25 Sep, 2015
1 commit
-
Remove headers #included unnecessarily from extract-cert.c lest they cause
compilation of the tool to fail against an older OpenSSL library.Signed-off-by: David Howells
Acked-by: David Woodhouse
16 Sep, 2015
1 commit
-
The GPL does not permit us to link against the OpenSSL library. Use
LGPL for sign-file and extract-file instead.[ The whole "openssl isn't compatible with gpl" is really just
fear-mongering, but there's no reason not to make modsign LGPL, so
nobody cares. - Linus ]Reported-by: Julian Andres Klode
Signed-off-by: David Woodhouse
Signed-off-by: David Howells
Reviewed-by: Julian Andres Klode
Signed-off-by: Linus Torvalds
12 Sep, 2015
1 commit
-
Fix the following warning when compiling extract-cert:
scripts/extract-cert.c: In function `write_cert':
scripts/extract-cert.c:89:2: warning: format not a string literal and no format arguments [-Wformat-security]
ERR(!i2d_X509_bio(wb, x509), cert_dst);
^whereby the ERR() macro is taking cert_dst as the format string. "%s"
should be used as the format string as the path could contain special
characters.Signed-off-by: David Howells
Reported-by: Jim Davis
Acked-by : David Woodhouse
Cc: James Morris
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
13 Aug, 2015
1 commit
-
This is not required for the module signing key, although it doesn't do any
harm — it just means that any additional certs in the PEM file are also
trusted by the kernel.But it does allow us to use the extract-cert tool for processing the extra
certs from CONFIG_SYSTEM_TRUSTED_KEYS, instead of that horrid awk|base64
hack.Also cope with being invoked with no input file, creating an empty output
file as a result.Signed-off-by: David Woodhouse
Signed-off-by: David Howells
07 Aug, 2015
1 commit
-
Where an external PEM file or PKCS#11 URI is given, we can get the cert
from it for ourselves instead of making the user drop signing_key.x509
in place for us.Signed-off-by: David Woodhouse
Signed-off-by: David Howells