xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PKCS#7: Make trust determination dependent on contents of trust keyring

Browse Source 
Make the determination of the trustworthiness of a key dependent on whether
a key that can verify it is present in the supplied ring of trusted keys
rather than whether or not the verifying key has KEY_FLAG_TRUSTED set.

verify_pkcs7_signature() will return -ENOKEY if the PKCS#7 message trust
chain cannot be verified.

Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
David Howells
2016-04-06 16:14:24 +01:00
parent e68503bd68
commit bda850cd21
9 changed files with 11 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/module_signing.c
View File

@@ -81,6 +81,6 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
}
return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
NULL, -ENOKEY, VERIFYING_MODULE_SIGNATURE,
NULL, VERIFYING_MODULE_SIGNATURE,
NULL, NULL);
}