On Wed, Sep 16, 2015 at 3:45 PM, David Howells <dhowe...@redhat.com> wrote: > David Howells <dhowe...@redhat.com> wrote: > >> Hmmm... Tricky. I'll have to think about it. I'm using PKCS7_NOCERTS with >> PKCS7_sign_add_signer() (or the CMS equivalents) to leave the cert list out >> of >> the message - but it's then necessary to manually specify the signers - at >> least so I recall. > > It's worse than that. The PKCS7_sign() function in pre-1.0.0 OpenSSL crypto > libs will only do SHA1. > > Now, it will work, and SHA1 might be just about acceptable for something based > on that old an OpenSSL library. > > With this in mind, does the attached additional patch (on top of the one I > gave you yesterday) work for you? You need to set CONFIG_MODULE_SIG_SHA1=y in > your config. >
I'm now getting this build warning and error after applying the additional patch on top of the previous patch. HOSTCC scripts/sign-file scripts/sign-file.c: In function ‘main’: scripts/sign-file.c:289:3: warning: implicit declaration of function ‘i2d_PKCS7_bio_stream’ [-Wimplicit-function-declaration] ERR(i2d_PKCS7_bio_stream(b, pkcs7, NULL, 0) < 0, ^ sign-file.c:(.text.startup+0x3e7): undefined reference to `i2d_PKCS7_bio_stream' scripts/sign-file.c 285 #ifndef USE_PKCS7 286 ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0, 287 "%s", sig_file_name); 288 #else 289 ERR(i2d_PKCS7_bio_stream(b, pkcs7, NULL, 0) < 0, 290 "%s", sig_file_name); 291 #endif Vinson -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
