- i = ksign_verify_signature(sig, sig_size, mvdata->digest);
-
- _debug("verify-sig : %d\n", i);
+ ret = ksign_verify_signature(sig, sig_size, mvdata->hash.tfm);
+
+ _debug("verify-sig : %d\n", ret);
+
+ switch (ret) {
+ case 0: /* good signature */
+ ret = 1;
+ break;
+ case -EKEYREJECTED: /* signature mismatch or number format error */
+ printk(KERN_ERR "Module signature verification failed\n");
+ break;
+ case -ENOKEY: /* signed, but we don't have the public key */
+ printk(KERN_ERR "Module signed with unknown public key\n");
+ break;
+ default: /* other error (probably ENOMEM) */
+ break;
+ }