On 5/25/20 4:54 PM, Eric Biggers wrote:
> From the 'fsverity' program, split out a library 'libfsverity'.
> Currently it supports computing file measurements ("digests"), and
> signing those file measurements for use with the fs-verity builtin
> signature verification feature.
>
> Rewritten from patches by Jes Sorensen <jsorensen@xxxxxx>.
> I made a lot of improvements; see patch 2 for details.
>
> This patchset can also be found at branch "libfsverity" of
> https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git/
>
> Changes v1 => v2:
> - Fold in the Makefile fixes from Jes
> - Rename libfsverity_digest_size() and libfsverity_hash_name()
> - Improve the documentation slightly
> - If a memory allocation fails, print the allocation size
> - Use EBADMSG for invalid cert or keyfile, not EINVAL
> - Make libfsverity_find_hash_alg_by_name() handle NULL
> - Avoid introducing compiler warnings with AOSP's default cflags
> - Don't assume that BIO_new_file() sets errno
> - Other small cleanups
>
> Eric Biggers (3):
> Split up cmd_sign.c
> Introduce libfsverity
> Add some basic test programs for libfsverity
Hi Eric,
Assuming you didn't make any big changes since the previous rev. I have
tested this here, and I can build an fsverity-utils RPM from it, and
build my RPM support with this version, so looks all good from my side.
One feature I would like to have, and this is what I confused in my
previous comments. In addition to a get_digset_size() function, it would
be really useful to also have a get_signature_size() function. This
would be really useful when trying to pre-allocate space for an array of
signatures, or is there no way to get that info from openssl without
creating an actual signature?
Cheers,
Jes
|