]> asedeno.scripts.mit.edu Git - linux.git/commitdiff
projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: af316fc)
pefile: Validate PKCS#7 trust chain
authorDavid Howells <dhowells@redhat.com>
Tue, 1 Jul 2014 15:02:52 +0000 (16:02 +0100)
committerDavid Howells <dhowells@redhat.com>
Wed, 9 Jul 2014 13:58:47 +0000 (14:58 +0100)
Validate the PKCS#7 trust chain against the contents of the system keyring.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
crypto/asymmetric_keys/verify_pefile.c patch | blob | history

diff --git a/crypto/asymmetric_keys/verify_pefile.c b/crypto/asymmetric_keys/verify_pefile.c
index 029a36510e805e0dec72f7007a372e2896c909af..79175e6ea0b28493f26079d5a17926e0aab63984 100644 (file)
--- a/crypto/asymmetric_keys/verify_pefile.c
+++ b/crypto/asymmetric_keys/verify_pefile.c
@@ -449,7 +449,7 @@ int verify_pefile_signature(const void *pebuf, unsigned pelen,
        if (ret < 0)
                goto error;
 
-       ret = -ENOANO; // Not yet complete
+       ret = pkcs7_validate_trust(pkcs7, trusted_keyring, _trusted);
 
 error:
        pkcs7_free_message(ctx.pkcs7);
local clone of linux.git