| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1416836587.25352.24.camel@dhcp-9-2-203-236.watson.ibm.com> Date: Mon, 24 Nov 2014 08:43:07 -0500 From: Mimi Zohar <zohar@...ux.vnet.ibm.com> To: David Howells <dhowells@...hat.com> Cc: mmarek@...e.cz, d.kasatkin@...sung.com, rusty@...tcorp.com.au, vgoyal@...hat.com, keyrings@...ux-nfs.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 3/5] PKCS#7: Allow detached data to be supplied for signature checking purposes On Mon, 2014-11-24 at 12:48 +0000, David Howells wrote: > Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote: > > > Ok, PCKS#7 supports detached data. I assume this is not needed for > > kernel modules. What is the motivation for adding this support to the > > kernel? > > See patch #5. I should probably note that in the commit message. This patch set does not change the syscall. The signature is still appended to the kernel module. In fact, the call from kernel/module_signing.c: mod_verify_pkcs7() calls pkcs7_supply_detached_data() with a pointer to the module and the module length to set the data field. pkcs7_supply_detached_data() would not be defined or exported, unless it was going to be called elsewhere. How else are you planning on using pkcs7_supply_detached_data()? Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists