diff options
author | Thiago Jung Bauermann <bauerman@linux.ibm.com> | 2019-06-27 23:19:26 -0300 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2019-08-05 18:40:19 -0400 |
commit | e201af16d1ec76ccd19b90484d767984ff451f18 (patch) | |
tree | f2e532988d868a67e3ca59c96e93a5a3e50f013f /security | |
parent | 2a7bf671186eb5d1a47ef192aefbdf788f5b38fe (diff) | |
download | linux-e201af16d1ec76ccd19b90484d767984ff451f18.tar.gz linux-e201af16d1ec76ccd19b90484d767984ff451f18.tar.bz2 linux-e201af16d1ec76ccd19b90484d767984ff451f18.zip |
PKCS#7: Introduce pkcs7_get_digest()
IMA will need to access the digest of the PKCS7 message (as calculated by
the kernel) before the signature is verified, so introduce
pkcs7_get_digest() for that purpose.
Also, modify pkcs7_digest() to detect when the digest was already
calculated so that it doesn't have to do redundant work. Verifying that
sinfo->sig->digest isn't NULL is sufficient because both places which
allocate sinfo->sig (pkcs7_parse_message() and pkcs7_note_signed_info())
use kzalloc() so sig->digest is always initialized to zero.
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions