| Message ID | YV3qxiznqGoOyIUQ@devvm312.ftw0.facebook.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | MODSIGN: Fix handling CMS_final return code | expand |
diff --git a/scripts/sign-file.c b/scripts/sign-file.c index fbd34b8e8f57..2dbfc6e630f4 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -315,7 +315,8 @@ int main(int argc, char **argv) CMS_NOSMIMECAP | use_keyid | use_signed_attrs), "CMS_add1_signer"); - ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0, + /* CMS_final() returns 1 for success or 0 for failure. */ + ERR(!CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY), "CMS_final"); #else
CMS finalisation for signing kernel modules may fail without reporting a real error which will lead to appending an empty signature [0] which could end up with unbootable or barely bootable kernel if CONFIG_MODULE_SIG_FORCE is set, and this would not be detected by build scripts or other automation as exit code of sign-file would be 0. Check the return code of CMS_final() with regards to documentation [1] which says that cmd_final always returns 0 or 1 where 0 is failure, while current code expecting it to return -1 in case of error. [0] https://pastebin.com/DY7SP7b8 [1] https://www.openssl.org/docs/man1.1.0/man3/CMS_final.html Fixes: bc1c373dd2a5 ("MODSIGN: Provide a utility to append a PKCS#7 signature to a module") Signed-off-by: Sergei Iudin <tsipa740@gmail.com> --- scripts/sign-file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)