From: David Howells <dhowells@redhat.com>
Date: Tue, 22 Jul 2014 20:54:05 +0000 (+0100)
Subject: Merge tag 'keys-pefile-20140709' into keys-next
X-Git-Tag: v3.17-rc1~108^2~10^2~3
X-Git-Url: http://git.cascardo.info/?a=commitdiff_plain;h=6204e0025566ad3992ce649d4f44b7e8cdde2293;p=cascardo%2Flinux.git

Merge tag 'keys-pefile-20140709' into keys-next

Here's a set of changes that implement a PE file signature checker.

This provides the following facility:

 (1) Extract the signature from the PE file.  This is a PKCS#7 message
     containing, as its data, a hash of the signed parts of the file.

 (2) Digest the signed parts of the file.

 (3) Compare the digest with the one from the PKCS#7 message.

 (4) Validate the signatures on the PKCS#7 message and indicate
     whether it was matched by a trusted key.

Signed-off-by: David Howells <dhowells@redhat.com>
---

6204e0025566ad3992ce649d4f44b7e8cdde2293