• Linus Torvalds's avatar
    Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 32627645
    Linus Torvalds authored
    Pull key subsystem fixes from James Morris:
     "Here are a bunch of fixes for Linux keyrings, including:
    
       - Fix up the refcount handling now that key structs use the
         refcount_t type and the refcount_t ops don't allow a 0->1
         transition.
    
       - Fix a potential NULL deref after error in x509_cert_parse().
    
       - Don't put data for the crypto algorithms to use on the stack.
    
       - Fix the handling of a null payload being passed to add_key().
    
       - Fix incorrect cleanup an uninitialised key_preparsed_payload in
         key_update().
    
       - Explicit sanitisation of potentially secure data before freeing.
    
       - Fixes for the Diffie-Helman code"
    
    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (23 commits)
      KEYS: fix refcount_inc() on zero
      KEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP API
      crypto : asymmetric_keys : verify_pefile:zero memory content before freeing
      KEYS: DH: add __user annotations to keyctl_kdf_params
      KEYS: DH: ensure the KDF counter is properly aligned
      KEYS: DH: don't feed uninitialized "otherinfo" into KDF
      KEYS: DH: forbid using digest_null as the KDF hash
      KEYS: sanitize key structs before freeing
      KEYS: trusted: sanitize all key material
      KEYS: encrypted: sanitize all key material
      KEYS: user_defined: sanitize key payloads
      KEYS: sanitize add_key() and keyctl() key payloads
      KEYS: fix freeing uninitialized memory in key_update()
      KEYS: fix dereferencing NULL payload with nonzero length
      KEYS: encrypted: use constant-time HMAC comparison
      KEYS: encrypted: fix race causing incorrect HMAC calculations
      KEYS: encrypted: fix buffer overread in valid_master_desc()
      KEYS: encrypted: avoid encrypting/decrypting stack buffers
      KEYS: put keyring if install_session_keyring_to_cred() fails
      KEYS: Delete an error message for a failed memory allocation in get_derived_key()
      ...
    32627645
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...