diff options
author | Eric Biggers <ebiggers@google.com> | 2018-02-22 14:38:33 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2018-02-22 14:38:33 +0000 |
commit | 53e3ad1419e2dc99a33dc51f51cff7e706c5a706 (patch) | |
tree | f6ef0a743fd61f4b90131d49ab035f6f4a123221 /crypto/salsa20_generic.c | |
parent | 151fc33a85eef02714b70bfbb09eaae871db562f (diff) | |
download | linux-crypto-53e3ad1419e2dc99a33dc51f51cff7e706c5a706.tar.gz linux-crypto-53e3ad1419e2dc99a33dc51f51cff7e706c5a706.zip |
PKCS#7: fix certificate blacklisting
If there is a blacklisted certificate in a SignerInfo's certificate
chain, then pkcs7_verify_sig_chain() sets sinfo->blacklisted and returns
0. But, pkcs7_verify() fails to handle this case appropriately, as it
actually continues on to the line 'actual_ret = 0;', indicating that the
SignerInfo has passed verification. Consequently, PKCS#7 signature
verification ignores the certificate blacklist.
Fix this by not considering blacklisted SignerInfos to have passed
verification.
Also fix the function comment with regards to when 0 is returned.
Fixes: f8e2a9fc05a2 ("PKCS#7: Handle blacklisted certificates")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'crypto/salsa20_generic.c')
0 files changed, 0 insertions, 0 deletions