AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
737,443 Commits 7 Branches 0 Tags 1.9 GiB
C 98%
Assembly 1.1%
Shell 0.3%
Makefile 0.3%
Python 0.1%
Other 0.1%
6459ae3866
Go to file
Eric Biggers 6459ae3866 PKCS#7: fix direct verification of SignerInfo signature 
If none of the certificates in a SignerInfo's certificate chain match a
trusted key, nor is the last certificate signed by a trusted key, then
pkcs7_validate_trust_one() tries to check whether the SignerInfo's
signature was made directly by a trusted key.  But, it actually fails to
set the 'sig' variable correctly, so it actually verifies the last
signature seen.  That will only be the SignerInfo's signature if the
certificate chain is empty; otherwise it will actually be the last
certificate's signature.

This is not by itself a security problem, since verifying any of the
certificates in the chain should be sufficient to verify the SignerInfo.
Still, it's not working as intended so it should be fixed.

Fix it by setting 'sig' correctly for the direct verification case.

Fixes: 757932e6da ("PKCS#7: Handle PKCS#7 messages that contain no X.509 certs")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2018-02-22 14:38:33 +00:00
arch
block
certs
crypto PKCS#7: fix direct verification of SignerInfo signature 2018-02-22 14:38:33 +00:00
Documentation Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-02-19 11:58:19 -08:00
drivers Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-02-19 11:58:19 -08:00
firmware
fs
include Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-02-19 11:58:19 -08:00
init
ipc
kernel
lib
LICENSES
mm
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-02-19 11:58:19 -08:00
samples
scripts
security
sound
tools
usr
virt
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS MAINTAINERS: Remove Richard Purdie from LED maintainers 2018-02-19 20:23:49 +01:00
Makefile Linux 4.16-rc2 2018-02-18 17:29:42 -08:00
README

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.