msm-4.14/asymmetric_keys at 30f618169cda40128ea1487d43a13aa41e1b362a - msm-4.14 - HostKita Git

malhuda/msm-4.14

mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00

History

Eric Biggers 29e76b211e PKCS#7: fix certificate blacklisting

commit 29f4a67c17e19314b7d74b8569be935e6c7edf50 upstream.

If there is a blacklisted certificate in a SignerInfo's certificate
chain, then pkcs7_verify_sig_chain() sets sinfo->blacklisted and returns
0.  But, pkcs7_verify() fails to handle this case appropriately, as it
actually continues on to the line 'actual_ret = 0;', indicating that the
SignerInfo has passed verification.  Consequently, PKCS#7 signature
verification ignores the certificate blacklist.

Fix this by not considering blacklisted SignerInfos to have passed
verification.

Also fix the function comment with regards to when 0 is returned.

Fixes: 03bb79315ddc ("PKCS#7: Handle blacklisted certificates")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2018-02-28 10:19:39 +01:00

..

.gitignore

…

asymmetric_keys.h

KEYS: Generalise x509_request_asymmetric_key()

2016-04-11 22:41:56 +01:00

asymmetric_type.c

KEYS: checking the input id parameters before finding asymmetric key

2017-10-18 09:12:40 +01:00

Kconfig

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

Makefile

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

mscode_parser.c

pefile: Fix the failure of calculation for digest

2016-07-18 12:19:46 +10:00

mscode.asn1

…

pkcs7_key_type.c

KEYS: The PKCS#7 test key type should use the secondary keyring

2016-05-11 14:31:55 +01:00

pkcs7_parser.c

pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.

2017-10-18 09:12:41 +01:00

pkcs7_parser.h

PKCS#7: Handle blacklisted certificates

2017-04-03 16:07:25 +01:00

pkcs7_trust.c

KEYS: Generalise x509_request_asymmetric_key()

2016-04-11 22:41:56 +01:00

pkcs7_verify.c

PKCS#7: fix certificate blacklisting

2018-02-28 10:19:39 +01:00

pkcs7.asn1

PKCS#7: Appropriately restrict authenticated attributes and content type

2015-08-12 17:01:01 +01:00

public_key.c

X.509: fix BUG_ON() when hash algorithm is unsupported

2018-02-28 10:19:39 +01:00

restrict.c

X.509: fix NULL dereference when restricting key with unsupported_sig

2018-02-28 10:19:39 +01:00

signature.c

KEYS: Add identifier pointers to public_key_signature struct

2016-04-06 16:13:33 +01:00

verify_pefile.c

crypto : asymmetric_keys : verify_pefile:zero memory content before freeing

2017-06-09 13:29:50 +10:00

verify_pefile.h

KEYS: Generalise system_verify_data() to provide access to internal content

2016-04-06 16:14:24 +01:00

x509_akid.asn1

X.509: Extract both parts of the AuthorityKeyIdentifier

2015-08-07 16:26:13 +01:00

x509_cert_parser.c

X.509: reject invalid BIT STRING for subjectPublicKey

2017-12-14 09:52:53 +01:00

x509_parser.h

X.509: Allow X.509 certs to be blacklisted

2017-04-03 16:07:25 +01:00

x509_public_key.c

X.509: fix comparisons of ->pkey_algo

2017-12-14 09:52:53 +01:00

x509.asn1

…