In Linux Kernel 2.6.19, major changes have taken place in the security hashing infrastructure. Hence, a patch is required to upgrade the older digsig module to current kernel interfaces. digsig-1.5 supported only kernels till 2.6.16. The digsig-1.5-rev has all the required changes for switching between crypto_digest to crypto_hash infrastructure. And it gets compiled and works fine with the 2.6.19 and above kernels.
You'll find them on our home page, disec.sourceforge.net
It turned out that we had a bug in signature verification. We fixed that bug. If you're running 1.4.0 please consider switching t0 1.4.1.
You probably already know the news ;-)
In addition, the home page has been updated.
Two new papers added + information concerning DigSig major milestones.
You can read details at http://disec.sourceforge.net/docs/digsig.pdf .
This is a working document (~draft).
Thanks to Serge Hallyn who did all the coding for this new release, we have a new DigSig release with caching now supported at kernel level.
Added to README:
From release 1.2, the caching of signatures at kernel level is supported.
Once the signature of a binary is verified, its signature is cached in the
kernel memory. Therefore, there is no need for signature verification in
subsequent calls to this binary.
When a binary file is modified, the corresponding cache entry in the memory
Vincent did a little bug fix, which eliminates one extra useless signature verification for shared libraries. As the changes were small but the improvement is important: the signature verification time is divided by two, I did a new release DigSig 1.1.