diff options
author | Felipe Balbi <balbi@ti.com> | 2013-12-19 09:18:53 -0600 |
---|---|---|
committer | Felipe Balbi <balbi@ti.com> | 2013-12-19 09:18:53 -0600 |
commit | c139e1425ff7bec7ac22ed90acbadb1b7aa091a9 (patch) | |
tree | c6b091d2dfce26ce80238ef278f2bc7b3b473cad /crypto/asymmetric_keys/x509_public_key.c | |
parent | 4a5ee77caad2a99b86d6bdd5f0064a60224a0760 (diff) | |
parent | 319e2e3f63c348a9b66db4667efa73178e18b17d (diff) | |
download | blackbird-obmc-linux-c139e1425ff7bec7ac22ed90acbadb1b7aa091a9.tar.gz blackbird-obmc-linux-c139e1425ff7bec7ac22ed90acbadb1b7aa091a9.zip |
Merge tag 'v3.13-rc4' into next
Linux 3.13-rc4
* tag 'v3.13-rc4': (1001 commits)
Linux 3.13-rc4
null_blk: mem garbage on NUMA systems during init
radeon_pm: fix oops in hwmon_attributes_visible() and radeon_hwmon_show_temp_thresh()
Revert "selinux: consider filesystem subtype in policies"
igb: Fix for issue where values could be too high for udelay function.
i40e: fix null dereference
ARM: fix asm/memory.h build error
dm array: fix a reference counting bug in shadow_ablock
dm space map: disallow decrementing a reference count below zero
mm: memcg: do not allow task about to OOM kill to bypass the limit
mm: memcg: fix race condition between memcg teardown and swapin
thp: move preallocated PTE page table on move_huge_pmd()
mfd/rtc: s5m: fix register updating by adding regmap for RTC
rtc: s5m: enable IRQ wake during suspend
rtc: s5m: limit endless loop waiting for register update
rtc: s5m: fix unsuccesful IRQ request during probe
drivers/rtc/rtc-s5m.c: fix info->rtc assignment
include/linux/kernel.h: make might_fault() a nop for !MMU
drivers/rtc/rtc-at91rm9200.c: correct alarm over day/month wrap
procfs: also fix proc_reg_get_unmapped_area() for !MMU case
...
Signed-off-by: Felipe Balbi <balbi@ti.com>
Diffstat (limited to 'crypto/asymmetric_keys/x509_public_key.c')
-rw-r--r-- | crypto/asymmetric_keys/x509_public_key.c | 81 |
1 files changed, 1 insertions, 80 deletions
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index f83300b6e8c1..382ef0d2ff2e 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -18,60 +18,12 @@ #include <linux/asn1_decoder.h> #include <keys/asymmetric-subtype.h> #include <keys/asymmetric-parser.h> -#include <keys/system_keyring.h> #include <crypto/hash.h> #include "asymmetric_keys.h" #include "public_key.h" #include "x509_parser.h" /* - * Find a key in the given keyring by issuer and authority. - */ -static struct key *x509_request_asymmetric_key( - struct key *keyring, - const char *signer, size_t signer_len, - const char *authority, size_t auth_len) -{ - key_ref_t key; - char *id; - - /* Construct an identifier. */ - id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL); - if (!id) - return ERR_PTR(-ENOMEM); - - memcpy(id, signer, signer_len); - id[signer_len + 0] = ':'; - id[signer_len + 1] = ' '; - memcpy(id + signer_len + 2, authority, auth_len); - id[signer_len + 2 + auth_len] = 0; - - pr_debug("Look up: \"%s\"\n", id); - - key = keyring_search(make_key_ref(keyring, 1), - &key_type_asymmetric, id); - if (IS_ERR(key)) - pr_debug("Request for module key '%s' err %ld\n", - id, PTR_ERR(key)); - kfree(id); - - if (IS_ERR(key)) { - switch (PTR_ERR(key)) { - /* Hide some search errors */ - case -EACCES: - case -ENOTDIR: - case -EAGAIN: - return ERR_PTR(-ENOKEY); - default: - return ERR_CAST(key); - } - } - - pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key))); - return key_ref_to_ptr(key); -} - -/* * Set up the signature parameters in an X.509 certificate. This involves * digesting the signed data and extracting the signature. */ @@ -151,33 +103,6 @@ int x509_check_signature(const struct public_key *pub, EXPORT_SYMBOL_GPL(x509_check_signature); /* - * Check the new certificate against the ones in the trust keyring. If one of - * those is the signing key and validates the new certificate, then mark the - * new certificate as being trusted. - * - * Return 0 if the new certificate was successfully validated, 1 if we couldn't - * find a matching parent certificate in the trusted list and an error if there - * is a matching certificate but the signature check fails. - */ -static int x509_validate_trust(struct x509_certificate *cert, - struct key *trust_keyring) -{ - const struct public_key *pk; - struct key *key; - int ret = 1; - - key = x509_request_asymmetric_key(trust_keyring, - cert->issuer, strlen(cert->issuer), - cert->authority, - strlen(cert->authority)); - if (!IS_ERR(key)) { - pk = key->payload.data; - ret = x509_check_signature(pk, cert); - } - return ret; -} - -/* * Attempt to parse a data blob for a key as an X509 certificate. */ static int x509_key_preparse(struct key_preparsed_payload *prep) @@ -230,13 +155,9 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) /* Check the signature on the key if it appears to be self-signed */ if (!cert->authority || strcmp(cert->fingerprint, cert->authority) == 0) { - ret = x509_check_signature(cert->pub, cert); /* self-signed */ + ret = x509_check_signature(cert->pub, cert); if (ret < 0) goto error_free_cert; - } else { - ret = x509_validate_trust(cert, system_trusted_keyring); - if (!ret) - prep->trusted = 1; } /* Propose a description */ |