[PATCH17/17] pefile: Validate PKCS#7 trust chain

From: David Howells
Date: Wed Jul 09 2014 - 11:17:50 EST

Next message: David Howells: "[PATCH15/17] pefile: Handle pesign using the wrong OID"
Previous message: David Howells: "[PATCH16/17] pefile: Digest the PE binary and compare to the PKCS#7 data"
In reply to: David Howells: "[PATCH16/17] pefile: Digest the PE binary and compare to the PKCS#7 data"
Next in thread: David Howells: "[PATCH15/17] pefile: Handle pesign using the wrong OID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Validate the PKCS#7 trust chain against the contents of the system keyring.

Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
Acked-by: Vivek Goyal <vgoyal@xxxxxxxxxx>
---

crypto/asymmetric_keys/verify_pefile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/asymmetric_keys/verify_pefile.c b/crypto/asymmetric_keys/verify_pefile.c
index 029a365..79175e6 100644
--- a/crypto/asymmetric_keys/verify_pefile.c
+++ b/crypto/asymmetric_keys/verify_pefile.c
@@ -449,7 +449,7 @@ int verify_pefile_signature(const void *pebuf, unsigned pelen,
if (ret < 0)
goto error;

- ret = -ENOANO; // Not yet complete
+ ret = pkcs7_validate_trust(pkcs7, trusted_keyring, _trusted);

error:
pkcs7_free_message(ctx.pkcs7);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Howells: "[PATCH15/17] pefile: Handle pesign using the wrong OID"
Previous message: David Howells: "[PATCH16/17] pefile: Digest the PE binary and compare to the PKCS#7 data"
In reply to: David Howells: "[PATCH16/17] pefile: Digest the PE binary and compare to the PKCS#7 data"
Next in thread: David Howells: "[PATCH15/17] pefile: Handle pesign using the wrong OID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]