davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7204eb8590
kernel-ark/crypto/asymmetric_keys
History
Eric Biggers 7204eb8590 pkcs7: fix check for self-signed certificate 
pkcs7_validate_trust_one() used 'x509->next == x509' to identify a
self-signed certificate.  That's wrong; ->next is simply the link in the
linked list of certificates in the PKCS#7 message.  It should be
checking ->signer instead.  Fix it.

Fortunately this didn't actually matter because when we re-visited
'x509' on the next iteration via 'x509->signer', it was already seen and
not verified, so we returned -ENOKEY anyway.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
2017-12-08 15:13:28 +00:00
..
.gitignore
asymmetric_keys.h KEYS: Generalise x509_request_asymmetric_key() 2016-04-11 22:41:56 +01:00
asymmetric_type.c KEYS: checking the input id parameters before finding asymmetric key 2017-10-18 09:12:40 +01:00
Kconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mscode_parser.c pefile: Fix the failure of calculation for digest 2016-07-18 12:19:46 +10:00
mscode.asn1
pkcs7_key_type.c pkcs7: Set the module licence to prevent tainting 2017-11-15 16:38:45 +00:00
pkcs7_parser.c pkcs7: return correct error code if pkcs7_check_authattrs() fails 2017-12-08 15:13:28 +00:00
pkcs7_parser.h PKCS#7: Handle blacklisted certificates 2017-04-03 16:07:25 +01:00
pkcs7_trust.c pkcs7: fix check for self-signed certificate 2017-12-08 15:13:28 +00:00
pkcs7_verify.c PKCS#7: Handle blacklisted certificates 2017-04-03 16:07:25 +01:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
public_key.c pkcs7: Set the module licence to prevent tainting 2017-11-15 16:38:45 +00:00
restrict.c KEYS: Keyring asymmetric key restrict method with chaining 2017-04-04 14:10:13 -07:00
signature.c KEYS: Add identifier pointers to public_key_signature struct 2016-04-06 16:13:33 +01:00
verify_pefile.c crypto : asymmetric_keys : verify_pefile:zero memory content before freeing 2017-06-09 13:29:50 +10:00
verify_pefile.h KEYS: Generalise system_verify_data() to provide access to internal content 2016-04-06 16:14:24 +01:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c X.509: reject invalid BIT STRING for subjectPublicKey 2017-12-08 15:13:27 +00:00
x509_parser.h X.509: Allow X.509 certs to be blacklisted 2017-04-03 16:07:25 +01:00
x509_public_key.c pkcs7: Set the module licence to prevent tainting 2017-11-15 16:38:45 +00:00
x509.asn1