From f978aa2443a891c18a301c2a4a5542ed0b5b7091 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:40 +0000
Subject: [PATCH 23/28] pefile: Parse the presumed PKCS#7 content of the
 certificate blob

Parse the content of the certificate blob, presuming it to be PKCS#7 format.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/kernel/pefile_parser.c |   12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

Index: linux-2.6/arch/x86/kernel/pefile_parser.c
===================================================================
--- linux-2.6.orig/arch/x86/kernel/pefile_parser.c	2014-06-17 09:14:30.281973736 -0400
+++ linux-2.6/arch/x86/kernel/pefile_parser.c	2014-06-17 09:14:46.773974708 -0400
@@ -185,6 +185,7 @@ static int pefile_parse_binary(const voi
  */
 int pefile_parse_verify_sig(const void *pebuf, unsigned int pelen)
 {
+	void *pkcs7;
 	struct pefile_context ctx;
 	int ret;
 
@@ -199,5 +200,14 @@ int pefile_parse_verify_sig(const void *
 	if (ret < 0)
 		return ret;
 
-	return -ENOANO; // Not yet complete
+	pkcs7 = pkcs7_parse_message(pebuf + ctx.sig_offset, ctx.sig_len);
+	if (IS_ERR(pkcs7))
+		return PTR_ERR(pkcs7);
+	ctx.pkcs7 = pkcs7;
+
+	ret = -ENOANO; // Not yet complete
+
+error:
+	pkcs7_free_message(ctx.pkcs7);
+	return ret;
 }