From: David Howells <dhowells@redhat.com>
To: jmorris@namei.org
Cc: dhowells@redhat.com, dwmw2@infradead.org, pmatouse@redhat.com,
arjan@linux.intel.com, apw@canonical.com, vlee@twopensource.com,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [GIT PULL] Miscellaneous keyrings and modsign fixes
Date: Fri, 25 Sep 2015 16:54:52 +0100 [thread overview]
Message-ID: <23015.1443196492@warthog.procyon.org.uk> (raw)
Hi James,
Can you pass these changes on to Linus? There are four:
(1) Fix a potential race between keyring destruction and keyring lookup by
name.
(2) Remove unneeded headers from extract-cert.c, at least one of which will
prevent it from compiling if the openssl libs are too old.
(3) Don't strip leading zeros from the key ID when using it to construct a
key description lest this make the key not match.
(4) Downgrade use of CMS-based signatures to PKCS#7-based signatures if the
openssl libs are too old. Note that in this case, you are also limited
to using SHA1 as the pre-1.0.0 openssl libs don't support anything else.
Thanks,
David
---
The following changes since commit ced255c0c5fb9ab52c9465982f23b1c14005ef8b:
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux (2015-09-24 20:14:26 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20150925
for you to fetch changes up to 283e8ba2dfde54f8f27d7d0f459a07de79a39d55:
MODSIGN: Change from CMS to PKCS#7 signing if the openssl is too old (2015-09-25 16:31:46 +0100)
----------------------------------------------------------------
Keyrings fixes
----------------------------------------------------------------
David Howells (4):
KEYS: Fix race between key destruction and finding a keyring by name
KEYS: Remove unnecessary header #inclusions from extract-cert.c
X.509: Don't strip leading 00's from key ID when constructing key description
MODSIGN: Change from CMS to PKCS#7 signing if the openssl is too old
Documentation/Changes | 2 +-
crypto/asymmetric_keys/x509_public_key.c | 4 --
scripts/extract-cert.c | 4 --
scripts/sign-file.c | 94 ++++++++++++++++++++++++++------
security/keys/gc.c | 8 +--
5 files changed, 82 insertions(+), 30 deletions(-)
next reply other threads:[~2015-09-25 15:55 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-25 15:54 David Howells [this message]
2015-09-29 9:17 ` [GIT PULL] Miscellaneous keyrings and modsign fixes James Morris
2015-09-29 9:17 ` James Morris
2016-02-11 8:11 ` Philipp Hahn
2016-02-11 11:41 ` David Howells
2016-02-11 13:35 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=23015.1443196492@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=apw@canonical.com \
--cc=arjan@linux.intel.com \
--cc=dwmw2@infradead.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=pmatouse@redhat.com \
--cc=vlee@twopensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.