pefile: Parse the presumed PKCS#7 content of the certificate blob
Parse the content of the certificate blob, presuming it to be PKCS#7 format. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org>hifive-unleashed-5.1
parent
09dacbbda9
commit
3968280c76
|
@ -216,7 +216,10 @@ static int pefile_strip_sig_wrapper(const void *pebuf,
|
||||||
int verify_pefile_signature(const void *pebuf, unsigned pelen,
|
int verify_pefile_signature(const void *pebuf, unsigned pelen,
|
||||||
struct key *trusted_keyring, bool *_trusted)
|
struct key *trusted_keyring, bool *_trusted)
|
||||||
{
|
{
|
||||||
|
struct pkcs7_message *pkcs7;
|
||||||
struct pefile_context ctx;
|
struct pefile_context ctx;
|
||||||
|
const void *data;
|
||||||
|
size_t datalen;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
kenter("");
|
kenter("");
|
||||||
|
@ -230,5 +233,21 @@ int verify_pefile_signature(const void *pebuf, unsigned pelen,
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
return -ENOANO; // Not yet complete
|
pkcs7 = pkcs7_parse_message(pebuf + ctx.sig_offset, ctx.sig_len);
|
||||||
|
if (IS_ERR(pkcs7))
|
||||||
|
return PTR_ERR(pkcs7);
|
||||||
|
ctx.pkcs7 = pkcs7;
|
||||||
|
|
||||||
|
ret = pkcs7_get_content_data(ctx.pkcs7, &data, &datalen, false);
|
||||||
|
if (ret < 0 || datalen == 0) {
|
||||||
|
pr_devel("PKCS#7 message does not contain data\n");
|
||||||
|
ret = -EBADMSG;
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = -ENOANO; // Not yet complete
|
||||||
|
|
||||||
|
error:
|
||||||
|
pkcs7_free_message(ctx.pkcs7);
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue