diff options
| author | David Howells <dhowells@redhat.com> | 2014-07-01 16:02:52 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2014-07-09 14:58:37 +0100 |
| commit | d93f05b21d04eab7ed1a289c7731163641be8dc6 (patch) | |
| tree | b47932f2668b40e65eab8d9f0018670fbd5b7e77 /crypto/asymmetric_keys/verify_pefile.c | |
| parent | d7af7bf33973646356d3e51bdc610cbfa7dd8359 (diff) | |
| download | linux-crypto-d93f05b21d04eab7ed1a289c7731163641be8dc6.tar.gz linux-crypto-d93f05b21d04eab7ed1a289c7731163641be8dc6.zip | |
pefile: Parse the "Microsoft individual code signing" data blob
The PKCS#7 certificate should contain a "Microsoft individual code signing"
data blob as its signed content. This blob contains a digest of the signed
content of the PE binary and the OID of the digest algorithm used (typically
SHA256).
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'crypto/asymmetric_keys/verify_pefile.c')
| -rw-r--r-- | crypto/asymmetric_keys/verify_pefile.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/verify_pefile.c b/crypto/asymmetric_keys/verify_pefile.c index 13f3b44b..b975918e 100644 --- a/crypto/asymmetric_keys/verify_pefile.c +++ b/crypto/asymmetric_keys/verify_pefile.c @@ -245,6 +245,13 @@ int verify_pefile_signature(const void *pebuf, unsigned pelen, goto error; } + ret = mscode_parse(&ctx); + if (ret < 0) + goto error; + + pr_debug("Digest: %u [%*ph]\n", + ctx.digest_len, ctx.digest_len, ctx.digest); + ret = -ENOANO; // Not yet complete error: |