] KEYS: PGP format signature parser
|
||||||
|
|
||||||
Implement a signature parser that will attempt to parse a signature blob as a
|
Implement a signature parser that will attempt to parse a signature blob as a
|
||||||
@ -3888,7 +3894,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
security/keys/crypto/Makefile | 1 +
|
security/keys/crypto/Makefile | 1 +
|
||||||
security/keys/crypto/pgp_parser.h | 6 ++
|
security/keys/crypto/pgp_parser.h | 6 ++
|
||||||
security/keys/crypto/pgp_public_key.c | 1 +
|
security/keys/crypto/pgp_public_key.c | 1 +
|
||||||
security/keys/crypto/pgp_sig_parser.c | 114 +++++++++++++++++++++++++++++++++
|
security/keys/crypto/pgp_sig_parser.c | 114 ++++++++++++++++++++++++++++++++++
|
||||||
4 files changed, 122 insertions(+)
|
4 files changed, 122 insertions(+)
|
||||||
create mode 100644 security/keys/crypto/pgp_sig_parser.c
|
create mode 100644 security/keys/crypto/pgp_sig_parser.c
|
||||||
|
|
||||||
@ -4052,12 +4058,12 @@ index 0000000..f5feb2b
|
|||||||
+ return ctx;
|
+ return ctx;
|
||||||
+}
|
+}
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 30a028f485bd476ef3ad73fbb042a55b4851c966 Mon Sep 17 00:00:00 2001
|
From a04615b5ce4ae2e6e0f1932cd697b6a3d41cb9f8 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:22:59 +0100
|
Date: Tue, 24 Jul 2012 14:11:21 +0100
|
||||||
Subject: [PATCH 14/27] KEYS: Provide a function to load keys from a PGP
|
Subject: [PATCH 14/27] KEYS: Provide a function to load keys from a PGP
|
||||||
keyring blob
|
keyring blob
|
||||||
|
|
||||||
@ -4084,10 +4090,10 @@ out some errors.
|
|||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
Documentation/security/keys-crypto.txt | 20 +++++++
|
Documentation/security/keys-crypto.txt | 20 +++++++
|
||||||
include/keys/crypto-type.h | 3 +
|
include/keys/crypto-type.h | 3 ++
|
||||||
security/keys/crypto/Kconfig | 9 +++
|
security/keys/crypto/Kconfig | 9 ++++
|
||||||
security/keys/crypto/Makefile | 1 +
|
security/keys/crypto/Makefile | 1 +
|
||||||
security/keys/crypto/pgp_preload.c | 96 ++++++++++++++++++++++++++++++++
|
security/keys/crypto/pgp_preload.c | 96 ++++++++++++++++++++++++++++++++++
|
||||||
5 files changed, 129 insertions(+)
|
5 files changed, 129 insertions(+)
|
||||||
create mode 100644 security/keys/crypto/pgp_preload.c
|
create mode 100644 security/keys/crypto/pgp_preload.c
|
||||||
|
|
||||||
@ -4270,12 +4276,12 @@ index 0000000..9028788
|
|||||||
+ return pgp_parse_packets(pgpdata, pgpdatalen, &ctx.pgp);
|
+ return pgp_parse_packets(pgpdata, pgpdatalen, &ctx.pgp);
|
||||||
+}
|
+}
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 13b8bd0afb58d1000c74741f176862efb6d1bcc9 Mon Sep 17 00:00:00 2001
|
From d0e5635f09c91ca12fa5a508c2ba5197372d7487 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:25:41 +0100
|
Date: Tue, 24 Jul 2012 14:13:56 +0100
|
||||||
Subject: [PATCH 15/27] Make most arch asm/module.h files use
|
Subject: [PATCH 15/27] Make most arch asm/module.h files use
|
||||||
asm-generic/module.h
|
asm-generic/module.h
|
||||||
|
|
||||||
@ -4315,9 +4321,9 @@ unsupported type of relocation record as that's now handled centrally.
|
|||||||
|
|
||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
arch/Kconfig | 19 +++++++++++++++++
|
arch/Kconfig | 19 ++++++++++++++++++
|
||||||
arch/alpha/Kconfig | 2 ++
|
arch/alpha/Kconfig | 2 ++
|
||||||
arch/alpha/include/asm/module.h | 10 ++-------
|
arch/alpha/include/asm/module.h | 10 ++--------
|
||||||
arch/arm/Kconfig | 2 ++
|
arch/arm/Kconfig | 2 ++
|
||||||
arch/arm/include/asm/module.h | 8 ++------
|
arch/arm/include/asm/module.h | 8 ++------
|
||||||
arch/avr32/Kconfig | 2 ++
|
arch/avr32/Kconfig | 2 ++
|
||||||
@ -4325,26 +4331,26 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
arch/blackfin/Kconfig | 2 ++
|
arch/blackfin/Kconfig | 2 ++
|
||||||
arch/blackfin/include/asm/module.h | 4 +---
|
arch/blackfin/include/asm/module.h | 4 +---
|
||||||
arch/c6x/Kconfig | 1 +
|
arch/c6x/Kconfig | 1 +
|
||||||
arch/c6x/include/asm/module.h | 12 +----------
|
arch/c6x/include/asm/module.h | 12 +-----------
|
||||||
arch/cris/Kconfig | 1 +
|
arch/cris/Kconfig | 1 +
|
||||||
arch/cris/include/asm/Kbuild | 2 ++
|
arch/cris/include/asm/Kbuild | 2 ++
|
||||||
arch/cris/include/asm/module.h | 9 --------
|
arch/cris/include/asm/module.h | 9 ---------
|
||||||
arch/frv/include/asm/module.h | 8 +-------
|
arch/frv/include/asm/module.h | 8 +-------
|
||||||
arch/h8300/Kconfig | 1 +
|
arch/h8300/Kconfig | 1 +
|
||||||
arch/h8300/include/asm/Kbuild | 2 ++
|
arch/h8300/include/asm/Kbuild | 2 ++
|
||||||
arch/h8300/include/asm/module.h | 11 ----------
|
arch/h8300/include/asm/module.h | 11 -----------
|
||||||
arch/hexagon/Kconfig | 1 +
|
arch/hexagon/Kconfig | 1 +
|
||||||
arch/ia64/Kconfig | 2 ++
|
arch/ia64/Kconfig | 2 ++
|
||||||
arch/ia64/include/asm/module.h | 6 ++----
|
arch/ia64/include/asm/module.h | 6 ++----
|
||||||
arch/m32r/Kconfig | 1 +
|
arch/m32r/Kconfig | 1 +
|
||||||
arch/m32r/include/asm/Kbuild | 2 ++
|
arch/m32r/include/asm/Kbuild | 2 ++
|
||||||
arch/m32r/include/asm/module.h | 10 ---------
|
arch/m32r/include/asm/module.h | 10 ----------
|
||||||
arch/m32r/kernel/module.c | 15 --------------
|
arch/m32r/kernel/module.c | 15 --------------
|
||||||
arch/m68k/Kconfig | 3 +++
|
arch/m68k/Kconfig | 3 +++
|
||||||
arch/m68k/include/asm/module.h | 6 ++----
|
arch/m68k/include/asm/module.h | 6 ++----
|
||||||
arch/microblaze/Kconfig | 1 +
|
arch/microblaze/Kconfig | 1 +
|
||||||
arch/mips/Kconfig | 3 +++
|
arch/mips/Kconfig | 3 +++
|
||||||
arch/mips/include/asm/module.h | 10 +++++++--
|
arch/mips/include/asm/module.h | 10 ++++++++--
|
||||||
arch/mips/kernel/module.c | 2 ++
|
arch/mips/kernel/module.c | 2 ++
|
||||||
arch/mn10300/Kconfig | 1 +
|
arch/mn10300/Kconfig | 1 +
|
||||||
arch/mn10300/include/asm/module.h | 7 +------
|
arch/mn10300/include/asm/module.h | 7 +------
|
||||||
@ -4354,23 +4360,23 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
arch/powerpc/Kconfig | 2 ++
|
arch/powerpc/Kconfig | 2 ++
|
||||||
arch/powerpc/include/asm/module.h | 7 +------
|
arch/powerpc/include/asm/module.h | 7 +------
|
||||||
arch/s390/Kconfig | 2 ++
|
arch/s390/Kconfig | 2 ++
|
||||||
arch/s390/include/asm/module.h | 18 +++-------------
|
arch/s390/include/asm/module.h | 18 +++--------------
|
||||||
arch/score/Kconfig | 2 ++
|
arch/score/Kconfig | 2 ++
|
||||||
arch/score/include/asm/module.h | 6 +-----
|
arch/score/include/asm/module.h | 6 +-----
|
||||||
arch/score/kernel/module.c | 10 ---------
|
arch/score/kernel/module.c | 10 ----------
|
||||||
arch/sh/Kconfig | 2 ++
|
arch/sh/Kconfig | 2 ++
|
||||||
arch/sh/include/asm/module.h | 14 +++----------
|
arch/sh/include/asm/module.h | 14 +++----------
|
||||||
arch/sparc/Kconfig | 1 +
|
arch/sparc/Kconfig | 1 +
|
||||||
arch/sparc/include/asm/Kbuild | 1 +
|
arch/sparc/include/asm/Kbuild | 1 +
|
||||||
arch/sparc/include/asm/module.h | 24 ----------------------
|
arch/sparc/include/asm/module.h | 24 -----------------------
|
||||||
arch/tile/Kconfig | 1 +
|
arch/tile/Kconfig | 1 +
|
||||||
arch/unicore32/Kconfig | 1 +
|
arch/unicore32/Kconfig | 1 +
|
||||||
arch/x86/Kconfig | 2 ++
|
arch/x86/Kconfig | 2 ++
|
||||||
arch/xtensa/Kconfig | 1 +
|
arch/xtensa/Kconfig | 1 +
|
||||||
arch/xtensa/include/asm/module.h | 9 +-------
|
arch/xtensa/include/asm/module.h | 9 +--------
|
||||||
include/asm-generic/module.h | 40 +++++++++++++++++++++++++++++-------
|
include/asm-generic/module.h | 40 +++++++++++++++++++++++++++++++-------
|
||||||
include/linux/moduleloader.h | 36 ++++++++++++++++++++++++++++----
|
include/linux/moduleloader.h | 36 ++++++++++++++++++++++++++++++----
|
||||||
kernel/module.c | 20 ------------------
|
kernel/module.c | 20 -------------------
|
||||||
56 files changed, 167 insertions(+), 223 deletions(-)
|
56 files changed, 167 insertions(+), 223 deletions(-)
|
||||||
delete mode 100644 arch/cris/include/asm/module.h
|
delete mode 100644 arch/cris/include/asm/module.h
|
||||||
delete mode 100644 arch/h8300/include/asm/module.h
|
delete mode 100644 arch/h8300/include/asm/module.h
|
||||||
@ -4445,7 +4451,7 @@ index 7b63743..9cd13b5 100644
|
|||||||
|
|
||||||
#ifdef MODULE
|
#ifdef MODULE
|
||||||
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
|
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
|
||||||
index a91009c..af8bf36 100644
|
index c7e6d20..5fc742e 100644
|
||||||
--- a/arch/arm/Kconfig
|
--- a/arch/arm/Kconfig
|
||||||
+++ b/arch/arm/Kconfig
|
+++ b/arch/arm/Kconfig
|
||||||
@@ -45,6 +45,8 @@ config ARM
|
@@ -45,6 +45,8 @@ config ARM
|
||||||
@ -4837,7 +4843,7 @@ index 0bf4423..ee395d3 100644
|
|||||||
config SWAP
|
config SWAP
|
||||||
def_bool n
|
def_bool n
|
||||||
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
|
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
|
||||||
index 09ab87e..2901b41 100644
|
index b3e10fd..5972ebd 100644
|
||||||
--- a/arch/mips/Kconfig
|
--- a/arch/mips/Kconfig
|
||||||
+++ b/arch/mips/Kconfig
|
+++ b/arch/mips/Kconfig
|
||||||
@@ -34,6 +34,9 @@ config MIPS
|
@@ -34,6 +34,9 @@ config MIPS
|
||||||
@ -4991,7 +4997,7 @@ index 1f41234..bab37e9 100644
|
|||||||
struct unwind_table;
|
struct unwind_table;
|
||||||
|
|
||||||
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
|
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
|
||||||
index 050cb37..17d3267 100644
|
index 9a5d3cd..5a91b5b 100644
|
||||||
--- a/arch/powerpc/Kconfig
|
--- a/arch/powerpc/Kconfig
|
||||||
+++ b/arch/powerpc/Kconfig
|
+++ b/arch/powerpc/Kconfig
|
||||||
@@ -137,6 +137,8 @@ config PPC
|
@@ -137,6 +137,8 @@ config PPC
|
||||||
@ -5137,7 +5143,7 @@ index 469e3b6..1378d99 100644
|
|||||||
const struct exception_table_entry *search_module_dbetables(unsigned long addr)
|
const struct exception_table_entry *search_module_dbetables(unsigned long addr)
|
||||||
{
|
{
|
||||||
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
|
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
|
||||||
index 31d9db7..22c02bb 100644
|
index a24595d..365ecf5 100644
|
||||||
--- a/arch/sh/Kconfig
|
--- a/arch/sh/Kconfig
|
||||||
+++ b/arch/sh/Kconfig
|
+++ b/arch/sh/Kconfig
|
||||||
@@ -34,6 +34,8 @@ config SUPERH
|
@@ -34,6 +34,8 @@ config SUPERH
|
||||||
@ -5231,10 +5237,10 @@ index ff8e02d..0000000
|
|||||||
-
|
-
|
||||||
-#endif /* __SPARC_MODULE_H */
|
-#endif /* __SPARC_MODULE_H */
|
||||||
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
|
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
|
||||||
index fe12881..2d8bc27 100644
|
index 932e443..1603f30 100644
|
||||||
--- a/arch/tile/Kconfig
|
--- a/arch/tile/Kconfig
|
||||||
+++ b/arch/tile/Kconfig
|
+++ b/arch/tile/Kconfig
|
||||||
@@ -15,6 +15,7 @@ config TILE
|
@@ -17,6 +17,7 @@ config TILE
|
||||||
select SYS_HYPERVISOR
|
select SYS_HYPERVISOR
|
||||||
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
||||||
select GENERIC_CLOCKEVENTS
|
select GENERIC_CLOCKEVENTS
|
||||||
@ -5357,7 +5363,7 @@ index ed5b44d..14dc41d 100644
|
|||||||
|
|
||||||
#endif /* __ASM_GENERIC_MODULE_H */
|
#endif /* __ASM_GENERIC_MODULE_H */
|
||||||
diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h
|
diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h
|
||||||
index b2be02e..b85dda8 100644
|
index b2be02e..560ca53 100644
|
||||||
--- a/include/linux/moduleloader.h
|
--- a/include/linux/moduleloader.h
|
||||||
+++ b/include/linux/moduleloader.h
|
+++ b/include/linux/moduleloader.h
|
||||||
@@ -28,21 +28,49 @@ void *module_alloc(unsigned long size);
|
@@ -28,21 +28,49 @@ void *module_alloc(unsigned long size);
|
||||||
@ -5383,7 +5389,7 @@ index b2be02e..b85dda8 100644
|
|||||||
+ unsigned int relsec,
|
+ unsigned int relsec,
|
||||||
+ struct module *me)
|
+ struct module *me)
|
||||||
+{
|
+{
|
||||||
+ pr_err("module %s: REL relocation unsupported\n", me->name);
|
+ printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name);
|
||||||
+ return -ENOEXEC;
|
+ return -ENOEXEC;
|
||||||
+}
|
+}
|
||||||
+#endif
|
+#endif
|
||||||
@ -5407,7 +5413,7 @@ index b2be02e..b85dda8 100644
|
|||||||
+ unsigned int relsec,
|
+ unsigned int relsec,
|
||||||
+ struct module *me)
|
+ struct module *me)
|
||||||
+{
|
+{
|
||||||
+ pr_err("module %s: RELA relocation unsupported\n", me->name);
|
+ printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name);
|
||||||
+ return -ENOEXEC;
|
+ return -ENOEXEC;
|
||||||
+}
|
+}
|
||||||
+#endif
|
+#endif
|
||||||
@ -5446,12 +5452,12 @@ index 4edbd9c..087aeed 100644
|
|||||||
{
|
{
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 69bdeeb86f28489efa7d5f414867bd07b9516c10 Mon Sep 17 00:00:00 2001
|
From 3ad621a6fe31c4b1e73675facc39b2b34eaba3a3 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:26:33 +0100
|
Date: Tue, 24 Jul 2012 14:13:57 +0100
|
||||||
Subject: [PATCH 16/27] Provide macros for forming the name of an ELF note and
|
Subject: [PATCH 16/27] Provide macros for forming the name of an ELF note and
|
||||||
its section
|
its section
|
||||||
|
|
||||||
@ -5486,12 +5492,12 @@ index 278e3ef..949d494 100644
|
|||||||
|
|
||||||
#endif /* _LINUX_ELFNOTE_H */
|
#endif /* _LINUX_ELFNOTE_H */
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 5191f0bcbe03426b90b0a53c9ea960fafba7c269 Mon Sep 17 00:00:00 2001
|
From ebd84cbe7656bb091c8101af3d302ea7c14e7ecf Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:27:05 +0100
|
Date: Tue, 24 Jul 2012 14:14:00 +0100
|
||||||
Subject: [PATCH 17/27] MODSIGN: Provide gitignore and make clean rules for
|
Subject: [PATCH 17/27] MODSIGN: Provide gitignore and make clean rules for
|
||||||
extra files
|
extra files
|
||||||
|
|
||||||
@ -5535,7 +5541,7 @@ index 57af07c..7948eeb 100644
|
|||||||
+random_seed
|
+random_seed
|
||||||
+trustdb.gpg
|
+trustdb.gpg
|
||||||
diff --git a/Makefile b/Makefile
|
diff --git a/Makefile b/Makefile
|
||||||
index aa8e315..4a4a11f 100644
|
index 4bb09e1..5afb466 100644
|
||||||
--- a/Makefile
|
--- a/Makefile
|
||||||
+++ b/Makefile
|
+++ b/Makefile
|
||||||
@@ -1239,6 +1239,7 @@ clean: $(clean-dirs)
|
@@ -1239,6 +1239,7 @@ clean: $(clean-dirs)
|
||||||
@ -5557,12 +5563,12 @@ index e9b7abe..223dfd6 100644
|
|||||||
+mod-extract
|
+mod-extract
|
||||||
|
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From bf067003ae6304d90c278118b5d65d905be16e53 Mon Sep 17 00:00:00 2001
|
From 5071caadfaf48a29826bb0fb934bf8046878ca00 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:27:16 +0100
|
Date: Tue, 24 Jul 2012 14:14:01 +0100
|
||||||
Subject: [PATCH 18/27] MODSIGN: Provide Documentation and Kconfig options
|
Subject: [PATCH 18/27] MODSIGN: Provide Documentation and Kconfig options
|
||||||
|
|
||||||
Provide documentation and kernel configuration options for module signing.
|
Provide documentation and kernel configuration options for module signing.
|
||||||
@ -5596,7 +5602,7 @@ The following configuration options are added:
|
|||||||
|
|
||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
Documentation/module-signing.txt | 194 ++++++++++++++++++++++++++++++++++++++
|
Documentation/module-signing.txt | 194 +++++++++++++++++++++++++++++++++++++++
|
||||||
include/linux/modsign.h | 27 ++++++
|
include/linux/modsign.h | 27 ++++++
|
||||||
init/Kconfig | 54 +++++++++++
|
init/Kconfig | 54 +++++++++++
|
||||||
3 files changed, 275 insertions(+)
|
3 files changed, 275 insertions(+)
|
||||||
@ -5902,12 +5908,12 @@ index d07dcf9..1d1a056 100644
|
|||||||
|
|
||||||
config INIT_ALL_POSSIBLE
|
config INIT_ALL_POSSIBLE
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 19c2fd74747b84e445b0a4eb7f7308a238267aec Mon Sep 17 00:00:00 2001
|
From 506ebdd9cc53b7e1fe5c1a1351bf1e42cce4c856 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:27:38 +0100
|
Date: Tue, 24 Jul 2012 14:14:01 +0100
|
||||||
Subject: [PATCH 19/27] MODSIGN: Sign modules during the build process
|
Subject: [PATCH 19/27] MODSIGN: Sign modules during the build process
|
||||||
|
|
||||||
If CONFIG_MODULE_SIG is set, then this patch will cause the module to get a
|
If CONFIG_MODULE_SIG is set, then this patch will cause the module to get a
|
||||||
@ -5949,7 +5955,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
---
|
---
|
||||||
scripts/Makefile.modpost | 87 ++++-
|
scripts/Makefile.modpost | 87 ++++-
|
||||||
scripts/mod/Makefile | 2 +-
|
scripts/mod/Makefile | 2 +-
|
||||||
scripts/mod/mod-extract.c | 913 +++++++++++++++++++++++++++++++++++++++++++
|
scripts/mod/mod-extract.c | 913 ++++++++++++++++++++++++++++++++++++++++++++
|
||||||
scripts/mod/modsign-note.sh | 16 +
|
scripts/mod/modsign-note.sh | 16 +
|
||||||
4 files changed, 1016 insertions(+), 2 deletions(-)
|
4 files changed, 1016 insertions(+), 2 deletions(-)
|
||||||
create mode 100644 scripts/mod/mod-extract.c
|
create mode 100644 scripts/mod/mod-extract.c
|
||||||
@ -7027,12 +7033,12 @@ index 0000000..bca67c0
|
|||||||
+
|
+
|
||||||
+exit 0
|
+exit 0
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 05f68f1852611dd7f2f7d28c677b1205b66d4337 Mon Sep 17 00:00:00 2001
|
From c075a55ef7dd94b37406e09c542f69994e73424c Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:27:49 +0100
|
Date: Tue, 24 Jul 2012 14:14:01 +0100
|
||||||
Subject: [PATCH 20/27] MODSIGN: Module signature verification stub
|
Subject: [PATCH 20/27] MODSIGN: Module signature verification stub
|
||||||
|
|
||||||
Create a stub for the module signature verifier and link it into module.c so
|
Create a stub for the module signature verifier and link it into module.c so
|
||||||
@ -7065,10 +7071,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
---
|
---
|
||||||
include/linux/module.h | 3 ++
|
include/linux/module.h | 3 ++
|
||||||
kernel/Makefile | 1 +
|
kernel/Makefile | 1 +
|
||||||
kernel/module-verify-defs.h | 77 ++++++++++++++++++++++++++++++
|
kernel/module-verify-defs.h | 77 +++++++++++++++++++++++++++++++
|
||||||
kernel/module-verify.c | 110 +++++++++++++++++++++++++++++++++++++++++++
|
kernel/module-verify.c | 110 ++++++++++++++++++++++++++++++++++++++++++++
|
||||||
kernel/module-verify.h | 20 ++++++++
|
kernel/module-verify.h | 20 ++++++++
|
||||||
kernel/module.c | 26 ++++++++--
|
kernel/module.c | 26 +++++++++--
|
||||||
6 files changed, 232 insertions(+), 5 deletions(-)
|
6 files changed, 232 insertions(+), 5 deletions(-)
|
||||||
create mode 100644 kernel/module-verify-defs.h
|
create mode 100644 kernel/module-verify-defs.h
|
||||||
create mode 100644 kernel/module-verify.c
|
create mode 100644 kernel/module-verify.c
|
||||||
@ -7415,12 +7421,12 @@ index 087aeed..a59a9da 100644
|
|||||||
if (last_unloaded_module[0])
|
if (last_unloaded_module[0])
|
||||||
printk(" [last unloaded: %s]", last_unloaded_module);
|
printk(" [last unloaded: %s]", last_unloaded_module);
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From a8622506bccd42aecd271d2735f6734e539125ac Mon Sep 17 00:00:00 2001
|
From 632507c5c70caad4ac7000d573b60236e405247b Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:28:33 +0100
|
Date: Tue, 24 Jul 2012 14:14:02 +0100
|
||||||
Subject: [PATCH 21/27] MODSIGN: Automatically generate module signing keys if
|
Subject: [PATCH 21/27] MODSIGN: Automatically generate module signing keys if
|
||||||
missing
|
missing
|
||||||
|
|
||||||
@ -7497,12 +7503,12 @@ index cec222a..28cd248 100644
|
|||||||
+endif
|
+endif
|
||||||
+CLEAN_FILES += modsign.pub modsign.sec genkey random_seed
|
+CLEAN_FILES += modsign.pub modsign.sec genkey random_seed
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 2bde4c453e0b5ec52fe95c3fb800af86fdc38546 Mon Sep 17 00:00:00 2001
|
From bbbe230903a8c8f1d3aa7d2cc7f850930ff1539f Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:28:41 +0100
|
Date: Tue, 24 Jul 2012 14:14:02 +0100
|
||||||
Subject: [PATCH 22/27] MODSIGN: Provide module signing public keys to the
|
Subject: [PATCH 22/27] MODSIGN: Provide module signing public keys to the
|
||||||
kernel
|
kernel
|
||||||
|
|
||||||
@ -7524,7 +7530,7 @@ their removal and preventing further modules from being loaded with that key.
|
|||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
kernel/Makefile | 25 ++++++++-------
|
kernel/Makefile | 25 ++++++++-------
|
||||||
kernel/modsign-pubkey.c | 75 +++++++++++++++++++++++++++++++++++++++++++
|
kernel/modsign-pubkey.c | 75 +++++++++++++++++++++++++++++++++++++++++++++
|
||||||
kernel/module-verify-defs.h | 4 +++
|
kernel/module-verify-defs.h | 4 +++
|
||||||
kernel/module-verify.c | 2 --
|
kernel/module-verify.c | 2 --
|
||||||
4 files changed, 93 insertions(+), 13 deletions(-)
|
4 files changed, 93 insertions(+), 13 deletions(-)
|
||||||
@ -7683,12 +7689,12 @@ index 4bf857e..05473e6 100644
|
|||||||
#include <linux/moduleparam.h>
|
#include <linux/moduleparam.h>
|
||||||
#include <keys/crypto-type.h>
|
#include <keys/crypto-type.h>
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 689ea2a8739a5d61b7c55cd9084dd3096585c6de Mon Sep 17 00:00:00 2001
|
From e4f50fd14864d574dfa77002da3bc51bbb0046bc Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:29:17 +0100
|
Date: Tue, 24 Jul 2012 14:14:02 +0100
|
||||||
Subject: [PATCH 23/27] MODSIGN: Check the ELF container
|
Subject: [PATCH 23/27] MODSIGN: Check the ELF container
|
||||||
|
|
||||||
Check the ELF container of the kernel module to prevent the kernel from
|
Check the ELF container of the kernel module to prevent the kernel from
|
||||||
@ -7767,7 +7773,7 @@ code, presumably because some local variables can be discarded.
|
|||||||
|
|
||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
kernel/module-verify.c | 230 ++++++++++++++++++++++++++++++++++++++++++++++++
|
kernel/module-verify.c | 230 +++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
1 file changed, 230 insertions(+)
|
1 file changed, 230 insertions(+)
|
||||||
|
|
||||||
diff --git a/kernel/module-verify.c b/kernel/module-verify.c
|
diff --git a/kernel/module-verify.c b/kernel/module-verify.c
|
||||||
@ -8019,12 +8025,12 @@ index 05473e6..2161d11 100644
|
|||||||
/* Deal with an unsigned module */
|
/* Deal with an unsigned module */
|
||||||
if (modsign_signedonly) {
|
if (modsign_signedonly) {
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 4e90f1f1f04b2efb070f15211e644a8a86a2142e Mon Sep 17 00:00:00 2001
|
From b9e2653685ab246ee774d4ea0d178f9d43b003f8 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:29:43 +0100
|
Date: Tue, 24 Jul 2012 14:14:02 +0100
|
||||||
Subject: [PATCH 24/27] MODSIGN: Produce a filtered and canonicalised section
|
Subject: [PATCH 24/27] MODSIGN: Produce a filtered and canonicalised section
|
||||||
list
|
list
|
||||||
|
|
||||||
@ -8040,7 +8046,7 @@ Canonicalisation is done by sorting the filtered list in order of section name.
|
|||||||
|
|
||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
kernel/module-verify.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++
|
kernel/module-verify.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
1 file changed, 80 insertions(+)
|
1 file changed, 80 insertions(+)
|
||||||
|
|
||||||
diff --git a/kernel/module-verify.c b/kernel/module-verify.c
|
diff --git a/kernel/module-verify.c b/kernel/module-verify.c
|
||||||
@ -8143,12 +8149,12 @@ index 2161d11..646b104 100644
|
|||||||
out:
|
out:
|
||||||
switch (ret) {
|
switch (ret) {
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 5f48916c06318abb0821b41bc06f457248ed87eb Mon Sep 17 00:00:00 2001
|
From 425b80d71cb3d29ad9a5d1573b1ba62e8acc9846 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:30:02 +0100
|
Date: Tue, 24 Jul 2012 14:14:03 +0100
|
||||||
Subject: [PATCH 25/27] MODSIGN: Create digest of module content and check
|
Subject: [PATCH 25/27] MODSIGN: Create digest of module content and check
|
||||||
signature
|
signature
|
||||||
|
|
||||||
@ -8193,7 +8199,7 @@ somewhat smaller code.
|
|||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
---
|
---
|
||||||
kernel/module-verify-defs.h | 11 +-
|
kernel/module-verify-defs.h | 11 +-
|
||||||
kernel/module-verify.c | 332 ++++++++++++++++++++++++++++++++++++++++++-
|
kernel/module-verify.c | 332 +++++++++++++++++++++++++++++++++++++++++++-
|
||||||
2 files changed, 337 insertions(+), 6 deletions(-)
|
2 files changed, 337 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
diff --git a/kernel/module-verify-defs.h b/kernel/module-verify-defs.h
|
diff --git a/kernel/module-verify-defs.h b/kernel/module-verify-defs.h
|
||||||
@ -8580,12 +8586,12 @@ index 646b104..e275759 100644
|
|||||||
|
|
||||||
out:
|
out:
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 25841b75e473511f1dbe84cfb333ef2b748d2ec6 Mon Sep 17 00:00:00 2001
|
From 83b8771f504bdb2d75df57697445211ca312a08b Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:30:22 +0100
|
Date: Tue, 24 Jul 2012 14:14:03 +0100
|
||||||
Subject: [PATCH 26/27] MODSIGN: Suppress some redundant ELF checks
|
Subject: [PATCH 26/27] MODSIGN: Suppress some redundant ELF checks
|
||||||
|
|
||||||
Suppress some redundant ELF checks in module_verify_elf() that are also done
|
Suppress some redundant ELF checks in module_verify_elf() that are also done
|
||||||
@ -8617,12 +8623,12 @@ index e275759..bfd1286 100644
|
|||||||
/* Validate the section table contents */
|
/* Validate the section table contents */
|
||||||
mvdata->nsects = hdr->e_shnum;
|
mvdata->nsects = hdr->e_shnum;
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
||||||
|
|
||||||
From 3ac2defabc1996584fac06b76070138fe56753e6 Mon Sep 17 00:00:00 2001
|
From a7ec988440e9c8b0deaf769c79b4b3cfe45eb411 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 16:30:40 +0100
|
Date: Tue, 24 Jul 2012 14:14:03 +0100
|
||||||
Subject: [PATCH 27/27] MODSIGN: Panic the kernel if FIPS is enabled upon
|
Subject: [PATCH 27/27] MODSIGN: Panic the kernel if FIPS is enabled upon
|
||||||
module signing failure
|
module signing failure
|
||||||
|
|
||||||
@ -8660,5 +8666,5 @@ index bfd1286..b9c3955 100644
|
|||||||
case 0: /* Good signature */
|
case 0: /* Good signature */
|
||||||
*_gpgsig_ok = true;
|
*_gpgsig_ok = true;
|
||||||
--
|
--
|
||||||
1.7.10.4
|
1.7.11.2
|
||||||
|
|
1161
secure-boot-20120724.patch
Normal file
1161
secure-boot-20120724.patch
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user