diff options
| author |   Thiago Jung Bauermann <bauerman@linux.ibm.com> | 2019-06-27 23:19:26 -0300 |
|---|---|---|
| committer |   Mimi Zohar <zohar@linux.ibm.com> | 2019-08-05 18:40:19 -0400 |
| commit | e201af16d1ec76ccd19b90484d767984ff451f18 (patch) | |
| tree | f2e532988d868a67e3ca59c96e93a5a3e50f013f /security/integrity | |
| parent | PKCS#7: Refactor verify_pkcs7_signature() (diff) | |
| download | linux-dev-e201af16d1ec76ccd19b90484d767984ff451f18.tar.xz linux-dev-e201af16d1ec76ccd19b90484d767984ff451f18.zip | |
PKCS#7: Introduce pkcs7_get_digest()
IMA will need to access the digest of the PKCS7 message (as calculated by
the kernel) before the signature is verified, so introduce
pkcs7_get_digest() for that purpose.
Also, modify pkcs7_digest() to detect when the digest was already
calculated so that it doesn't have to do redundant work. Verifying that
sinfo->sig->digest isn't NULL is sufficient because both places which
allocate sinfo->sig (pkcs7_parse_message() and pkcs7_note_signed_info())
use kzalloc() so sig->digest is always initialized to zero.
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity')
0 files changed, 0 insertions, 0 deletions