Linux-Modules Archive on lore.kernel.org
 help / Atom feed
* [PATCH kmod v3 0/2] read pkcs7 signature with openssl
@ 2019-02-01 20:20 Yauheni Kaliuta
  2019-02-01 20:20 ` [PATCH kmod v3 1/2] testsuite: add modinfo pkcs7 signature test Yauheni Kaliuta
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Yauheni Kaliuta @ 2019-02-01 20:20 UTC (permalink / raw)
  To: linux-modules; +Cc: ykaliuta, Lucas De Marchi

The same as before but with the test.

I found, that using _cleanup_() is more inconvenient, since it will
require wrappers for the types as for _cleanup_free().

Changelog:

v1->v2 no changes, just non-rfc
v2->v3 test added

Yauheni Kaliuta (2):
  testsuite: add modinfo pkcs7 signature test
  libkmod-signature: implement pkcs7 parsing with openssl

 Makefile.am                                   |   4 +-
 configure.ac                                  |  11 +
 libkmod/libkmod-internal.h                    |   3 +
 libkmod/libkmod-module.c                      |   3 +
 libkmod/libkmod-signature.c                   | 197 +++++++++++++++++-
 testsuite/module-playground/dummy.pkcs7       | Bin 0 -> 721 bytes
 testsuite/populate-modules.sh                 |   9 +
 .../test-modinfo/correct-sig_hashalgo.txt     |   2 +-
 .../test-modinfo/correct-sig_key.txt          |   2 +-
 .../test-modinfo/correct-signer.txt           |   2 +-
 testsuite/test-modinfo.c                      |   3 +-
 11 files changed, 227 insertions(+), 9 deletions(-)
 create mode 100644 testsuite/module-playground/dummy.pkcs7

-- 
2.20.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH kmod v3 1/2] testsuite: add modinfo pkcs7 signature test
  2019-02-01 20:20 [PATCH kmod v3 0/2] read pkcs7 signature with openssl Yauheni Kaliuta
@ 2019-02-01 20:20 ` Yauheni Kaliuta
  2019-02-01 20:20 ` [PATCH kmod v3 2/2] libkmod-signature: implement pkcs7 parsing with openssl Yauheni Kaliuta
  2019-02-05 21:02 ` [PATCH kmod v3 0/2] read pkcs7 signature " Lucas De Marchi
  2 siblings, 0 replies; 4+ messages in thread
From: Yauheni Kaliuta @ 2019-02-01 20:20 UTC (permalink / raw)
  To: linux-modules; +Cc: ykaliuta, Lucas De Marchi

Use the same approach to generate the signed module, like in the
old signature test: just append the pregenerated binary signature
to the module (the signature check will fail).

In case of need of generating correct signature, from the linux
kernel makefiles (certs/Makefile) it could be like:

$ openssl req -new -nodes -utf8  -sha256 -days 36500 -batch -x509
-config  ./x509.genkey -outform PEM -out signing_key.pem -keyout signing_key.pem
$ /lib/modules/$(uname -r)/build/scripts/extract-cert signing_key.pem signing_key.x509
$ /lib/modules/$(uname -r)/build/scripts/sign-file sha256 signing_key.pem signing_key.x509 module.ko

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
---
 testsuite/module-playground/dummy.pkcs7           | Bin 0 -> 721 bytes
 testsuite/populate-modules.sh                     |   9 +++++++++
 .../test-modinfo/correct-sig_hashalgo.txt         |   2 +-
 .../test-modinfo/correct-sig_key.txt              |   2 +-
 .../test-modinfo/correct-signer.txt               |   2 +-
 testsuite/test-modinfo.c                          |   3 ++-
 6 files changed, 14 insertions(+), 4 deletions(-)
 create mode 100644 testsuite/module-playground/dummy.pkcs7

diff --git a/testsuite/module-playground/dummy.pkcs7 b/testsuite/module-playground/dummy.pkcs7
new file mode 100644
index 0000000000000000000000000000000000000000..bcdb902919dfb61b9be36af8c228dd65f1fddd93
GIT binary patch
literal 721
zcmXqLVp__^snzDu_MMlJooPW6(=>x7rb$eUjE1}h+-#f)Z61uN%q&cdAP!6!qhS+M
zK2TXUP?>?7fu5m`ffgHcC<`->vQuehPKrWFW^SrNVrfZ!dTL&3QDRAIib8g3QC?~e
zkg8-7QM+~cH9xOZ*rFSogg;ylc9-S#$UwD>7j79NBP#<-6B9$ihB~n?-%sDqVA2Y`
zW8-08emS}G@Xd3d7Rs=x&t=w4ymn`^6#rJnBG!+AXA(cnvP#)LN&bV{>idQDlKcKt
z^$LB8&AXKTYLX>)nt$#xqY9o);$O5sylwXhXqi0yyu^pRNuR$h-oM2(BsEUH`hl)l
z;Z`s1GU3_H_5Z_ebs9PSU)`}c%&kMKUDNG>+S5MHMZf25*t(9R&~HJ<!&l2bv1Z2f
zde5Ag!uR~-UEzOPZ)Rv~g-tzOu{r$Z{zx9<FOyzy8hkb83cfJ)BA=a*z|OT?rEXF2
zGAFn_QyKrP_&MQw=f)D_i3ZmXw|)NW@O6@K<?GO$?)DxV)K&;4EmB;Y|NURhuea|X
z)NEx@j(p9b*ZEfb`-JNYtEcL)FkZQ}ZsMFYiPRZic(;FgByBm<OuOltTBYsDipQQW
zT8niKxk+al{r}83{eYK?k;t#qy<hfP@8O-dPpRFE=NglO@xPC<DOIPXm+#%D8SY$i
z#=!IDNqN3ceu;O*PHODayOXt$SFmF1gC#i!{c@PnjyzsGUreHV)>5Aw1(7*B4R<EL
zfBMJ4MVIlV*Q~n>)z1s7aq&0El^lDUd{vLPdZLtI?8#K7Bf`Qf1E<*CeImSh>G`Wq
z4)fp1E&FhKeoM=x^^C!Puf^ARFHu#pX89yCby?%>&AyfuA6=dl#4q1_r;71;+{RC$
vlOkFt^2)AdU|?c^0H&37zWFJoIjIW8ndy0nC8b5cv{q1%nwOHAQpW`VoP;y#

literal 0
HcmV?d00001

diff --git a/testsuite/populate-modules.sh b/testsuite/populate-modules.sh
index ba68a697ce61..5140f7aadf43 100755
--- a/testsuite/populate-modules.sh
+++ b/testsuite/populate-modules.sh
@@ -58,6 +58,7 @@ map=(
     ["test-modinfo/mod-simple-sparc64.ko"]="mod-simple-sparc64.ko"
     ["test-modinfo/mod-simple-sha1.ko"]="mod-simple.ko"
     ["test-modinfo/mod-simple-sha256.ko"]="mod-simple.ko"
+    ["test-modinfo/mod-simple-pkcs7.ko"]="mod-simple.ko"
     ["test-modinfo/external/lib/modules/external/mod-simple.ko"]="mod-simple.ko"
     ["test-tools/insert/lib/modules/4.4.4/kernel/"]="mod-simple.ko"
     ["test-tools/remove/lib/modules/4.4.4/kernel/"]="mod-simple.ko"
@@ -77,6 +78,10 @@ attach_sha1_array=(
     "test-modinfo/mod-simple-sha1.ko"
     )
 
+attach_pkcs7_array=(
+    "test-modinfo/mod-simple-pkcs7.ko"
+    )
+
 for k in ${!map[@]}; do
     dst=${ROOTFS}/$k
     src=${MODULE_PLAYGROUND}/${map[$k]}
@@ -103,3 +108,7 @@ done
 for m in "${attach_sha256_array[@]}"; do
     cat ${MODULE_PLAYGROUND}/dummy.sha256 >> ${ROOTFS}/$m
 done
+
+for m in "${attach_pkcs7_array[@]}"; do
+    cat ${MODULE_PLAYGROUND}/dummy.pkcs7 >> ${ROOTFS}/$m
+done
diff --git a/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt b/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt
index 6d0223efe93e..f97c4faf6ab2 100644
--- a/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt
+++ b/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt
@@ -1,3 +1,3 @@
 sha1
 sha256
-
+sha256
diff --git a/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt b/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt
index 7dc4c6aa1373..25a75a8cb68f 100644
--- a/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt
+++ b/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt
@@ -1,3 +1,3 @@
 E3:C8:FC:A7:3F:B3:1D:DE:84:81:EF:38:E3:4C:DE:4B:0C:FD:1B:F9
 E3:C8:FC:A7:3F:B3:1D:DE:84:81:EF:38:E3:4C:DE:4B:0C:FD:1B:F9
-
+26:DA:C3:EB:0F:0D:1A:56:A2:D8:B2:13:F0:D7:53:47:1D:0D:48:68
diff --git a/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt b/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt
index afe83df76df1..2b979f98ef64 100644
--- a/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt
+++ b/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt
@@ -1,3 +1,3 @@
 Magrathea: Glacier signing key
 Magrathea: Glacier signing key
-
+Build time autogenerated kernel key
diff --git a/testsuite/test-modinfo.c b/testsuite/test-modinfo.c
index 8fdfe35ef4e6..504d9dd24b96 100644
--- a/testsuite/test-modinfo.c
+++ b/testsuite/test-modinfo.c
@@ -56,7 +56,8 @@ DEFINE_TEST(test_modinfo_##_field, \
 #define DEFINE_MODINFO_SIGN_TEST(_field) \
 	DEFINE_MODINFO_TEST(_field, \
 			    "/mod-simple-sha1.ko", \
-			    "/mod-simple-sha256.ko")
+			    "/mod-simple-sha256.ko",	\
+			    "/mod-simple-pkcs7.ko")
 
 DEFINE_MODINFO_GENERIC_TEST(filename);
 DEFINE_MODINFO_GENERIC_TEST(author);
-- 
2.20.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH kmod v3 2/2] libkmod-signature: implement pkcs7 parsing with openssl
  2019-02-01 20:20 [PATCH kmod v3 0/2] read pkcs7 signature with openssl Yauheni Kaliuta
  2019-02-01 20:20 ` [PATCH kmod v3 1/2] testsuite: add modinfo pkcs7 signature test Yauheni Kaliuta
@ 2019-02-01 20:20 ` Yauheni Kaliuta
  2019-02-05 21:02 ` [PATCH kmod v3 0/2] read pkcs7 signature " Lucas De Marchi
  2 siblings, 0 replies; 4+ messages in thread
From: Yauheni Kaliuta @ 2019-02-01 20:20 UTC (permalink / raw)
  To: linux-modules; +Cc: ykaliuta, Lucas De Marchi

The patch adds data fetching from the PKCS#7 certificate using
openssl library (which is used by scripts/sign-file.c in the linux
kernel to sign modules).

In general the certificate can contain many signatures, but since
kmod (modinfo) supports only one signature at the moment, only first
one is taken.

With the current sign-file.c certificate doesn't contain signer
key's fingerprint, so "serial number" is used for the key id.

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
---
 Makefile.am                 |   4 +-
 configure.ac                |  11 ++
 libkmod/libkmod-internal.h  |   3 +
 libkmod/libkmod-module.c    |   3 +
 libkmod/libkmod-signature.c | 197 +++++++++++++++++++++++++++++++++++-
 5 files changed, 213 insertions(+), 5 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 1ab1db585316..de1026f8bd46 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -35,6 +35,8 @@ SED_PROCESS = \
 	-e 's,@liblzma_LIBS\@,${liblzma_LIBS},g' \
 	-e 's,@zlib_CFLAGS\@,${zlib_CFLAGS},g' \
 	-e 's,@zlib_LIBS\@,${zlib_LIBS},g' \
+	-e 's,@openssl_CFLAGS\@,${openssl_CFLAGS},g' \
+	-e 's,@openssl_LIBS\@,${openssl_LIBS},g' \
 	< $< > $@ || rm $@
 
 %.pc: %.pc.in Makefile
@@ -87,7 +89,7 @@ libkmod_libkmod_la_DEPENDENCIES = \
 	${top_srcdir}/libkmod/libkmod.sym
 libkmod_libkmod_la_LIBADD = \
 	shared/libshared.la \
-	${liblzma_LIBS} ${zlib_LIBS}
+	${liblzma_LIBS} ${zlib_LIBS} ${openssl_LIBS}
 
 noinst_LTLIBRARIES += libkmod/libkmod-internal.la
 libkmod_libkmod_internal_la_SOURCES = $(libkmod_libkmod_la_SOURCES)
diff --git a/configure.ac b/configure.ac
index fbc7391b2d1b..2e33380a0cc2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -106,6 +106,17 @@ AS_IF([test "x$with_zlib" != "xno"], [
 ])
 CC_FEATURE_APPEND([with_features], [with_zlib], [ZLIB])
 
+AC_ARG_WITH([openssl],
+	AS_HELP_STRING([--with-openssl], [handle PKCS7 signatures @<:@default=disabled@:>@]),
+	[], [with_openssl=no])
+AS_IF([test "x$with_openssl" != "xno"], [
+	PKG_CHECK_MODULES([openssl], [openssl])
+	AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
+], [
+	AC_MSG_NOTICE([openssl support not requested])
+])
+CC_FEATURE_APPEND([with_features], [with_openssl], [OPENSSL])
+
 AC_ARG_WITH([bashcompletiondir],
 	AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]),
 	[],
diff --git a/libkmod/libkmod-internal.h b/libkmod/libkmod-internal.h
index 346579c71aab..a65ddd156f18 100644
--- a/libkmod/libkmod-internal.h
+++ b/libkmod/libkmod-internal.h
@@ -188,5 +188,8 @@ struct kmod_signature_info {
 	const char *algo, *hash_algo, *id_type;
 	const char *sig;
 	size_t sig_len;
+	void (*free)(void *);
+	void *private;
 };
 bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info) _must_check_ __attribute__((nonnull(1, 2)));
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info) __attribute__((nonnull));
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
index 889f26479a98..bffe715cdef4 100644
--- a/libkmod/libkmod-module.c
+++ b/libkmod/libkmod-module.c
@@ -2357,6 +2357,9 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
 	ret = count;
 
 list_error:
+	/* aux structures freed in normal case also */
+	kmod_module_signature_info_free(&sig_info);
+
 	if (ret < 0) {
 		kmod_module_info_free_list(*list);
 		*list = NULL;
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 429ffbd8a957..48d0145a7552 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -19,6 +19,10 @@
 
 #include <endian.h>
 #include <inttypes.h>
+#ifdef ENABLE_OPENSSL
+#include <openssl/cms.h>
+#include <openssl/ssl.h>
+#endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -115,15 +119,194 @@ static bool fill_default(const char *mem, off_t size,
 	return true;
 }
 
-static bool fill_unknown(const char *mem, off_t size,
-			 const struct module_signature *modsig, size_t sig_len,
-			 struct kmod_signature_info *sig_info)
+#ifdef ENABLE_OPENSSL
+
+struct pkcs7_private {
+	CMS_ContentInfo *cms;
+	unsigned char *key_id;
+	BIGNUM *sno;
+};
+
+static void pkcs7_free(void *s)
+{
+	struct kmod_signature_info *si = s;
+	struct pkcs7_private *pvt = si->private;
+
+	CMS_ContentInfo_free(pvt->cms);
+	BN_free(pvt->sno);
+	free(pvt->key_id);
+	free(pvt);
+	si->private = NULL;
+}
+
+static int obj_to_hash_algo(const ASN1_OBJECT *o)
+{
+	int nid;
+
+	nid = OBJ_obj2nid(o);
+	switch (nid) {
+	case NID_md4:
+		return PKEY_HASH_MD4;
+	case NID_md5:
+		return PKEY_HASH_MD5;
+	case NID_sha1:
+		return PKEY_HASH_SHA1;
+	case NID_ripemd160:
+		return PKEY_HASH_RIPE_MD_160;
+	case NID_sha256:
+		return PKEY_HASH_SHA256;
+	case NID_sha384:
+		return PKEY_HASH_SHA384;
+	case NID_sha512:
+		return PKEY_HASH_SHA512;
+	case NID_sha224:
+		return PKEY_HASH_SHA224;
+	default:
+		return -1;
+	}
+	return -1;
+}
+
+static const char *x509_name_to_str(X509_NAME *name)
+{
+	int i;
+	X509_NAME_ENTRY *e;
+	ASN1_STRING *d;
+	ASN1_OBJECT *o;
+	int nid = -1;
+	const char *str;
+
+	for (i = 0; i < X509_NAME_entry_count(name); i++) {
+		e = X509_NAME_get_entry(name, i);
+		o = X509_NAME_ENTRY_get_object(e);
+		nid = OBJ_obj2nid(o);
+		if (nid == NID_commonName)
+			break;
+	}
+	if (nid == -1)
+		return NULL;
+
+	d = X509_NAME_ENTRY_get_data(e);
+	str = (const char *)ASN1_STRING_get0_data(d);
+
+	return str;
+}
+
+static bool fill_pkcs7(const char *mem, off_t size,
+		       const struct module_signature *modsig, size_t sig_len,
+		       struct kmod_signature_info *sig_info)
+{
+	const char *pkcs7_raw;
+	CMS_ContentInfo *cms;
+	STACK_OF(CMS_SignerInfo) *sis;
+	CMS_SignerInfo *si;
+	int rc;
+	ASN1_OCTET_STRING *key_id;
+	X509_NAME *issuer;
+	ASN1_INTEGER *sno;
+	ASN1_OCTET_STRING *sig;
+	BIGNUM *sno_bn;
+	X509_ALGOR *dig_alg;
+	X509_ALGOR *sig_alg;
+	const ASN1_OBJECT *o;
+	BIO *in;
+	int len;
+	unsigned char *key_id_str;
+	struct pkcs7_private *pvt;
+	const char *issuer_str;
+
+	size -= sig_len;
+	pkcs7_raw = mem + size;
+
+	in = BIO_new_mem_buf(pkcs7_raw, sig_len);
+
+	cms = d2i_CMS_bio(in, NULL);
+	if (cms == NULL) {
+		BIO_free(in);
+		return false;
+	}
+
+	BIO_free(in);
+
+	sis = CMS_get0_SignerInfos(cms);
+	if (sis == NULL)
+		goto err;
+
+	si = sk_CMS_SignerInfo_value(sis, 0);
+	if (si == NULL)
+		goto err;
+
+	rc = CMS_SignerInfo_get0_signer_id(si, &key_id, &issuer, &sno);
+	if (rc == 0)
+		goto err;
+
+	sig = CMS_SignerInfo_get0_signature(si);
+	if (sig == NULL)
+		goto err;
+
+	CMS_SignerInfo_get0_algs(si, NULL, NULL, &dig_alg, &sig_alg);
+
+	sig_info->sig = (const char *)ASN1_STRING_get0_data(sig);
+	sig_info->sig_len = ASN1_STRING_length(sig);
+
+	sno_bn = ASN1_INTEGER_to_BN(sno, NULL);
+	if (sno_bn == NULL)
+		goto err;
+
+	len = BN_num_bytes(sno_bn);
+	key_id_str = malloc(len);
+	if (key_id_str == NULL)
+		goto err2;
+	BN_bn2bin(sno_bn, key_id_str);
+
+	sig_info->key_id = (const char *)key_id_str;
+	sig_info->key_id_len = len;
+
+	issuer_str = x509_name_to_str(issuer);
+	if (issuer_str != NULL) {
+		sig_info->signer = issuer_str;
+		sig_info->signer_len = strlen(issuer_str);
+	}
+
+	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
+
+	sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+	sig_info->id_type = pkey_id_type[modsig->id_type];
+
+	pvt = malloc(sizeof(*pvt));
+	if (pvt == NULL)
+		goto err3;
+
+	pvt->cms = cms;
+	pvt->key_id = key_id_str;
+	pvt->sno = sno_bn;
+	sig_info->private = pvt;
+
+	sig_info->free = pkcs7_free;
+
+	return true;
+err3:
+	free(key_id_str);
+err2:
+	BN_free(sno_bn);
+err:
+	CMS_ContentInfo_free(cms);
+	return false;
+}
+
+#else /* ENABLE OPENSSL */
+
+static bool fill_pkcs7(const char *mem, off_t size,
+		       const struct module_signature *modsig, size_t sig_len,
+		       struct kmod_signature_info *sig_info)
 {
 	sig_info->hash_algo = "unknown";
 	sig_info->id_type = pkey_id_type[modsig->id_type];
 	return true;
 }
 
+#endif /* ENABLE OPENSSL */
+
 #define SIG_MAGIC "~Module signature appended~\n"
 
 /*
@@ -167,8 +350,14 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
 
 	switch (modsig->id_type) {
 	case PKEY_ID_PKCS7:
-		return fill_unknown(mem, size, modsig, sig_len, sig_info);
+		return fill_pkcs7(mem, size, modsig, sig_len, sig_info);
 	default:
 		return fill_default(mem, size, modsig, sig_len, sig_info);
 	}
 }
+
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info)
+{
+	if (sig_info->free)
+		sig_info->free(sig_info);
+}
-- 
2.20.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH kmod v3 0/2] read pkcs7 signature with openssl
  2019-02-01 20:20 [PATCH kmod v3 0/2] read pkcs7 signature with openssl Yauheni Kaliuta
  2019-02-01 20:20 ` [PATCH kmod v3 1/2] testsuite: add modinfo pkcs7 signature test Yauheni Kaliuta
  2019-02-01 20:20 ` [PATCH kmod v3 2/2] libkmod-signature: implement pkcs7 parsing with openssl Yauheni Kaliuta
@ 2019-02-05 21:02 ` " Lucas De Marchi
  2 siblings, 0 replies; 4+ messages in thread
From: Lucas De Marchi @ 2019-02-05 21:02 UTC (permalink / raw)
  To: Yauheni Kaliuta; +Cc: linux-modules, ykaliuta, Lucas De Marchi

On Fri, Feb 1, 2019 at 12:55 PM Yauheni Kaliuta
<yauheni.kaliuta@redhat.com> wrote:
>
> The same as before but with the test.
>
> I found, that using _cleanup_() is more inconvenient, since it will
> require wrappers for the types as for _cleanup_free().
>
> Changelog:
>
> v1->v2 no changes, just non-rfc
> v2->v3 test added

Applied, thanks!
Lucas De Marchi

>
> Yauheni Kaliuta (2):
>   testsuite: add modinfo pkcs7 signature test
>   libkmod-signature: implement pkcs7 parsing with openssl
>
>  Makefile.am                                   |   4 +-
>  configure.ac                                  |  11 +
>  libkmod/libkmod-internal.h                    |   3 +
>  libkmod/libkmod-module.c                      |   3 +
>  libkmod/libkmod-signature.c                   | 197 +++++++++++++++++-
>  testsuite/module-playground/dummy.pkcs7       | Bin 0 -> 721 bytes
>  testsuite/populate-modules.sh                 |   9 +
>  .../test-modinfo/correct-sig_hashalgo.txt     |   2 +-
>  .../test-modinfo/correct-sig_key.txt          |   2 +-
>  .../test-modinfo/correct-signer.txt           |   2 +-
>  testsuite/test-modinfo.c                      |   3 +-
>  11 files changed, 227 insertions(+), 9 deletions(-)
>  create mode 100644 testsuite/module-playground/dummy.pkcs7
>
> --
> 2.20.1
>


-- 
Lucas De Marchi

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-01 20:20 [PATCH kmod v3 0/2] read pkcs7 signature with openssl Yauheni Kaliuta
2019-02-01 20:20 ` [PATCH kmod v3 1/2] testsuite: add modinfo pkcs7 signature test Yauheni Kaliuta
2019-02-01 20:20 ` [PATCH kmod v3 2/2] libkmod-signature: implement pkcs7 parsing with openssl Yauheni Kaliuta
2019-02-05 21:02 ` [PATCH kmod v3 0/2] read pkcs7 signature " Lucas De Marchi

Linux-Modules Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-modules/0 linux-modules/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-modules linux-modules/ https://lore.kernel.org/linux-modules \
		linux-modules@vger.kernel.org linux-modules@archiver.kernel.org
	public-inbox-index linux-modules


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-modules


AGPL code for this site: git clone https://public-inbox.org/ public-inbox