summaryrefslogtreecommitdiff
path: root/scripts/extract-cert.c
AgeCommit message (Collapse)AuthorFilesLines
2022-11-25cert host tools: Stop complaining about deprecated OpenSSL functionsLinus Torvalds1-0/+7
commit 6bfb56e93bcef41859c2d5ab234ffd80b691be35 upstream. OpenSSL 3.0 deprecated the OpenSSL's ENGINE API. That is as may be, but the kernel build host tools still use it. Disable the warning about deprecated declarations until somebody who cares fixes it. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-09-25KEYS: Remove unnecessary header #inclusions from extract-cert.cDavid Howells1-4/+0
Remove headers #included unnecessarily from extract-cert.c lest they cause compilation of the tool to fail against an older OpenSSL library. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: David Woodhouse <David.Woodhouse@intel.com>
2015-09-15modsign: Fix GPL/OpenSSL licence incompatibilityDavid Woodhouse1-5/+5
The GPL does not permit us to link against the OpenSSL library. Use LGPL for sign-file and extract-file instead. [ The whole "openssl isn't compatible with gpl" is really just fear-mongering, but there's no reason not to make modsign LGPL, so nobody cares. - Linus ] Reported-by: Julian Andres Klode <jak@jak-linux.org> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Julian Andres Klode <jak@jak-linux.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-09-12MODSIGN: fix a compilation warning in extract-certDavid Howells1-1/+1
Fix the following warning when compiling extract-cert: scripts/extract-cert.c: In function `write_cert': scripts/extract-cert.c:89:2: warning: format not a string literal and no format arguments [-Wformat-security] ERR(!i2d_X509_bio(wb, x509), cert_dst); ^ whereby the ERR() macro is taking cert_dst as the format string. "%s" should be used as the format string as the path could contain special characters. Signed-off-by: David Howells <dhowells@redhat.com> Reported-by: Jim Davis <jim.epost@gmail.com> Acked-by : David Woodhouse <david.woodhouse@intel.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-08-12extract-cert: Cope with multiple X.509 certificates in a single fileDavid Woodhouse1-12/+46
This is not required for the module signing key, although it doesn't do any harm — it just means that any additional certs in the PEM file are also trusted by the kernel. But it does allow us to use the extract-cert tool for processing the extra certs from CONFIG_SYSTEM_TRUSTED_KEYS, instead of that horrid awk|base64 hack. Also cope with being invoked with no input file, creating an empty output file as a result. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
2015-08-07modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if neededDavid Woodhouse1-0/+132
Where an external PEM file or PKCS#11 URI is given, we can get the cert from it for ourselves instead of making the user drop signing_key.x509 in place for us. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
generated by cgit v1.2.3 (git 2.39.0) at 2024-10-17 20:20:41 +0300