On Wed, 12 Apr 2017, David Howells wrote: > > Hi James, > > Could you pull these changes into security/next please: > > (1) Provide a blacklist keyring and a blacklist key type such that X.509 > keys and PKCS#7 certs can be blacklisted. It is possible to load the > blacklist from a file at compile time. A future patch will > additionally load the blacklist from the UEFI blacklist if available. > > (2) Make it possible to create a userspace keyring and to apply a > restriction to it such that no new keys can be added unless they meet > the criteria. > > (3) Add SP800-56A KDF support for the DH operation. >
Pulled, thanks. -- James Morris <[email protected]>
