libkmod-signature: implement pkcs7 parsing with openssl The patch adds data fetching from the PKCS#7 certificate using openssl library (which is used by scripts/sign-file.c in the linux kernel to sign modules). In general the certificate can contain many signatures, but since kmod (modinfo) supports only one signature at the moment, only first one is taken. With the current sign-file.c certificate doesn't contain signer key's fingerprint, so "serial number" is used for the key id. Signed-off-by: Yauheni Kaliuta <[email protected]>

commit: 391b4714b495183baefa9cb10ac8e1600c166a59 [log] [tgz]
author: Yauheni Kaliuta <[email protected]> Fri Feb 01 22:20:02 2019 +0200
committer: Lucas De Marchi <[email protected]> Mon Feb 04 13:51:27 2019 -0800
tree: a674ab2034405859716de1e75b5d15f6f4be5de5
parent: dec990483bcb5f36557ab34918256a2251a6cf25 [diff] [blame]
diff --git a/configure.ac b/configure.ac
index fbc7391..2e33380 100644
--- a/configure.ac
+++ b/configure.ac

@@ -106,6 +106,17 @@
 ])
 CC_FEATURE_APPEND([with_features], [with_zlib], [ZLIB])
 
+AC_ARG_WITH([openssl],
+	AS_HELP_STRING([--with-openssl], [handle PKCS7 signatures @<:@default=disabled@:>@]),
+	[], [with_openssl=no])
+AS_IF([test "x$with_openssl" != "xno"], [
+	PKG_CHECK_MODULES([openssl], [openssl])
+	AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
+], [
+	AC_MSG_NOTICE([openssl support not requested])
+])
+CC_FEATURE_APPEND([with_features], [with_openssl], [OPENSSL])
+
 AC_ARG_WITH([bashcompletiondir],
 	AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]),
 	[],
commit	391b4714b495183baefa9cb10ac8e1600c166a59	[log] [tgz]
author	Yauheni Kaliuta <[email protected]>	Fri Feb 01 22:20:02 2019 +0200
committer	Lucas De Marchi <[email protected]>	Mon Feb 04 13:51:27 2019 -0800
tree	a674ab2034405859716de1e75b5d15f6f4be5de5
parent	dec990483bcb5f36557ab34918256a2251a6cf25 [diff] [blame]