Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them | David Howells | 2015-09-01 | 1 | -0/+9 |
| | | | | | | | | | | | | | | | | | Add OIDs for sha224, sha284 and sha512 hash algos and use them to select the hashing algorithm. Without this, something like the following error might get written to dmesg: [ 31.829322] PKCS7: Unknown OID: [32] 2.16.840.1.101.3.4.2.3 [ 31.829328] PKCS7: Unknown OID: [180] 2.16.840.1.101.3.4.2.3 [ 31.829330] Unsupported digest algo: 55 Where the 55 on the third line is OID__NR indicating an unknown OID. Reported-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu> Signed-off-by: David Howells <dhowells@redhat.com> Tested-By: Valdis Kletnieks <valdis.kletnieks@vt.edu> Signed-off-by: James Morris <james.l.morris@oracle.com> | ||||
* | pefile: Handle pesign using the wrong OID | Vivek Goyal | 2014-07-09 | 1 | -1/+7 |
| | | | | | | | | The pesign utility had a bug where it was using OID_msIndividualSPKeyPurpose instead of OID_msPeImageDataObjId - so allow both OIDs. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> | ||||
* | pefile: Parse the "Microsoft individual code signing" data blob | David Howells | 2014-07-09 | 1 | -0/+120 |
The PKCS#7 certificate should contain a "Microsoft individual code signing" data blob as its signed content. This blob contains a digest of the signed content of the PE binary and the OID of the digest algorithm used (typically SHA256). Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> |