From 95099d4622f8cb224d94e314c7a8e0df60b13f87 Mon Sep 17 00:00:00 2001
From: hc <hc@nodka.com>
Date: Sat, 09 Dec 2023 08:38:01 +0000
Subject: [PATCH] enable docker ppp

---
 kernel/crypto/asymmetric_keys/verify_pefile.c |   15 ++++++---------
 1 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/kernel/crypto/asymmetric_keys/verify_pefile.c b/kernel/crypto/asymmetric_keys/verify_pefile.c
index d178650..7553ab1 100644
--- a/kernel/crypto/asymmetric_keys/verify_pefile.c
+++ b/kernel/crypto/asymmetric_keys/verify_pefile.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /* Parse a signed PE binary
  *
  * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
  */
 
 #define pr_fmt(fmt) "PEFILE: "fmt
@@ -100,7 +96,7 @@
 
 	if (!ddir->certs.virtual_address || !ddir->certs.size) {
 		pr_debug("Unsigned PE binary\n");
-		return -EKEYREJECTED;
+		return -ENODATA;
 	}
 
 	chkaddr(ctx->header_size, ddir->certs.virtual_address,
@@ -354,7 +350,6 @@
 		goto error_no_desc;
 
 	desc->tfm   = tfm;
-	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
 	ret = crypto_shash_init(desc);
 	if (ret < 0)
 		goto error;
@@ -381,7 +376,7 @@
 	}
 
 error:
-	kzfree(desc);
+	kfree_sensitive(desc);
 error_no_desc:
 	crypto_free_shash(tfm);
 	kleave(" = %d", ret);
@@ -407,6 +402,8 @@
  *
  *  (*) 0 if at least one signature chain intersects with the keys in the trust
  *	keyring, or:
+ *
+ *  (*) -ENODATA if there is no signature present.
  *
  *  (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
  *	chain.
@@ -450,6 +447,6 @@
 	ret = pefile_digest_pe(pebuf, pelen, &ctx);
 
 error:
-	kzfree(ctx.digest);
+	kfree_sensitive(ctx.digest);
 	return ret;
 }

--
Gitblit v1.6.2