• Thiago Jung Bauermann's avatar
    PKCS#7: Introduce pkcs7_get_digest() · e201af16
    Thiago Jung Bauermann authored
    IMA will need to access the digest of the PKCS7 message (as calculated by
    the kernel) before the signature is verified, so introduce
    pkcs7_get_digest() for that purpose.
    
    Also, modify pkcs7_digest() to detect when the digest was already
    calculated so that it doesn't have to do redundant work. Verifying that
    sinfo->sig->digest isn't NULL is sufficient because both places which
    allocate sinfo->sig (pkcs7_parse_message() and pkcs7_note_signed_info())
    use kzalloc() so sig->digest is always initialized to zero.
    Signed-off-by: default avatarThiago Jung Bauermann <bauerman@linux.ibm.com>
    Reviewed-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    Cc: David Howells <dhowells@redhat.com>
    Cc: David Woodhouse <dwmw2@infradead.org>
    Cc: Herbert Xu <herbert@gondor.apana.org.au>
    Cc: "David S. Miller" <davem@davemloft.net>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    e201af16
pkcs7_verify.c 13.2 KB