From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932426AbbIYPzB (ORCPT ); Fri, 25 Sep 2015 11:55:01 -0400 Received: from mx1.redhat.com ([209.132.183.28]:37380 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756518AbbIYPy6 convert rfc822-to-8bit (ORCPT ); Fri, 25 Sep 2015 11:54:58 -0400 Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells To: jmorris@namei.org cc: dhowells@redhat.com, dwmw2@infradead.org, pmatouse@redhat.com, arjan@linux.intel.com, apw@canonical.com, vlee@twopensource.com, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [GIT PULL] Miscellaneous keyrings and modsign fixes MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <23014.1443196492.1@warthog.procyon.org.uk> Content-Transfer-Encoding: 8BIT Date: Fri, 25 Sep 2015 16:54:52 +0100 Message-ID: <23015.1443196492@warthog.procyon.org.uk> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi James, Can you pass these changes on to Linus? There are four: (1) Fix a potential race between keyring destruction and keyring lookup by name. (2) Remove unneeded headers from extract-cert.c, at least one of which will prevent it from compiling if the openssl libs are too old. (3) Don't strip leading zeros from the key ID when using it to construct a key description lest this make the key not match. (4) Downgrade use of CMS-based signatures to PKCS#7-based signatures if the openssl libs are too old. Note that in this case, you are also limited to using SHA1 as the pre-1.0.0 openssl libs don't support anything else. Thanks, David --- The following changes since commit ced255c0c5fb9ab52c9465982f23b1c14005ef8b: Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux (2015-09-24 20:14:26 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20150925 for you to fetch changes up to 283e8ba2dfde54f8f27d7d0f459a07de79a39d55: MODSIGN: Change from CMS to PKCS#7 signing if the openssl is too old (2015-09-25 16:31:46 +0100) ---------------------------------------------------------------- Keyrings fixes ---------------------------------------------------------------- David Howells (4): KEYS: Fix race between key destruction and finding a keyring by name KEYS: Remove unnecessary header #inclusions from extract-cert.c X.509: Don't strip leading 00's from key ID when constructing key description MODSIGN: Change from CMS to PKCS#7 signing if the openssl is too old Documentation/Changes | 2 +- crypto/asymmetric_keys/x509_public_key.c | 4 -- scripts/extract-cert.c | 4 -- scripts/sign-file.c | 94 ++++++++++++++++++++++++++------ security/keys/gc.c | 8 +-- 5 files changed, 82 insertions(+), 30 deletions(-)