diff mbox series

[v2,03/17] efi_loader: signature: replace debug to EFI_PRINT

Message ID 20200609050947.17861-4-takahiro.akashi@linaro.org
State Accepted
Commit 3e9019d4816945f7448e0182f9e5466385503345
Headers show
Series efi_loader: rework/improve UEFI secure boot code | expand

Commit Message

AKASHI Takahiro June 9, 2020, 5:09 a.m. UTC
Just for style consistency, replace all the uses of debug to
EFI_PRINT in efi_signature.c

Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
---
 lib/efi_loader/efi_signature.c | 121 +++++++++++++++++----------------
 1 file changed, 62 insertions(+), 59 deletions(-)
diff mbox series

Patch

diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index be6491c6e255..a05c75472721 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -43,14 +43,14 @@  static bool efi_hash_regions(struct efi_image_regions *regs, void **hash,
 	*size = 0;
 	*hash = calloc(1, SHA256_SUM_LEN);
 	if (!*hash) {
-		debug("Out of memory\n");
+		EFI_PRINT("Out of memory\n");
 		return false;
 	}
 	*size = SHA256_SUM_LEN;
 
 	hash_calculate("sha256", regs->reg, regs->num, *hash);
 #ifdef DEBUG
-	debug("hash calculated:\n");
+	EFI_PRINT("hash calculated:\n");
 	print_hex_dump("    ", DUMP_PREFIX_OFFSET, 16, 1,
 		       *hash, SHA256_SUM_LEN, false);
 #endif
@@ -76,7 +76,7 @@  static bool efi_hash_msg_content(struct pkcs7_message *msg, void **hash,
 	*size = 0;
 	*hash = calloc(1, SHA256_SUM_LEN);
 	if (!*hash) {
-		debug("Out of memory\n");
+		EFI_PRINT("Out of memory\n");
 		free(msg);
 		return false;
 	}
@@ -87,7 +87,7 @@  static bool efi_hash_msg_content(struct pkcs7_message *msg, void **hash,
 
 	hash_calculate("sha256", &regtmp, 1, *hash);
 #ifdef DEBUG
-	debug("hash calculated based on contentInfo:\n");
+	EFI_PRINT("hash calculated based on contentInfo:\n");
 	print_hex_dump("    ", DUMP_PREFIX_OFFSET, 16, 1,
 		       *hash, SHA256_SUM_LEN, false);
 #endif
@@ -120,8 +120,8 @@  static bool efi_signature_verify(struct efi_image_regions *regs,
 	char c;
 	bool verified;
 
-	debug("%s: Enter, %p, %p, %p(issuer: %s, subject: %s)\n", __func__,
-	      regs, ps_info, cert, cert->issuer, cert->subject);
+	EFI_PRINT("%s: Enter, %p, %p, %p(issuer: %s, subject: %s)\n", __func__,
+		  regs, ps_info, cert, cert->issuer, cert->subject);
 
 	verified = false;
 
@@ -139,7 +139,8 @@  static bool efi_signature_verify(struct efi_image_regions *regs,
 		info.checksum = image_get_checksum_algo("sha256,rsa2048");
 		info.name = "sha256,rsa2048";
 	} else {
-		debug("unknown msg digest algo: %s\n", ps_info->sig->hash_algo);
+		EFI_PRINT("unknown msg digest algo: %s\n",
+			  ps_info->sig->hash_algo);
 		goto out;
 	}
 	info.crypto = image_get_crypto_algo(info.name);
@@ -148,21 +149,22 @@  static bool efi_signature_verify(struct efi_image_regions *regs,
 	info.keylen = cert->pub->keylen;
 
 	/* verify signature */
-	debug("%s: crypto: %s, signature len:%x\n", __func__,
-	      info.name, ps_info->sig->s_size);
+	EFI_PRINT("%s: crypto: %s, signature len:%x\n", __func__,
+		  info.name, ps_info->sig->s_size);
 	if (ps_info->aa_set & (1UL << sinfo_has_message_digest)) {
-		debug("%s: RSA verify authentication attribute\n", __func__);
+		EFI_PRINT("%s: RSA verify authentication attribute\n",
+			  __func__);
 		/*
 		 * NOTE: This path will be executed only for
 		 * PE image authentication
 		 */
 
 		/* check if hash matches digest first */
-		debug("checking msg digest first, len:0x%x\n",
-		      ps_info->msgdigest_len);
+		EFI_PRINT("checking msg digest first, len:0x%x\n",
+			  ps_info->msgdigest_len);
 
 #ifdef DEBUG
-		debug("hash in database:\n");
+		EFI_PRINT("hash in database:\n");
 		print_hex_dump("    ", DUMP_PREFIX_OFFSET, 16, 1,
 			       ps_info->msgdigest, ps_info->msgdigest_len,
 			       false);
@@ -174,14 +176,14 @@  static bool efi_signature_verify(struct efi_image_regions *regs,
 				/* for authenticated variable */
 			if (ps_info->msgdigest_len != size ||
 			    memcmp(hash, ps_info->msgdigest, size)) {
-				debug("Digest doesn't match\n");
+				EFI_PRINT("Digest doesn't match\n");
 				free(hash);
 				goto out;
 			}
 
 			free(hash);
 		} else {
-			debug("Digesting image failed\n");
+			EFI_PRINT("Digesting image failed\n");
 			goto out;
 		}
 
@@ -196,7 +198,7 @@  static bool efi_signature_verify(struct efi_image_regions *regs,
 				ps_info->sig->s, ps_info->sig->s_size))
 			verified = true;
 	} else {
-		debug("%s: RSA verify content data\n", __func__);
+		EFI_PRINT("%s: RSA verify content data\n", __func__);
 		/* against all data */
 		if (!rsa_verify(&info, regs->reg, regs->num,
 				ps_info->sig->s, ps_info->sig->s_size))
@@ -204,7 +206,7 @@  static bool efi_signature_verify(struct efi_image_regions *regs,
 	}
 
 out:
-	debug("%s: Exit, verified: %d\n", __func__, verified);
+	EFI_PRINT("%s: Exit, verified: %d\n", __func__, verified);
 	return verified;
 }
 
@@ -234,26 +236,26 @@  bool efi_signature_verify_with_list(struct efi_image_regions *regs,
 	struct efi_sig_data *sig_data;
 	bool verified = false;
 
-	debug("%s: Enter, %p, %p, %p, %p\n", __func__,
-	      regs, signed_info, siglist, valid_cert);
+	EFI_PRINT("%s: Enter, %p, %p, %p, %p\n", __func__,
+		  regs, signed_info, siglist, valid_cert);
 
 	if (!signed_info) {
 		void *hash;
 		size_t size;
 
-		debug("%s: unsigned image\n", __func__);
+		EFI_PRINT("%s: unsigned image\n", __func__);
 		/*
 		 * verify based on calculated hash value
 		 * TODO: support other hash algorithms
 		 */
 		if (guidcmp(&siglist->sig_type, &efi_guid_sha256)) {
-			debug("Digest algorithm is not supported: %pUl\n",
-			      &siglist->sig_type);
+			EFI_PRINT("Digest algorithm is not supported: %pUl\n",
+				  &siglist->sig_type);
 			goto out;
 		}
 
 		if (!efi_hash_regions(regs, &hash, &size)) {
-			debug("Digesting unsigned image failed\n");
+			EFI_PRINT("Digesting unsigned image failed\n");
 			goto out;
 		}
 
@@ -261,7 +263,7 @@  bool efi_signature_verify_with_list(struct efi_image_regions *regs,
 		for (sig_data = siglist->sig_data_list; sig_data;
 		     sig_data = sig_data->next) {
 #ifdef DEBUG
-			debug("Msg digest in database:\n");
+			EFI_PRINT("Msg digest in database:\n");
 			print_hex_dump("    ", DUMP_PREFIX_OFFSET, 16, 1,
 				       sig_data->data, sig_data->size, false);
 #endif
@@ -276,10 +278,10 @@  bool efi_signature_verify_with_list(struct efi_image_regions *regs,
 		goto out;
 	}
 
-	debug("%s: signed image\n", __func__);
+	EFI_PRINT("%s: signed image\n", __func__);
 	if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509)) {
-		debug("Signature type is not supported: %pUl\n",
-		      &siglist->sig_type);
+		EFI_PRINT("Signature type is not supported: %pUl\n",
+			  &siglist->sig_type);
 		goto out;
 	}
 
@@ -290,7 +292,7 @@  bool efi_signature_verify_with_list(struct efi_image_regions *regs,
 
 		cert = x509_cert_parse(sig_data->data, sig_data->size);
 		if (IS_ERR(cert)) {
-			debug("Parsing x509 certificate failed\n");
+			EFI_PRINT("Parsing x509 certificate failed\n");
 			goto out;
 		}
 
@@ -307,7 +309,7 @@  bool efi_signature_verify_with_list(struct efi_image_regions *regs,
 	}
 
 out:
-	debug("%s: Exit, verified: %d\n", __func__, verified);
+	EFI_PRINT("%s: Exit, verified: %d\n", __func__, verified);
 	return verified;
 }
 
@@ -332,7 +334,7 @@  bool efi_signature_verify_with_sigdb(struct efi_image_regions *regs,
 	struct efi_signature_store *siglist;
 	bool verified = false;
 
-	debug("%s: Enter, %p, %p, %p, %p\n", __func__, regs, msg, db, cert);
+	EFI_PRINT("%s: Enter, %p, %p, %p, %p\n", __func__, regs, msg, db, cert);
 
 	if (!db)
 		goto out;
@@ -342,7 +344,7 @@  bool efi_signature_verify_with_sigdb(struct efi_image_regions *regs,
 
 	/* for unsigned image */
 	if (!msg) {
-		debug("%s: Verify unsigned image with db\n", __func__);
+		EFI_PRINT("%s: Verify unsigned image with db\n", __func__);
 		for (siglist = db; siglist; siglist = siglist->next)
 			if (efi_signature_verify_with_list(regs, NULL, NULL,
 							   siglist, cert)) {
@@ -354,10 +356,10 @@  bool efi_signature_verify_with_sigdb(struct efi_image_regions *regs,
 	}
 
 	/* for signed image or variable */
-	debug("%s: Verify signed image with db\n", __func__);
+	EFI_PRINT("%s: Verify signed image with db\n", __func__);
 	for (info = msg->signed_infos; info; info = info->next) {
-		debug("Signed Info: digest algo: %s, pkey algo: %s\n",
-		      info->sig->hash_algo, info->sig->pkey_algo);
+		EFI_PRINT("Signed Info: digest algo: %s, pkey algo: %s\n",
+			  info->sig->hash_algo, info->sig->pkey_algo);
 
 		for (siglist = db; siglist; siglist = siglist->next) {
 			if (efi_signature_verify_with_list(regs, msg, info,
@@ -369,7 +371,7 @@  bool efi_signature_verify_with_sigdb(struct efi_image_regions *regs,
 	}
 
 out:
-	debug("%s: Exit, verified: %d\n", __func__, verified);
+	EFI_PRINT("%s: Exit, verified: %d\n", __func__, verified);
 	return verified;
 }
 
@@ -401,21 +403,21 @@  static bool efi_search_siglist(struct x509_certificate *cert,
 
 	if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509_sha256)) {
 		/* TODO: other hash algos */
-		debug("Certificate's digest type is not supported: %pUl\n",
-		      &siglist->sig_type);
+		EFI_PRINT("Certificate's digest type is not supported: %pUl\n",
+			  &siglist->sig_type);
 		goto out;
 	}
 
 	/* calculate hash of TBSCertificate */
 	msg = calloc(1, SHA256_SUM_LEN);
 	if (!msg) {
-		debug("Out of memory\n");
+		EFI_PRINT("Out of memory\n");
 		goto out;
 	}
 
 	hash = calloc(1, SHA256_SUM_LEN);
 	if (!hash) {
-		debug("Out of memory\n");
+		EFI_PRINT("Out of memory\n");
 		goto out;
 	}
 
@@ -466,7 +468,7 @@  bool efi_signature_verify_cert(struct x509_certificate *cert,
 	time64_t revoc_time;
 	bool found = false;
 
-	debug("%s: Enter, %p, %p\n", __func__, dbx, cert);
+	EFI_PRINT("%s: Enter, %p, %p\n", __func__, dbx, cert);
 
 	if (!cert)
 		return false;
@@ -481,7 +483,7 @@  bool efi_signature_verify_cert(struct x509_certificate *cert,
 		}
 	}
 
-	debug("%s: Exit, verified: %d\n", __func__, !found);
+	EFI_PRINT("%s: Exit, verified: %d\n", __func__, !found);
 	return !found;
 }
 
@@ -502,7 +504,7 @@  bool efi_signature_verify_signers(struct pkcs7_message *msg,
 	struct pkcs7_signed_info *info;
 	bool found = false;
 
-	debug("%s: Enter, %p, %p\n", __func__, msg, dbx);
+	EFI_PRINT("%s: Enter, %p, %p\n", __func__, msg, dbx);
 
 	if (!msg)
 		goto out;
@@ -515,7 +517,7 @@  bool efi_signature_verify_signers(struct pkcs7_message *msg,
 		}
 	}
 out:
-	debug("%s: Exit, verified: %d\n", __func__, !found);
+	EFI_PRINT("%s: Exit, verified: %d\n", __func__, !found);
 	return !found;
 }
 
@@ -540,7 +542,7 @@  efi_status_t efi_image_region_add(struct efi_image_regions *regs,
 	int i, j;
 
 	if (regs->num >= regs->max) {
-		debug("%s: no more room for regions\n", __func__);
+		EFI_PRINT("%s: no more room for regions\n", __func__);
 		return EFI_OUT_OF_RESOURCES;
 	}
 
@@ -557,8 +559,8 @@  efi_status_t efi_image_region_add(struct efi_image_regions *regs,
 
 		if ((start >= reg->data && start < reg->data + reg->size) ||
 		    (end > reg->data && end < reg->data + reg->size)) {
-			debug("%s: new region already part of another\n",
-			      __func__);
+			EFI_PRINT("%s: new region already part of another\n",
+				  __func__);
 			return EFI_INVALID_PARAMETER;
 		}
 
@@ -650,14 +652,14 @@  efi_sigstore_parse_siglist(struct efi_signature_list *esl)
 
 	if (esl->signature_list_size
 			<= (sizeof(*esl) + esl->signature_header_size)) {
-		debug("Siglist in wrong format\n");
+		EFI_PRINT("Siglist in wrong format\n");
 		return NULL;
 	}
 
 	/* Create a head */
 	siglist = calloc(sizeof(*siglist), 1);
 	if (!siglist) {
-		debug("Out of memory\n");
+		EFI_PRINT("Out of memory\n");
 		goto err;
 	}
 	memcpy(&siglist->sig_type, &esl->signature_type, sizeof(efi_guid_t));
@@ -672,14 +674,14 @@  efi_sigstore_parse_siglist(struct efi_signature_list *esl)
 	while (left > 0) {
 		/* Signature must exist if there is remaining data. */
 		if (left < esl->signature_size) {
-			debug("Certificate is too small\n");
+			EFI_PRINT("Certificate is too small\n");
 			goto err;
 		}
 
 		sig_data = calloc(esl->signature_size
 					- sizeof(esd->signature_owner), 1);
 		if (!sig_data) {
-			debug("Out of memory\n");
+			EFI_PRINT("Out of memory\n");
 			goto err;
 		}
 
@@ -690,7 +692,7 @@  efi_sigstore_parse_siglist(struct efi_signature_list *esl)
 					- sizeof(esd->signature_owner);
 		sig_data->data = malloc(sig_data->size);
 		if (!sig_data->data) {
-			debug("Out of memory\n");
+			EFI_PRINT("Out of memory\n");
 			goto err;
 		}
 		memcpy(sig_data->data, esd->signature_data, sig_data->size);
@@ -736,7 +738,7 @@  struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
 	} else if (!u16_strcmp(name, L"db") || !u16_strcmp(name, L"dbx")) {
 		vendor = &efi_guid_image_security_database;
 	} else {
-		debug("unknown signature database, %ls\n", name);
+		EFI_PRINT("unknown signature database, %ls\n", name);
 		return NULL;
 	}
 
@@ -744,23 +746,23 @@  struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
 	db_size = 0;
 	ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, NULL));
 	if (ret == EFI_NOT_FOUND) {
-		debug("variable, %ls, not found\n", name);
+		EFI_PRINT("variable, %ls, not found\n", name);
 		sigstore = calloc(sizeof(*sigstore), 1);
 		return sigstore;
 	} else if (ret != EFI_BUFFER_TOO_SMALL) {
-		debug("Getting variable, %ls, failed\n", name);
+		EFI_PRINT("Getting variable, %ls, failed\n", name);
 		return NULL;
 	}
 
 	db = malloc(db_size);
 	if (!db) {
-		debug("Out of memory\n");
+		EFI_PRINT("Out of memory\n");
 		return NULL;
 	}
 
 	ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, db));
 	if (ret != EFI_SUCCESS) {
-		debug("Getting variable, %ls, failed\n", name);
+		EFI_PRINT("Getting variable, %ls, failed\n", name);
 		goto err;
 	}
 
@@ -769,19 +771,20 @@  struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
 	while (db_size > 0) {
 		/* List must exist if there is remaining data. */
 		if (db_size < sizeof(*esl)) {
-			debug("variable, %ls, in wrong format\n", name);
+			EFI_PRINT("variable, %ls, in wrong format\n", name);
 			goto err;
 		}
 
 		if (db_size < esl->signature_list_size) {
-			debug("variable, %ls, in wrong format\n", name);
+			EFI_PRINT("variable, %ls, in wrong format\n", name);
 			goto err;
 		}
 
 		/* Parse a single siglist. */
 		siglist = efi_sigstore_parse_siglist(esl);
 		if (!siglist) {
-			debug("Parsing signature list of %ls failed\n", name);
+			EFI_PRINT("Parsing signature list of %ls failed\n",
+				  name);
 			goto err;
 		}