summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/hci/commands/image_trust_cmd.c1
-rw-r--r--src/usr/imgtrust.c22
2 files changed, 11 insertions, 12 deletions
diff --git a/src/hci/commands/image_trust_cmd.c b/src/hci/commands/image_trust_cmd.c
index f9d6b5b3..03e3e443 100644
--- a/src/hci/commands/image_trust_cmd.c
+++ b/src/hci/commands/image_trust_cmd.c
@@ -181,3 +181,4 @@ REQUIRE_OBJECT ( rsa );
REQUIRE_OBJECT ( md5 );
REQUIRE_OBJECT ( sha1 );
REQUIRE_OBJECT ( sha256 );
+REQUIRE_OBJECT ( der );
diff --git a/src/usr/imgtrust.c b/src/usr/imgtrust.c
index a269833a..595ea6b2 100644
--- a/src/usr/imgtrust.c
+++ b/src/usr/imgtrust.c
@@ -50,30 +50,28 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
*/
int imgverify ( struct image *image, struct image *signature,
const char *name ) {
- size_t len;
- void *data;
+ struct asn1_cursor *data;
struct cms_signature *sig;
struct cms_signer_info *info;
time_t now;
+ int next;
int rc;
/* Mark image as untrusted */
image_untrust ( image );
- /* Copy signature to internal memory */
- len = signature->len;
- data = malloc ( len );
- if ( ! data ) {
- rc = -ENOMEM;
- goto err_alloc;
+ /* Get raw signature data */
+ next = image_asn1 ( signature, 0, &data );
+ if ( next < 0 ) {
+ rc = next;
+ goto err_asn1;
}
- copy_from_user ( data, signature->data, 0, len );
/* Parse signature */
- if ( ( rc = cms_signature ( data, len, &sig ) ) != 0 )
+ if ( ( rc = cms_signature ( data->data, data->len, &sig ) ) != 0 )
goto err_parse;
- /* Free internal copy of signature */
+ /* Free raw signature data */
free ( data );
data = NULL;
@@ -107,7 +105,7 @@ int imgverify ( struct image *image, struct image *signature,
cms_put ( sig );
err_parse:
free ( data );
- err_alloc:
+ err_asn1:
syslog ( LOG_ERR, "Image \"%s\" signature bad: %s\n",
image->name, strerror ( rc ) );
return rc;