xref: /kernel/linux/linux-6.6/crypto/asymmetric_keys/pkcs7_verify.c

25 	struct public_key_signature *sig = sinfo->sig;
31 	kenter(",%u,%s", sinfo->index, sinfo->sig->hash_algo);
34 	if (sig->digest)
37 	if (!sinfo->sig->hash_algo)
43 	tfm = crypto_alloc_shash(sinfo->sig->hash_algo, 0, 0);
48 	sig->digest_size = crypto_shash_digestsize(tfm);
51 	sig->digest = kmalloc(sig->digest_size, GFP_KERNEL);
52 	if (!sig->digest)
63 				  sig->digest);
66 	pr_devel("MsgDigest = [%*ph]\n", 8, sig->digest);
81 		if (sinfo->msgdigest_len != sig->digest_size) {
88 		if (memcmp(sig->digest, sinfo->msgdigest,
101 		memset(sig->digest, 0, sig->digest_size);
111 					 sinfo->authattrs_len, sig->digest);
114 		pr_devel("AADigest = [%*ph]\n", 8, sig->digest);
141 	*buf = sinfo->sig->digest;
142 	*len = sinfo->sig->digest_size;
145 			 sinfo->sig->hash_algo);
172 		if (!asymmetric_key_id_same(x509->id, sinfo->sig->auth_ids[0]))
186 		 sinfo->sig->auth_ids[0]->len, sinfo->sig->auth_ids[0]->data);
196 	struct public_key_signature *sig;
224 		sig = x509->sig;
225 		if (sig->auth_ids[0])
227 				 sig->auth_ids[0]->len, sig->auth_ids[0]->data);
228 		if (sig->auth_ids[1])
230 				 sig->auth_ids[1]->len, sig->auth_ids[1]->data);
248 		auth = sig->auth_ids[0];
257 		} else if (sig->auth_ids[1]) {
258 			auth = sig->auth_ids[1];
278 		if (sig->auth_ids[1] &&
279 		    !asymmetric_key_id_same(p->skid, sig->auth_ids[1])) {
291 		ret = public_key_verify_signature(p->pub, x509->sig);
338 	pr_devel("Using X.509[%u] for sig %u\n",
354 	ret = public_key_verify_signature(sinfo->signer->pub, sinfo->sig);
406 			pr_warn("Invalid module sig (not pkcs7-data)\n");
410 			pr_warn("Invalid module sig (has authattrs)\n");
416 			pr_warn("Invalid firmware sig (not pkcs7-data)\n");
420 			pr_warn("Invalid firmware sig (missing authattrs)\n");
426 			pr_warn("Invalid kexec sig (not Authenticode)\n");
433 			pr_warn("Invalid unspecified sig (not pkcs7-data)\n");

Indexes created Thu Nov 07 10:32:03 CST 2024