Merge tag 'keys-fixes-20171208' of...

	}

	}

	ret = pkcs7_check_authattrs(ctx->msg);

	ret = pkcs7_check_authattrs(ctx->msg);

	if (ret < 0)

	if (ret < 0) {

		msg = ERR_PTR(ret);

		goto out;

		goto out;

	}

	msg = ctx->msg;

	msg = ctx->msg;

	ctx->msg = NULL;

	ctx->msg = NULL;

		 /* Self-signed certificates form roots of their own, and if we

		 /* Self-signed certificates form roots of their own, and if we

		  * don't know them, then we can't accept them.

		  * don't know them, then we can't accept them.

		  */

		  */

		if (x509->next == x509) {

		if (x509->signer == x509) {

			kleave(" = -ENOKEY [unknown self-signed]");

			kleave(" = -ENOKEY [unknown self-signed]");

			return -ENOKEY;

			return -ENOKEY;

		}

		}

	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;

	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;

	/* Digest the message [RFC2315 9.3] */

	/* Digest the message [RFC2315 9.3] */

	ret = crypto_shash_init(desc);

	ret = crypto_shash_digest(desc, pkcs7->data, pkcs7->data_len,

	if (ret < 0)

		goto error;

	ret = crypto_shash_finup(desc, pkcs7->data, pkcs7->data_len,

				  sig->digest);

				  sig->digest);

	if (ret < 0)

	if (ret < 0)

		goto error;

		goto error;

		pr_devel("Sig %u: Found cert serial match X.509[%u]\n",

		pr_devel("Sig %u: Found cert serial match X.509[%u]\n",

			 sinfo->index, certix);

			 sinfo->index, certix);

		if (x509->pub->pkey_algo != sinfo->sig->pkey_algo) {

		if (strcmp(x509->pub->pkey_algo, sinfo->sig->pkey_algo) != 0) {

			pr_warn("Sig %u: X.509 algo and PKCS#7 sig algo don't match\n",

			pr_warn("Sig %u: X.509 algo and PKCS#7 sig algo don't match\n",

				sinfo->index);

				sinfo->index);

			continue;

			continue;

	char alg_name_buf[CRYPTO_MAX_ALG_NAME];

	char alg_name_buf[CRYPTO_MAX_ALG_NAME];

	void *output;

	void *output;

	unsigned int outlen;

	unsigned int outlen;

	int ret = -ENOMEM;

	int ret;

	pr_devel("==>%s()\n", __func__);

	pr_devel("==>%s()\n", __func__);

	if (IS_ERR(tfm))

	if (IS_ERR(tfm))

		return PTR_ERR(tfm);

		return PTR_ERR(tfm);

	ret = -ENOMEM;

	req = akcipher_request_alloc(tfm, GFP_KERNEL);

	req = akcipher_request_alloc(tfm, GFP_KERNEL);

	if (!req)

	if (!req)

		goto error_free_tfm;

		goto error_free_tfm;

	 * signature and returns that to us.

	 * signature and returns that to us.

	 */

	 */

	ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);

	ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);

	if (ret < 0)

	if (ret)

		goto out_free_output;

		goto out_free_output;

	/* Do the actual verification step. */

	/* Do the actual verification step. */

error_free_tfm:

error_free_tfm:

	crypto_free_akcipher(tfm);

	crypto_free_akcipher(tfm);

	pr_devel("<==%s() = %d\n", __func__, ret);

	pr_devel("<==%s() = %d\n", __func__, ret);

	if (WARN_ON_ONCE(ret > 0))

		ret = -EINVAL;

	return ret;

	return ret;

}

}

EXPORT_SYMBOL_GPL(public_key_verify_signature);

EXPORT_SYMBOL_GPL(public_key_verify_signature);

	ctx->cert->pub->pkey_algo = "rsa";

	ctx->cert->pub->pkey_algo = "rsa";

	/* Discard the BIT STRING metadata */

	/* Discard the BIT STRING metadata */

	if (vlen < 1 || *(const u8 *)value != 0)

		return -EBADMSG;

	ctx->key = value + 1;

	ctx->key = value + 1;

	ctx->key_size = vlen - 1;

	ctx->key_size = vlen - 1;

	return 0;

	return 0;