From: Luca Boccassi <bluca@debian.org>
Date: Sat, 8 Mar 2025 01:42:20 +0000 (+0000)
Subject: keyutil: support adding content into PKCS#7 signature (#36663)
X-Git-Tag: v258-rc1~1142
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d9208ff9a450a1dcb317efc35090846a0c84e09e;p=thirdparty%2Fsystemd.git

keyutil: support adding content into PKCS#7 signature (#36663)

Support including the data that was signed inside the PKCS#7 signature.
This creates a self-contained file where the signature of the data can
be verified without any other information, since the file contains the
data, signature, and certificate (which contains the public key used for
the signing).

One use case of this is IPE which requires a PKCS#7 signature that is
not "detached", i.e. includes the IPE configuration that has been
signed.

This also slightly adjusts the test case to use the x509 certificate
inside the PKCS#7 signature instead of supplying it externally during
verification.
---

d9208ff9a450a1dcb317efc35090846a0c84e09e