[GIT PULL] KEYS fixes

From: James Morris
Date: Sun Jul 17 2016 - 22:07:00 EST


Please pull these fixes for the keys code.

>From David Howells:

" Here are three miscellaneous fixes:

(1) Fix a panic in some debugging code in PKCS#7. This can only happen
by explicitly inserting a #define DEBUG into the code.

(2) Fix the calculation of the digest length in the PE file parser. This
causes a failure where there should be a success.

(3) Fix the case where an X.509 cert can be added as an asymmetric key to
a trusted keyring with no trust restriction if no AKID is supplied.

Bugs (1) and (2) aren't particularly problematic, but (3) allows a
security check to be bypassed. Bug (3) is added since the 4.6 kernel. "



The following changes since commit 47ef4ad2684d380dd6d596140fb79395115c3950:

Merge tag 'for-linus-20160715' of git://git.infradead.org/linux-mtd (2016-07-16 09:53:34 +0900)

are available in the git repository at:

git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus

Lans Zhang (2):
PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined
pefile: Fix the failure of calculation for digest

Mat Martineau (1):
KEYS: Fix for erroneous trust of incorrectly signed X.509 certs

crypto/asymmetric_keys/mscode_parser.c | 7 ++++++-
crypto/asymmetric_keys/pkcs7_verify.c | 2 +-
crypto/asymmetric_keys/restrict.c | 2 +-
3 files changed, 8 insertions(+), 3 deletions(-)