PKCS#7: fix certificate blacklisting - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Eric Biggers <[email protected]>	2018-02-22 14:38:33 +0000
committer	David Howells <[email protected]>	2018-02-22 14:38:33 +0000
commit	29f4a67c17e19314b7d74b8569be935e6c7edf50 (patch)
tree	debe9c0a045f56b09856b062baba842b65b80a25 /tools/perf/scripts/python/stat-cpi.py
parent	971b42c038dc83e3327872d294fe7131bab152fc (diff)

PKCS#7: fix certificate blacklisting

If there is a blacklisted certificate in a SignerInfo's certificate chain, then pkcs7_verify_sig_chain() sets sinfo->blacklisted and returns 0. But, pkcs7_verify() fails to handle this case appropriately, as it actually continues on to the line 'actual_ret = 0;', indicating that the SignerInfo has passed verification. Consequently, PKCS#7 signature verification ignores the certificate blacklist. Fix this by not considering blacklisted SignerInfos to have passed verification. Also fix the function comment with regards to when 0 is returned. Fixes: 03bb79315ddc ("PKCS#7: Handle blacklisted certificates") Cc: <[email protected]> # v4.12+ Signed-off-by: Eric Biggers <[email protected]> Signed-off-by: David Howells <[email protected]>

Diffstat (limited to 'tools/perf/scripts/python/stat-cpi.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: