diff options
-rw-r--r-- | src/hci/commands/image_trust_cmd.c | 1 | ||||
-rw-r--r-- | src/usr/imgtrust.c | 22 |
2 files changed, 11 insertions, 12 deletions
diff --git a/src/hci/commands/image_trust_cmd.c b/src/hci/commands/image_trust_cmd.c index f9d6b5b3..03e3e443 100644 --- a/src/hci/commands/image_trust_cmd.c +++ b/src/hci/commands/image_trust_cmd.c @@ -181,3 +181,4 @@ REQUIRE_OBJECT ( rsa ); REQUIRE_OBJECT ( md5 ); REQUIRE_OBJECT ( sha1 ); REQUIRE_OBJECT ( sha256 ); +REQUIRE_OBJECT ( der ); diff --git a/src/usr/imgtrust.c b/src/usr/imgtrust.c index a269833a..595ea6b2 100644 --- a/src/usr/imgtrust.c +++ b/src/usr/imgtrust.c @@ -50,30 +50,28 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); */ int imgverify ( struct image *image, struct image *signature, const char *name ) { - size_t len; - void *data; + struct asn1_cursor *data; struct cms_signature *sig; struct cms_signer_info *info; time_t now; + int next; int rc; /* Mark image as untrusted */ image_untrust ( image ); - /* Copy signature to internal memory */ - len = signature->len; - data = malloc ( len ); - if ( ! data ) { - rc = -ENOMEM; - goto err_alloc; + /* Get raw signature data */ + next = image_asn1 ( signature, 0, &data ); + if ( next < 0 ) { + rc = next; + goto err_asn1; } - copy_from_user ( data, signature->data, 0, len ); /* Parse signature */ - if ( ( rc = cms_signature ( data, len, &sig ) ) != 0 ) + if ( ( rc = cms_signature ( data->data, data->len, &sig ) ) != 0 ) goto err_parse; - /* Free internal copy of signature */ + /* Free raw signature data */ free ( data ); data = NULL; @@ -107,7 +105,7 @@ int imgverify ( struct image *image, struct image *signature, cms_put ( sig ); err_parse: free ( data ); - err_alloc: + err_asn1: syslog ( LOG_ERR, "Image \"%s\" signature bad: %s\n", image->name, strerror ( rc ) ); return rc; |