add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/crypto/asymmetric_keys/pkcs7_verify.c
..
..
@@ -1,12 +1,8 @@
1
+// SPDX-License-Identifier: GPL-2.0-or-later
1
2
 /* Verify the signature on a PKCS#7 message.
2
3
  *
3
4
  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4
5
  * Written by David Howells (dhowells@redhat.com)
5
- *
6
- * This program is free software; you can redistribute it and/or
7
- * modify it under the terms of the GNU General Public Licence
8
- * as published by the Free Software Foundation; either version
9
- * 2 of the Licence, or (at your option) any later version.
10
6
  */
11
7
 
12
8
 #define pr_fmt(fmt) "PKCS7: "fmt
..
..
@@ -16,6 +12,7 @@
16
12
 #include <linux/err.h>
17
13
 #include <linux/asn1.h>
18
14
 #include <crypto/hash.h>
15
+#include <crypto/hash_info.h>
19
16
 #include <crypto/public_key.h>
20
17
 #include "pkcs7_parser.h"
21
18
 
..
..
@@ -32,6 +29,10 @@
32
29
 	int ret;
33
30
 
34
31
 	kenter(",%u,%s", sinfo->index, sinfo->sig->hash_algo);
32
+
33
+	/* The digest was calculated already. */
34
+	if (sig->digest)
35
+		return 0;
35
36
 
36
37
 	if (!sinfo->sig->hash_algo)
37
38
 		return -ENOPKG;
..
..
@@ -56,7 +57,6 @@
56
57
 		goto error_no_desc;
57
58
 
58
59
 	desc->tfm   = tfm;
59
-	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
60
60
 
61
61
 	/* Digest the message [RFC2315 9.3] */
62
62
 	ret = crypto_shash_digest(desc, pkcs7->data, pkcs7->data_len,
..
..
@@ -79,16 +79,16 @@
79
79
 		}
80
80
 
81
81
 		if (sinfo->msgdigest_len != sig->digest_size) {
82
-			pr_debug("Sig %u: Invalid digest size (%u)\n",
83
-				 sinfo->index, sinfo->msgdigest_len);
82
+			pr_warn("Sig %u: Invalid digest size (%u)\n",
83
+				sinfo->index, sinfo->msgdigest_len);
84
84
 			ret = -EBADMSG;
85
85
 			goto error;
86
86
 		}
87
87
 
88
88
 		if (memcmp(sig->digest, sinfo->msgdigest,
89
89
 			   sinfo->msgdigest_len) != 0) {
90
-			pr_debug("Sig %u: Message digest doesn't match\n",
91
-				 sinfo->index);
90
+			pr_warn("Sig %u: Message digest doesn't match\n",
91
+				sinfo->index);
92
92
 			ret = -EKEYREJECTED;
93
93
 			goto error;
94
94
 		}
..
..
@@ -120,6 +120,34 @@
120
120
 	crypto_free_shash(tfm);
121
121
 	kleave(" = %d", ret);
122
122
 	return ret;
123
+}
124
+
125
+int pkcs7_get_digest(struct pkcs7_message *pkcs7, const u8 **buf, u32 *len,
126
+		     enum hash_algo *hash_algo)
127
+{
128
+	struct pkcs7_signed_info *sinfo = pkcs7->signed_infos;
129
+	int i, ret;
130
+
131
+	/*
132
+	 * This function doesn't support messages with more than one signature.
133
+	 */
134
+	if (sinfo == NULL || sinfo->next != NULL)
135
+		return -EBADMSG;
136
+
137
+	ret = pkcs7_digest(pkcs7, sinfo);
138
+	if (ret)
139
+		return ret;
140
+
141
+	*buf = sinfo->sig->digest;
142
+	*len = sinfo->sig->digest_size;
143
+
144
+	for (i = 0; i < HASH_ALGO__LAST; i++)
145
+		if (!strcmp(hash_algo_name[i], sinfo->sig->hash_algo)) {
146
+			*hash_algo = i;
147
+			break;
148
+		}
149
+
150
+	return 0;
123
151
 }
124
152
 
125
153
 /*
..
..
@@ -460,7 +488,7 @@
460
488
 			       const void *data, size_t datalen)
461
489
 {
462
490
 	if (pkcs7->data) {
463
-		pr_debug("Data already supplied\n");
491
+		pr_warn("Data already supplied\n");
464
492
 		return -EINVAL;
465
493
 	}
466
494
 	pkcs7->data = data;