From patchwork Wed Jan 19 00:54:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 533314 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6FCE2C433F5 for ; Wed, 19 Jan 2022 00:55:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350557AbiASAzT (ORCPT ); Tue, 18 Jan 2022 19:55:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59024 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350548AbiASAzN (ORCPT ); Tue, 18 Jan 2022 19:55:13 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B883C06161C; Tue, 18 Jan 2022 16:55:13 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id C84A7B81885; Wed, 19 Jan 2022 00:55:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 72FA0C340E1; Wed, 19 Jan 2022 00:55:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1642553710; bh=rb+O0SIqp5Z+z4HFDmDXdb3wb/csapN78484TLCkbEo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WrwzqAn45h5H8EoZrU+sYvnvTIsMpejx2elue6SRy7hjIZyg9it3DAdaR8VTPGU2N 5wfHnan0T1+IW96JirohnexP25H203aNGwoHQrcf35o4lFgEHIkal6lFqTXBDWEQs7 ydKrk1fddFpzYdE6HqcXCIPrw6MzhZDQSHWnkMpNfWlvb5gGH3oOaZzScL/MXIw/9f d6QZU9/bacWaCBaAoj1prPB/QFVA6bUIAFC7z/ZhtUPRFrCQ8fZTQ/tlLzuj9m+ph0 WbWJH4D4mzsNq+57IxMYjHB23npn/gMDsVFb9uJT1x6poKDNHGr4shY5SxrPirHakg axDWTdjP/QlaQ== From: Eric Biggers To: keyrings@vger.kernel.org, David Howells , Jarkko Sakkinen Cc: linux-crypto@vger.kernel.org Subject: [PATCH v2 1/4] KEYS: x509: clearly distinguish between key and signature algorithms Date: Tue, 18 Jan 2022 16:54:33 -0800 Message-Id: <20220119005436.119072-2-ebiggers@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220119005436.119072-1-ebiggers@kernel.org> References: <20220119005436.119072-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org From: Eric Biggers An X.509 certificate has two, potentially different public key algorithms: the one used by the certificate's key, and the one that was used to sign the certificate. Some of the naming made it unclear which algorithm was meant. Rename things appropriately: - x509_note_pkey_algo() => x509_note_sig_algo() - algo_oid => sig_algo Acked-by: Jarkko Sakkinen Signed-off-by: Eric Biggers --- crypto/asymmetric_keys/x509.asn1 | 2 +- crypto/asymmetric_keys/x509_cert_parser.c | 32 +++++++++++++---------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/crypto/asymmetric_keys/x509.asn1 b/crypto/asymmetric_keys/x509.asn1 index 5c9f4e4a52310..92d59c32f96a8 100644 --- a/crypto/asymmetric_keys/x509.asn1 +++ b/crypto/asymmetric_keys/x509.asn1 @@ -7,7 +7,7 @@ Certificate ::= SEQUENCE { TBSCertificate ::= SEQUENCE { version [ 0 ] Version DEFAULT, serialNumber CertificateSerialNumber ({ x509_note_serial }), - signature AlgorithmIdentifier ({ x509_note_pkey_algo }), + signature AlgorithmIdentifier ({ x509_note_sig_algo }), issuer Name ({ x509_note_issuer }), validity Validity, subject Name ({ x509_note_subject }), diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 083405eb80c32..aec2396a7f7e1 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -24,9 +24,9 @@ struct x509_parse_context { size_t key_size; /* Size of key data */ const void *params; /* Key parameters */ size_t params_size; /* Size of key parameters */ - enum OID key_algo; /* Public key algorithm */ + enum OID key_algo; /* Algorithm used by the cert's key */ enum OID last_oid; /* Last OID encountered */ - enum OID algo_oid; /* Algorithm OID */ + enum OID sig_algo; /* Algorithm used to sign the cert */ unsigned char nr_mpi; /* Number of MPIs stored */ u8 o_size; /* Size of organizationName (O) */ u8 cn_size; /* Size of commonName (CN) */ @@ -187,11 +187,10 @@ int x509_note_tbs_certificate(void *context, size_t hdrlen, } /* - * Record the public key algorithm + * Record the algorithm that was used to sign this certificate. */ -int x509_note_pkey_algo(void *context, size_t hdrlen, - unsigned char tag, - const void *value, size_t vlen) +int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) { struct x509_parse_context *ctx = context; @@ -263,22 +262,22 @@ int x509_note_pkey_algo(void *context, size_t hdrlen, rsa_pkcs1: ctx->cert->sig->pkey_algo = "rsa"; ctx->cert->sig->encoding = "pkcs1"; - ctx->algo_oid = ctx->last_oid; + ctx->sig_algo = ctx->last_oid; return 0; ecrdsa: ctx->cert->sig->pkey_algo = "ecrdsa"; ctx->cert->sig->encoding = "raw"; - ctx->algo_oid = ctx->last_oid; + ctx->sig_algo = ctx->last_oid; return 0; sm2: ctx->cert->sig->pkey_algo = "sm2"; ctx->cert->sig->encoding = "raw"; - ctx->algo_oid = ctx->last_oid; + ctx->sig_algo = ctx->last_oid; return 0; ecdsa: ctx->cert->sig->pkey_algo = "ecdsa"; ctx->cert->sig->encoding = "x962"; - ctx->algo_oid = ctx->last_oid; + ctx->sig_algo = ctx->last_oid; return 0; } @@ -291,11 +290,16 @@ int x509_note_signature(void *context, size_t hdrlen, { struct x509_parse_context *ctx = context; - pr_debug("Signature type: %u size %zu\n", ctx->last_oid, vlen); + pr_debug("Signature: alg=%u, size=%zu\n", ctx->last_oid, vlen); - if (ctx->last_oid != ctx->algo_oid) { - pr_warn("Got cert with pkey (%u) and sig (%u) algorithm OIDs\n", - ctx->algo_oid, ctx->last_oid); + /* + * In X.509 certificates, the signature's algorithm is stored in two + * places: inside the TBSCertificate (the data that is signed), and + * alongside the signature. These *must* match. + */ + if (ctx->last_oid != ctx->sig_algo) { + pr_warn("signatureAlgorithm (%u) differs from tbsCertificate.signature (%u)\n", + ctx->last_oid, ctx->sig_algo); return -EINVAL; } From patchwork Wed Jan 19 00:54:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 533315 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 21970C433FE for ; Wed, 19 Jan 2022 00:55:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350544AbiASAzQ (ORCPT ); Tue, 18 Jan 2022 19:55:16 -0500 Received: from dfw.source.kernel.org ([139.178.84.217]:48998 "EHLO dfw.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235175AbiASAzL (ORCPT ); Tue, 18 Jan 2022 19:55:11 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 759BF614E5; Wed, 19 Jan 2022 00:55:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B995FC340E8; Wed, 19 Jan 2022 00:55:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1642553710; bh=Q3aJjH/E5Ajrhe5cHzf5q8Q185H2+XYtPfYn3TlUhao=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rJiChSl2hY594sx4tqxqlxlZFtn7enUiXnwMhInGpHax5iILZO8wKMqehJIgtarUZ D9cTwSLU5T+gGMnEJKsV+iC/Zxl3psEYKNG/tlA0hTnWwDje/grU4b5AFbO07LXGFL ee+zO+ngocqNDn8Ra0Hrs0Xc3H1PwYTb0NHQMaDGCD4LFjVgm7lTC/L2Lj/OEE1t5z YURRrZzX6N8WTOj3bQZRTrLjHKOrHegCrqppbtKtgZ+GSW6FaRYk03IUoomK7YhOkq nJaCfDEEZdjoCrvzFQnWeJIHSqBYnYZsaEdF67SLCLmsxc/l4zn1DOVGYiQRDeMtJU M/SLX/FMjg/+Q== From: Eric Biggers To: keyrings@vger.kernel.org, David Howells , Jarkko Sakkinen Cc: linux-crypto@vger.kernel.org Subject: [PATCH v2 2/4] KEYS: x509: remove unused fields Date: Tue, 18 Jan 2022 16:54:34 -0800 Message-Id: <20220119005436.119072-3-ebiggers@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220119005436.119072-1-ebiggers@kernel.org> References: <20220119005436.119072-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org From: Eric Biggers Remove unused fields from struct x509_parse_context. Acked-by: Jarkko Sakkinen Signed-off-by: Eric Biggers --- crypto/asymmetric_keys/x509_cert_parser.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index aec2396a7f7e1..2899ed80bb18e 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -19,7 +19,6 @@ struct x509_parse_context { struct x509_certificate *cert; /* Certificate being constructed */ unsigned long data; /* Start of data */ - const void *cert_start; /* Start of cert content */ const void *key; /* Key data */ size_t key_size; /* Size of key data */ const void *params; /* Key parameters */ @@ -27,7 +26,6 @@ struct x509_parse_context { enum OID key_algo; /* Algorithm used by the cert's key */ enum OID last_oid; /* Last OID encountered */ enum OID sig_algo; /* Algorithm used to sign the cert */ - unsigned char nr_mpi; /* Number of MPIs stored */ u8 o_size; /* Size of organizationName (O) */ u8 cn_size; /* Size of commonName (CN) */ u8 email_size; /* Size of emailAddress */ From patchwork Wed Jan 19 00:54:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 533896 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 208FAC433EF for ; Wed, 19 Jan 2022 00:55:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235175AbiASAzS (ORCPT ); Tue, 18 Jan 2022 19:55:18 -0500 Received: from dfw.source.kernel.org ([139.178.84.217]:49004 "EHLO dfw.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350545AbiASAzM (ORCPT ); Tue, 18 Jan 2022 19:55:12 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BEB31614E4; Wed, 19 Jan 2022 00:55:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0BE05C340EA; Wed, 19 Jan 2022 00:55:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1642553711; bh=c6nxup02wo4kbjZY5kfEfTNilIzfWZTaoih85IwJlHo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FWB864auFXPuCsZyfWwdpxb7vC+leRw/FXZP8WK6Cv6ZG8HcjLj8ZLm7cccxeIg0r PWcMa6/3Ji1782p0xwaO0nNmVuv7e9a3CDK5lCo+ujQIXxss6i50tihcX0DrFDU4pc xQSpWrROwjOWQdIGdTRjAv5uu29Ds/R/PdXEjAOoisypu8jiAYGbxk71SGFUzrm/a8 SH6apOEy9nR/j030XXNivW61g7sghj4kNUGZqrn1lhPdHM0bHLqnr1I+JDge/zHrfL xLC0B687KYG9GrWTM1a0hkWLSR8PTD48EORCZmiDLJs0U6KbSOOCSQFq8rp9NsAuQq F+LTrsRLlTJ5A== From: Eric Biggers To: keyrings@vger.kernel.org, David Howells , Jarkko Sakkinen Cc: linux-crypto@vger.kernel.org Subject: [PATCH v2 3/4] KEYS: x509: remove never-set ->unsupported_key flag Date: Tue, 18 Jan 2022 16:54:35 -0800 Message-Id: <20220119005436.119072-4-ebiggers@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220119005436.119072-1-ebiggers@kernel.org> References: <20220119005436.119072-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org From: Eric Biggers The X.509 parser always sets cert->pub->pkey_algo on success, since x509_extract_key_data() is a mandatory action in the X.509 ASN.1 grammar, and it returns an error if the algorithm is unknown. Thus, remove the dead code which handled this field being NULL. This results in the ->unsupported_key flag never being set, so remove that too. Signed-off-by: Eric Biggers --- crypto/asymmetric_keys/pkcs7_verify.c | 7 ++----- crypto/asymmetric_keys/x509_parser.h | 1 - crypto/asymmetric_keys/x509_public_key.c | 9 --------- 3 files changed, 2 insertions(+), 15 deletions(-) diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c index 0b4d07aa88111..d37b187faf9ae 100644 --- a/crypto/asymmetric_keys/pkcs7_verify.c +++ b/crypto/asymmetric_keys/pkcs7_verify.c @@ -226,9 +226,6 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7, return 0; } - if (x509->unsupported_key) - goto unsupported_crypto_in_x509; - pr_debug("- issuer %s\n", x509->issuer); sig = x509->sig; if (sig->auth_ids[0]) @@ -245,7 +242,7 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7, * authority. */ if (x509->unsupported_sig) - goto unsupported_crypto_in_x509; + goto unsupported_sig_in_x509; x509->signer = x509; pr_debug("- self-signed\n"); return 0; @@ -309,7 +306,7 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7, might_sleep(); } -unsupported_crypto_in_x509: +unsupported_sig_in_x509: /* Just prune the certificate chain at this point if we lack some * crypto module to go further. Note, however, we don't want to set * sinfo->unsupported_crypto as the signed info block may still be diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h index c233f136fb354..da854c94f1115 100644 --- a/crypto/asymmetric_keys/x509_parser.h +++ b/crypto/asymmetric_keys/x509_parser.h @@ -36,7 +36,6 @@ struct x509_certificate { bool seen; /* Infinite recursion prevention */ bool verified; bool self_signed; /* T if self-signed (check unsupported_sig too) */ - bool unsupported_key; /* T if key uses unsupported crypto */ bool unsupported_sig; /* T if signature uses unsupported crypto */ bool blacklisted; }; diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index fe14cae115b51..b03d04d78eb9d 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -33,9 +33,6 @@ int x509_get_sig_params(struct x509_certificate *cert) sig->data = cert->tbs; sig->data_size = cert->tbs_size; - if (!cert->pub->pkey_algo) - cert->unsupported_key = true; - if (!sig->pkey_algo) cert->unsupported_sig = true; @@ -173,12 +170,6 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) pr_devel("Cert Issuer: %s\n", cert->issuer); pr_devel("Cert Subject: %s\n", cert->subject); - - if (cert->unsupported_key) { - ret = -ENOPKG; - goto error_free_cert; - } - pr_devel("Cert Key Algo: %s\n", cert->pub->pkey_algo); pr_devel("Cert Valid period: %lld-%lld\n", cert->valid_from, cert->valid_to); From patchwork Wed Jan 19 00:54:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 533895 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5557C433EF for ; Wed, 19 Jan 2022 00:55:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350564AbiASAzU (ORCPT ); Tue, 18 Jan 2022 19:55:20 -0500 Received: from ams.source.kernel.org ([145.40.68.75]:58106 "EHLO ams.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350533AbiASAzP (ORCPT ); Tue, 18 Jan 2022 19:55:15 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B9C5BB8188E; Wed, 19 Jan 2022 00:55:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 52697C340EB; Wed, 19 Jan 2022 00:55:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1642553711; bh=/lG1k0t1nnY6vmFri6DFzw8Kop4+mL70knGtnCacG9M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=M1cdhU5mlFEk5rOn/70BjBdy6ebQjLLM+yJ1cRBZ6rTDGHu2fxK/0X1mWBbheniDQ YhToZEr+u9SVX4l36OFxJdsSeykmLGvUFInX5hQenqPCBF3TCJrOuCPaCl3eaSfHwT HHD/WHjw//vFR09jTK12ubjsEsgEbM7HSvJVF2iE07qQoGNbP7wvC9FtvrbVx6K9iU yoZE8l8AJGEPdjgVqMgpH186DLkPji017iE7hZpc3S0vI51JDAjDTwn1YretCxKxzb mOl5zQkgwujHMy5CohQLdRPonY6Bb4q/wyF7QeLrcBM6jEkRdfnSntAmwKwwMk3JZy ZjNU3ykJ6Sv8g== From: Eric Biggers To: keyrings@vger.kernel.org, David Howells , Jarkko Sakkinen Cc: linux-crypto@vger.kernel.org Subject: [PATCH v2 4/4] KEYS: x509: remove dead code that set ->unsupported_sig Date: Tue, 18 Jan 2022 16:54:36 -0800 Message-Id: <20220119005436.119072-5-ebiggers@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220119005436.119072-1-ebiggers@kernel.org> References: <20220119005436.119072-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org From: Eric Biggers The X.509 parser always sets cert->sig->pkey_algo and cert->sig->hash_algo on success, since x509_note_sig_algo() is a mandatory action in the X.509 ASN.1 grammar, and it returns an error if the signature's algorithm is unknown. Thus, remove the dead code which handled these fields being NULL. Acked-by: Jarkko Sakkinen Signed-off-by: Eric Biggers --- crypto/asymmetric_keys/x509_public_key.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index b03d04d78eb9d..8c77a297a82d4 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -33,15 +33,6 @@ int x509_get_sig_params(struct x509_certificate *cert) sig->data = cert->tbs; sig->data_size = cert->tbs_size; - if (!sig->pkey_algo) - cert->unsupported_sig = true; - - /* We check the hash if we can - even if we can't then verify it */ - if (!sig->hash_algo) { - cert->unsupported_sig = true; - return 0; - } - sig->s = kmemdup(cert->raw_sig, cert->raw_sig_size, GFP_KERNEL); if (!sig->s) return -ENOMEM;