mk-rootfs.sh

hc

2023-12-11 072de836f53be56a70cecf70b43ae43b7ce17376

 kernel/security/integrity/digsig_asymmetric.c
..
..
@@ -1,16 +1,10 @@
1
+// SPDX-License-Identifier: GPL-2.0-only
1
2
 /*
2
3
  * Copyright (C) 2013 Intel Corporation
3
4
  *
4
5
  * Author:
5
6
  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
6
- *
7
- * This program is free software; you can redistribute it and/or modify
8
- * it under the terms of the GNU General Public License as published by
9
- * the Free Software Foundation, version 2 of the License.
10
- *
11
7
  */
12
-
13
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
8
 
15
9
 #include <linux/err.h>
16
10
 #include <linux/ratelimit.h>
..
..
@@ -39,7 +33,7 @@
39
33
 		key_ref_t kref;
40
34
 
41
35
 		kref = keyring_search(make_key_ref(key, 1),
42
-				     &key_type_asymmetric, name);
36
+				      &key_type_asymmetric, name, true);
43
37
 		if (!IS_ERR(kref)) {
44
38
 			pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
45
39
 			return ERR_PTR(-EKEYREJECTED);
..
..
@@ -51,7 +45,7 @@
51
45
 		key_ref_t kref;
52
46
 
53
47
 		kref = keyring_search(make_key_ref(keyring, 1),
54
-				      &key_type_asymmetric, name);
48
+				      &key_type_asymmetric, name, true);
55
49
 		if (IS_ERR(kref))
56
50
 			key = ERR_CAST(kref);
57
51
 		else
..
..
@@ -61,8 +55,14 @@
61
55
 	}
62
56
 
63
57
 	if (IS_ERR(key)) {
64
-		pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
65
-				   name, PTR_ERR(key));
58
+		if (keyring)
59
+			pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n",
60
+					   name, keyring->description,
61
+					   PTR_ERR(key));
62
+		else
63
+			pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
64
+					   name, PTR_ERR(key));
65
+
66
66
 		switch (PTR_ERR(key)) {
67
67
 			/* Hide some search errors */
68
68
 		case -EACCES:
..
..
@@ -85,7 +85,7 @@
85
85
 	struct public_key_signature pks;
86
86
 	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
87
87
 	struct key *key;
88
-	int ret = -ENOMEM;
88
+	int ret;
89
89
 
90
90
 	if (siglen <= sizeof(*hdr))
91
91
 		return -EBADMSG;
..
..
@@ -104,8 +104,24 @@
104
104
 
105
105
 	memset(&pks, 0, sizeof(pks));
106
106
 
107
-	pks.pkey_algo = "rsa";
108
107
 	pks.hash_algo = hash_algo_name[hdr->hash_algo];
108
+	switch (hdr->hash_algo) {
109
+	case HASH_ALGO_STREEBOG_256:
110
+	case HASH_ALGO_STREEBOG_512:
111
+		/* EC-RDSA and Streebog should go together. */
112
+		pks.pkey_algo = "ecrdsa";
113
+		pks.encoding = "raw";
114
+		break;
115
+	case HASH_ALGO_SM3_256:
116
+		/* SM2 and SM3 should go together. */
117
+		pks.pkey_algo = "sm2";
118
+		pks.encoding = "raw";
119
+		break;
120
+	default:
121
+		pks.pkey_algo = "rsa";
122
+		pks.encoding = "pkcs1";
123
+		break;
124
+	}
109
125
 	pks.digest = (u8 *)data;
110
126
 	pks.digest_size = datalen;
111
127
 	pks.s = hdr->sig;