lib: crypto: export and enhance pkcs7_verify_one() The function, pkcs7_verify_one(), will be utilized to rework signature verification logic aiming to support intermediate certificates in "chain of trust." To do that, its function interface is expanded, adding an extra argument which is expected to return the last certificate in trusted chain. Then, this last one must further be verified with signature database, db and/or dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

commit: f2d87ffcf112ccbc483727d7d65c0326894f8949 [log] [tgz]
author: AKASHI Takahiro <takahiro.akashi@linaro.org> Tue Jul 21 19:35:21 2020 +0900
committer: Heinrich Schuchardt <xypron.glpk@gmx.de> Wed Jul 22 12:37:17 2020 +0200
tree: bb1fb5d8a2f4165b015201d7803cc530368cced4
parent: 0cad19190c8a25efc9dd796cedd2849b8c667285 [diff] [blame]
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
index 8f5c8a7..ca35df2 100644
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h

@@ -27,7 +27,14 @@
 				  const void **_data, size_t *_datalen,
 				  size_t *_headerlen);
 
-#ifndef __UBOOT__
+#ifdef __UBOOT__
+struct pkcs7_signed_info;
+struct x509_certificate;
+
+int pkcs7_verify_one(struct pkcs7_message *pkcs7,
+		     struct pkcs7_signed_info *sinfo,
+		     struct x509_certificate **signer);
+#else
 /*
  * pkcs7_trust.c
  */
commit	f2d87ffcf112ccbc483727d7d65c0326894f8949	[log] [tgz]
author	AKASHI Takahiro <takahiro.akashi@linaro.org>	Tue Jul 21 19:35:21 2020 +0900
committer	Heinrich Schuchardt <xypron.glpk@gmx.de>	Wed Jul 22 12:37:17 2020 +0200
tree	bb1fb5d8a2f4165b015201d7803cc530368cced4
parent	0cad19190c8a25efc9dd796cedd2849b8c667285 [diff] [blame]