*/
int imgverify ( struct image *image, struct image *signature,
const char *name ) {
- size_t len;
- void *data;
+ struct asn1_cursor *data;
struct cms_signature *sig;
struct cms_signer_info *info;
time_t now;
+ int next;
int rc;
/* Mark image as untrusted */
image_untrust ( image );
- /* Copy signature to internal memory */
- len = signature->len;
- data = malloc ( len );
- if ( ! data ) {
- rc = -ENOMEM;
- goto err_alloc;
+ /* Get raw signature data */
+ next = image_asn1 ( signature, 0, &data );
+ if ( next < 0 ) {
+ rc = next;
+ goto err_asn1;
}
- copy_from_user ( data, signature->data, 0, len );
/* Parse signature */
- if ( ( rc = cms_signature ( data, len, &sig ) ) != 0 )
+ if ( ( rc = cms_signature ( data->data, data->len, &sig ) ) != 0 )
goto err_parse;
- /* Free internal copy of signature */
+ /* Free raw signature data */
free ( data );
data = NULL;
cms_put ( sig );
err_parse:
free ( data );
- err_alloc:
+ err_asn1:
syslog ( LOG_ERR, "Image \"%s\" signature bad: %s\n",
image->name, strerror ( rc ) );
return rc;
projects / thirdparty / ipxe.git / commitdiff
