~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,12 +1,8 @@
	1	+// SPDX-License-Identifier: GPL-2.0-or-later
1	2	/* Parse a signed PE binary
2	3	*
3	4	* Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
4	5	* Written by David Howells (dhowells@redhat.com)
5		- *
6		- * This program is free software; you can redistribute it and/or
7		- * modify it under the terms of the GNU General Public Licence
8		- * as published by the Free Software Foundation; either version
9		- * 2 of the Licence, or (at your option) any later version.
10	6	*/
11	7
12	8	#define pr_fmt(fmt) "PEFILE: "fmt
..	..	@@ -100,7 +96,7 @@
100	96
101	97	if (!ddir->certs.virtual_address \|\| !ddir->certs.size) {
102	98	pr_debug("Unsigned PE binary\n");
103		- return -EKEYREJECTED;
	99	+ return -ENODATA;
104	100	}
105	101
106	102	chkaddr(ctx->header_size, ddir->certs.virtual_address,
..	..	@@ -354,7 +350,6 @@
354	350	goto error_no_desc;
355	351
356	352	desc->tfm = tfm;
357		- desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
358	353	ret = crypto_shash_init(desc);
359	354	if (ret < 0)
360	355	goto error;
..	..	@@ -381,7 +376,7 @@
381	376	}
382	377
383	378	error:
384		- kzfree(desc);
	379	+ kfree_sensitive(desc);
385	380	error_no_desc:
386	381	crypto_free_shash(tfm);
387	382	kleave(" = %d", ret);
..	..	@@ -407,6 +402,8 @@
407	402	*
408	403	* (*) 0 if at least one signature chain intersects with the keys in the trust
409	404	* keyring, or:
	405	+ *
	406	+ * (*) -ENODATA if there is no signature present.
410	407	*
411	408	* (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
412	409	* chain.
..	..	@@ -450,6 +447,6 @@
450	447	ret = pefile_digest_pe(pebuf, pelen, &ctx);
451	448
452	449	error:
453		- kzfree(ctx.digest);
	450	+ kfree_sensitive(ctx.digest);
454	451	return ret;
455	452	}