diff options
| author | Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> | 2018-03-07 13:57:24 +0100 |
|---|---|---|
| committer | Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> | 2018-03-07 13:57:24 +0100 |
| commit | 249b6bae56fc18f4512fe5bc085f71cc235c0735 (patch) | |
| tree | 89cf28b0e13c85f0a04d216121cbdafdf9668ba0 /crypto/asymmetric_keys/restrict.c | |
| parent | 59d9ddb192bc424cc53e52180478001af4fb99a4 (diff) | |
| parent | c7ee969dff58a7f5e447e27fe064e2d1ce81d574 (diff) | |
| download | linux-crypto-249b6bae56fc18f4512fe5bc085f71cc235c0735.tar.gz linux-crypto-249b6bae56fc18f4512fe5bc085f71cc235c0735.zip | |
Merge tag 'v4.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next
Linux 4.16-rc4
Diffstat (limited to 'crypto/asymmetric_keys/restrict.c')
| -rw-r--r-- | crypto/asymmetric_keys/restrict.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c index 86fb6850..7c93c772 100644 --- a/crypto/asymmetric_keys/restrict.c +++ b/crypto/asymmetric_keys/restrict.c @@ -67,8 +67,9 @@ __setup("ca_keys=", ca_keys_setup); * * Returns 0 if the new certificate was accepted, -ENOKEY if we couldn't find a * matching parent certificate in the trusted list, -EKEYREJECTED if the - * signature check fails or the key is blacklisted and some other error if - * there is a matching certificate but the signature check cannot be performed. + * signature check fails or the key is blacklisted, -ENOPKG if the signature + * uses unsupported crypto, or some other error if there is a matching + * certificate but the signature check cannot be performed. */ int restrict_link_by_signature(struct key *dest_keyring, const struct key_type *type, @@ -88,6 +89,8 @@ int restrict_link_by_signature(struct key *dest_keyring, return -EOPNOTSUPP; sig = payload->data[asym_auth]; + if (!sig) + return -ENOPKG; if (!sig->auth_ids[0] && !sig->auth_ids[1]) return -ENOKEY; @@ -139,6 +142,8 @@ static int key_or_keyring_common(struct key *dest_keyring, return -EOPNOTSUPP; sig = payload->data[asym_auth]; + if (!sig) + return -ENOPKG; if (!sig->auth_ids[0] && !sig->auth_ids[1]) return -ENOKEY; @@ -222,9 +227,9 @@ static int key_or_keyring_common(struct key *dest_keyring, * * Returns 0 if the new certificate was accepted, -ENOKEY if we * couldn't find a matching parent certificate in the trusted list, - * -EKEYREJECTED if the signature check fails, and some other error if - * there is a matching certificate but the signature check cannot be - * performed. + * -EKEYREJECTED if the signature check fails, -ENOPKG if the signature uses + * unsupported crypto, or some other error if there is a matching certificate + * but the signature check cannot be performed. */ int restrict_link_by_key_or_keyring(struct key *dest_keyring, const struct key_type *type, @@ -249,9 +254,9 @@ int restrict_link_by_key_or_keyring(struct key *dest_keyring, * * Returns 0 if the new certificate was accepted, -ENOKEY if we * couldn't find a matching parent certificate in the trusted list, - * -EKEYREJECTED if the signature check fails, and some other error if - * there is a matching certificate but the signature check cannot be - * performed. + * -EKEYREJECTED if the signature check fails, -ENOPKG if the signature uses + * unsupported crypto, or some other error if there is a matching certificate + * but the signature check cannot be performed. */ int restrict_link_by_key_or_keyring_chain(struct key *dest_keyring, const struct key_type *type, |