stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-09-29 17:50:53 +10:00
Code Issues Releases Wiki Activity
29f4a67c17
linux-stable/crypto/asymmetric_keys
History
Eric Biggers 29f4a67c17 PKCS#7: fix certificate blacklisting 
If there is a blacklisted certificate in a SignerInfo's certificate
chain, then pkcs7_verify_sig_chain() sets sinfo->blacklisted and returns
0.  But, pkcs7_verify() fails to handle this case appropriately, as it
actually continues on to the line 'actual_ret = 0;', indicating that the
SignerInfo has passed verification.  Consequently, PKCS#7 signature
verification ignores the certificate blacklist.

Fix this by not considering blacklisted SignerInfos to have passed
verification.

Also fix the function comment with regards to when 0 is returned.

Fixes: 03bb79315d ("PKCS#7: Handle blacklisted certificates")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2018-02-22 14:38:33 +00:00
..
.gitignore
asymmetric_keys.h
asymmetric_type.c KEYS: checking the input id parameters before finding asymmetric key 2017-10-18 09:12:40 +01:00
Kconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mscode_parser.c
mscode.asn1
pkcs7_key_type.c pkcs7: Set the module licence to prevent tainting 2017-11-15 16:38:45 +00:00
pkcs7_parser.c pkcs7: return correct error code if pkcs7_check_authattrs() fails 2017-12-08 15:13:28 +00:00
pkcs7_parser.h
pkcs7_trust.c pkcs7: fix check for self-signed certificate 2017-12-08 15:13:28 +00:00
pkcs7_verify.c PKCS#7: fix certificate blacklisting 2018-02-22 14:38:33 +00:00
pkcs7.asn1
public_key.c KEYS: be careful with error codes in public_key_verify_signature() 2017-12-08 15:13:29 +00:00
restrict.c
signature.c
verify_pefile.c crypto : asymmetric_keys : verify_pefile:zero memory content before freeing 2017-06-09 13:29:50 +10:00
verify_pefile.h
x509_akid.asn1
x509_cert_parser.c X.509: reject invalid BIT STRING for subjectPublicKey 2017-12-08 15:13:27 +00:00
x509_parser.h
x509_public_key.c X.509: fix comparisons of ->pkey_algo 2017-12-08 15:13:29 +00:00
x509.asn1