evm: Allow non-SHA1 digital signatures

SHA1 is reasonable in HMAC constructs, but it's desirable to be able to use stronger hashes in digital signatures. Modify the EVM crypto code so the hash type is imported from the digital signature and passed down to the hash calculation code, and return the digest size to higher layers for validation. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
author: Matthew Garrett <mjg59@google.com> 2018-06-08 23:57:43 +0200
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-07-18 13:27:22 +0200
commit: 5feeb61183dde9d4f4026fd0d5801388c21d61a2 (patch)
tree: 6998490db3d17d7dffbfcc4d69d521c44f0fe8ac /security/integrity/evm/Kconfig
parent: evm: Don't deadlock if a crypto algorithm is unavailable (diff)
download: linux-5feeb61183dde9d4f4026fd0d5801388c21d61a2.tar.xz
linux-5feeb61183dde9d4f4026fd0d5801388c21d61a2.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig
index d593346d0bba..60221852b26a 100644
--- a/security/integrity/evm/Kconfig
+++ b/security/integrity/evm/Kconfig
@@ -4,6 +4,7 @@ config EVM
 	select ENCRYPTED_KEYS
 	select CRYPTO_HMAC
 	select CRYPTO_SHA1
+	select CRYPTO_HASH_INFO
 	default n
 	help
 	  EVM protects a file's security extended attributes against
author	Matthew Garrett <mjg59@google.com>	2018-06-08 23:57:43 +0200
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2018-07-18 13:27:22 +0200
commit	5feeb61183dde9d4f4026fd0d5801388c21d61a2 (patch)
tree	6998490db3d17d7dffbfcc4d69d521c44f0fe8ac /security/integrity/evm/Kconfig
parent	evm: Don't deadlock if a crypto algorithm is unavailable (diff)
download	linux-5feeb61183dde9d4f4026fd0d5801388c21d61a2.tar.xz linux-5feeb61183dde9d4f4026fd0d5801388c21d61a2.zip