[PATCH v10 03/12] PKCS#7: Introduce pkcs7_get_digest()

Mimi Zohar zohar at linux.ibm.com
Thu May 9 15:42:13 UTC 2019


On Thu, 2019-04-18 at 00:51 -0300, Thiago Jung Bauermann wrote:
> IMA will need to access the digest of the PKCS7 message (as calculated by
> the kernel) before the signature is verified, so introduce
> pkcs7_get_digest() for that purpose.
> 
> Also, modify pkcs7_digest() to detect when the digest was already
> calculated so that it doesn't have to do redundant work. Verifying that
> sinfo->sig->digest isn't NULL is sufficient because both places which
> allocate sinfo->sig (pkcs7_parse_message() and pkcs7_note_signed_info())
> use kzalloc() so sig->digest is always initialized to zero.
> 
> Signed-off-by: Thiago Jung Bauermann <bauerman at linux.ibm.com>
> Cc: David Howells <dhowells at redhat.com>
> Cc: Herbert Xu <herbert at gondor.apana.org.au>
> Cc: "David S. Miller" <davem at davemloft.net>

Reviewed-by: Mimi Zohar <zohar at linux.ibm.com>



More information about the Linux-security-module-archive mailing list