From: David Howells <dhowells@redhat.com>
To: jmorris@namei.org
Cc: dhowells@redhat.com, dwmw2@infradead.org, pmatouse@redhat.com,
arjan@linux.intel.com, apw@canonical.com, vlee@twopensource.com,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [GIT PULL] Miscellaneous keyrings and modsign fixes
Date: Fri, 25 Sep 2015 16:54:52 +0100 [thread overview]
Message-ID: <23015.1443196492@warthog.procyon.org.uk> (raw)
Hi James,
Can you pass these changes on to Linus? There are four:
(1) Fix a potential race between keyring destruction and keyring lookup by
name.
(2) Remove unneeded headers from extract-cert.c, at least one of which will
prevent it from compiling if the openssl libs are too old.
(3) Don't strip leading zeros from the key ID when using it to construct a
key description lest this make the key not match.
(4) Downgrade use of CMS-based signatures to PKCS#7-based signatures if the
openssl libs are too old. Note that in this case, you are also limited
to using SHA1 as the pre-1.0.0 openssl libs don't support anything else.
Thanks,
David
---
The following changes since commit ced255c0c5fb9ab52c9465982f23b1c14005ef8b:
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux (2015-09-24 20:14:26 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20150925
for you to fetch changes up to 283e8ba2dfde54f8f27d7d0f459a07de79a39d55:
MODSIGN: Change from CMS to PKCS#7 signing if the openssl is too old (2015-09-25 16:31:46 +0100)
----------------------------------------------------------------
Keyrings fixes
----------------------------------------------------------------
David Howells (4):
KEYS: Fix race between key destruction and finding a keyring by name
KEYS: Remove unnecessary header #inclusions from extract-cert.c
X.509: Don't strip leading 00's from key ID when constructing key description
MODSIGN: Change from CMS to PKCS#7 signing if the openssl is too old
Documentation/Changes | 2 +-
crypto/asymmetric_keys/x509_public_key.c | 4 --
scripts/extract-cert.c | 4 --
scripts/sign-file.c | 94 ++++++++++++++++++++++++++------
security/keys/gc.c | 8 +--
5 files changed, 82 insertions(+), 30 deletions(-)
next reply other threads:[~2015-09-25 15:55 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-25 15:54 David Howells [this message]
2015-09-29 9:17 ` [GIT PULL] Miscellaneous keyrings and modsign fixes James Morris
2015-09-29 9:17 ` James Morris
2016-02-11 8:11 ` Philipp Hahn
2016-02-11 11:41 ` David Howells
2016-02-11 13:35 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=23015.1443196492@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=apw@canonical.com \
--cc=arjan@linux.intel.com \
--cc=dwmw2@infradead.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=pmatouse@redhat.com \
--cc=vlee@twopensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox