apfs/linux-apfs
0
0
Fork 0
mirror of https://github.com/linux-apfs/linux-apfs.git synced 2026-05-01 15:00:59 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Browse Source 
Pull security subsystem updates from James Morris:
 "Highlights:

   - TPM core and driver updates/fixes
   - IPv6 security labeling (CALIPSO)
   - Lots of Apparmor fixes
   - Seccomp: remove 2-phase API, close hole where ptrace can change
     syscall #"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (156 commits)
  apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling
  tpm: Add TPM 2.0 support to the Nuvoton i2c driver (NPCT6xx family)
  tpm: Factor out common startup code
  tpm: use devm_add_action_or_reset
  tpm2_i2c_nuvoton: add irq validity check
  tpm: read burstcount from TPM_STS in one 32-bit transaction
  tpm: fix byte-order for the value read by tpm2_get_tpm_pt
  tpm_tis_core: convert max timeouts from msec to jiffies
  apparmor: fix arg_size computation for when setprocattr is null terminated
  apparmor: fix oops, validate buffer size in apparmor_setprocattr()
  apparmor: do not expose kernel stack
  apparmor: fix module parameters can be changed after policy is locked
  apparmor: fix oops in profile_unpack() when policy_db is not present
  apparmor: don't check for vmalloc_addr if kvzalloc() failed
  apparmor: add missing id bounds check on dfa verification
  apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task
  apparmor: use list_next_entry instead of list_entry_next
  apparmor: fix refcount race when finding a child profile
  apparmor: fix ref count leak when profile sha1 hash is read
  apparmor: check that xindex is in trans_table bounds
  ...
This commit is contained in:
Linus Torvalds
2016-07-29 17:38:46 -07:00
parent a867d7349e 7616ac70d1
commit 7a1e8b80fb
126 changed files with 7294 additions and 2144 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/sign-file.c
+26 -8
View File
@@ -1,6 +1,6 @@
/* Sign a module file using the given key.
*
* Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved.
* Copyright © 2014-2016 Red Hat, Inc. All Rights Reserved.
* Copyright © 2015 Intel Corporation.
* Copyright © 2016 Hewlett Packard Enterprise Development LP
*
@@ -167,19 +167,37 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
static X509 *read_x509(const char *x509_name)
{
unsigned char buf[2];
X509 *x509;
BIO *b;
int n;
b = BIO_new_file(x509_name, "rb");
ERR(!b, "%s", x509_name);
x509 = d2i_X509_bio(b, NULL); /* Binary encoded X.509 */
if (!x509) {
ERR(BIO_reset(b) != 1, "%s", x509_name);
x509 = PEM_read_bio_X509(b, NULL, NULL,
NULL); /* PEM encoded X.509 */
if (x509)
drain_openssl_errors();
/* Look at the first two bytes of the file to determine the encoding */
n = BIO_read(b, buf, 2);
if (n != 2) {
if (BIO_should_retry(b)) {
fprintf(stderr, "%s: Read wanted retry\n", x509_name);
exit(1);
}
if (n >= 0) {
fprintf(stderr, "%s: Short read\n", x509_name);
exit(1);
}
ERR(1, "%s", x509_name);
}
ERR(BIO_reset(b) != 0, "%s", x509_name);
if (buf[0] == 0x30 && buf[1] >= 0x81 && buf[1] <= 0x84)
/* Assume raw DER encoded X.509 */
x509 = d2i_X509_bio(b, NULL);
else
/* Assume PEM encoded X.509 */
x509 = PEM_read_bio_X509(b, NULL, NULL, NULL);
BIO_free(b);
ERR(!x509, "%s", x509_name);