signature: do not report wrong data for pkc#7 signature

when PKC#7 signing method is used the old structure doesn't contain
any useful data, but the data are encoded in the certificate.

The info getting/showing code is not aware of that at the moment and
since 0 is a valid constant, shows, for example, wrong "md4" for the
hash algo.

The patch splits the 2 mothods of gethering the info and reports
"unknown" for the algo.

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>

diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
index ee420f4..889f264 100644 (file)
--- a/libkmod/libkmod-module.c
+++ b/libkmod/libkmod-module.c
@@ -2273,7 +2273,7 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
        struct kmod_elf *elf;
        char **strings;
        int i, count, ret = -ENOMEM;
-       struct kmod_signature_info sig_info;
+       struct kmod_signature_info sig_info = {};
 
        if (mod == NULL || list == NULL)
                return -ENOENT;

diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 1f3e26d..429ffbd 100644 (file)
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -92,6 +92,38 @@ struct module_signature {
        uint32_t sig_len;    /* Length of signature data (big endian) */
 };
 
+static bool fill_default(const char *mem, off_t size,
+                        const struct module_signature *modsig, size_t sig_len,
+                        struct kmod_signature_info *sig_info)
+{
+       size -= sig_len;
+       sig_info->sig = mem + size;
+       sig_info->sig_len = sig_len;
+
+       size -= modsig->key_id_len;
+       sig_info->key_id = mem + size;
+       sig_info->key_id_len = modsig->key_id_len;
+
+       size -= modsig->signer_len;
+       sig_info->signer = mem + size;
+       sig_info->signer_len = modsig->signer_len;
+
+       sig_info->algo = pkey_algo[modsig->algo];
+       sig_info->hash_algo = pkey_hash_algo[modsig->hash];
+       sig_info->id_type = pkey_id_type[modsig->id_type];
+
+       return true;
+}
+
+static bool fill_unknown(const char *mem, off_t size,
+                        const struct module_signature *modsig, size_t sig_len,
+                        struct kmod_signature_info *sig_info)
+{
+       sig_info->hash_algo = "unknown";
+       sig_info->id_type = pkey_id_type[modsig->id_type];
+       return true;
+}
+
 #define SIG_MAGIC "~Module signature appended~\n"
 
 /*
@@ -112,7 +144,6 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
        const struct module_signature *modsig;
        size_t sig_len;
 
-
        size = kmod_file_get_size(file);
        mem = kmod_file_get_contents(file);
        if (size < (off_t)strlen(SIG_MAGIC))
@@ -134,21 +165,10 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
            size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
                return false;
 
-       size -= sig_len;
-       sig_info->sig = mem + size;
-       sig_info->sig_len = sig_len;
-
-       size -= modsig->key_id_len;
-       sig_info->key_id = mem + size;
-       sig_info->key_id_len = modsig->key_id_len;
-
-       size -= modsig->signer_len;
-       sig_info->signer = mem + size;
-       sig_info->signer_len = modsig->signer_len;
-
-       sig_info->algo = pkey_algo[modsig->algo];
-       sig_info->hash_algo = pkey_hash_algo[modsig->hash];
-       sig_info->id_type = pkey_id_type[modsig->id_type];
-
-       return true;
+       switch (modsig->id_type) {
+       case PKEY_ID_PKCS7:
+               return fill_unknown(mem, size, modsig, sig_len, sig_info);
+       default:
+               return fill_default(mem, size, modsig, sig_len, sig_info);
+       }
 }