AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
6459ae3866
kernel_optimize_test/crypto
History
Eric Biggers 6459ae3866 PKCS#7: fix direct verification of SignerInfo signature 
If none of the certificates in a SignerInfo's certificate chain match a
trusted key, nor is the last certificate signed by a trusted key, then
pkcs7_validate_trust_one() tries to check whether the SignerInfo's
signature was made directly by a trusted key.  But, it actually fails to
set the 'sig' variable correctly, so it actually verifies the last
signature seen.  That will only be the SignerInfo's signature if the
certificate chain is empty; otherwise it will actually be the last
certificate's signature.

This is not by itself a security problem, since verifying any of the
certificates in the chain should be sufficient to verify the SignerInfo.
Still, it's not working as intended so it should be fixed.

Fix it by setting 'sig' correctly for the direct verification case.

Fixes: 757932e6da ("PKCS#7: Handle PKCS#7 messages that contain no X.509 certs")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2018-02-22 14:38:33 +00:00
..
asymmetric_keys PKCS#7: fix direct verification of SignerInfo signature 2018-02-22 14:38:33 +00:00
async_tx License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
.gitignore
842.c
ablk_helper.c crypto: remove unused hardirq.h 2017-11-29 17:33:29 +11:00
ablkcipher.c
acompress.c crypto: acomp - allow registration of multiple acomps 2017-04-21 20:30:50 +08:00
aead.c crypto: aead - prevent using AEADs without setting key 2018-01-12 23:03:39 +11:00
aes_generic.c
aes_ti.c crypto: aes_ti - fix comment for MixColumns step 2017-06-19 14:11:53 +08:00
af_alg.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ahash.c crypto: hash - prevent using keyed hashes without setting key 2018-01-12 23:03:37 +11:00
akcipher.c
algapi.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-01-31 14:22:45 -08:00
algboss.c crypto: algboss - remove redundant setting of len to zero 2017-10-07 12:10:34 +08:00
algif_aead.c crypto: aead - prevent using AEADs without setting key 2018-01-12 23:03:39 +11:00
algif_hash.c crypto: hash - prevent using keyed hashes without setting key 2018-01-12 23:03:37 +11:00
algif_rng.c
algif_skcipher.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-01-31 14:22:45 -08:00
ansi_cprng.c
anubis.c
api.c crypto: algapi - convert cra_refcnt to refcount_t 2018-01-05 18:43:09 +11:00
arc4.c
authenc.c crypto: null - Get rid of crypto_{get,put}_default_null_skcipher2() 2017-12-22 19:29:08 +11:00
authencesn.c crypto: null - Get rid of crypto_{get,put}_default_null_skcipher2() 2017-12-22 19:29:08 +11:00
blkcipher.c crypto: remove unused hardirq.h 2017-11-29 17:33:29 +11:00
blowfish_common.c
blowfish_generic.c
camellia_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
cast_common.c
cast5_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
cast6_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
cbc.c crypto: cbc - Propagate NEED_FALLBACK bit 2017-03-09 18:34:39 +08:00
ccm.c crypto: ccm - preserve the IV buffer 2017-11-03 21:35:35 +08:00
chacha20_generic.c crypto: chacha20 - Fix keystream alignment for chacha20_block() 2017-11-29 17:33:33 +11:00
chacha20poly1305.c crypto: chacha20poly1305 - validate the digest size 2017-12-22 19:02:33 +11:00
cipher.c
cmac.c
compress.c
crc32_generic.c crypto: hash - annotate algorithms taking optional key 2018-01-12 23:03:35 +11:00
crc32c_generic.c crypto: hash - annotate algorithms taking optional key 2018-01-12 23:03:35 +11:00
crct10dif_common.c
crct10dif_generic.c
cryptd.c crypto: hash - annotate algorithms taking optional key 2018-01-12 23:03:35 +11:00
crypto_engine.c crypto: engine - replace pr_xxx by dev_xxx 2017-06-19 14:19:54 +08:00
crypto_null.c
crypto_user.c crypto: algapi - convert cra_refcnt to refcount_t 2018-01-05 18:43:09 +11:00
crypto_wq.c
ctr.c crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
cts.c crypto: remove redundant backlog checks on EBUSY 2017-11-03 22:11:17 +08:00
deflate.c crypto: scomp - add support for deflate rfc1950 (zlib) 2017-04-24 18:11:08 +08:00
des_generic.c
dh_helper.c crypto: dh - Don't permit 'key' or 'g' size longer than 'p' 2017-11-10 19:20:17 +08:00
dh.c crypto: dh - Remove pointless checks for NULL 'p' and 'g' 2017-11-10 19:20:22 +08:00
drbg.c crypto: drbg - move to generic async completion 2017-11-03 22:11:19 +08:00
ecb.c
ecc_curve_defs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ecc.c crypto: ecc - Fix NULL pointer deref. on no default_rng 2017-11-29 17:33:24 +11:00
ecc.h crypto: ecdh - add privkey generation support 2017-06-10 12:04:35 +08:00
ecdh_helper.c crypto: ecdh - return unsigned value for crypto_ecdh_key_len() 2017-10-12 22:55:00 +08:00
ecdh.c crypto: ecdh - remove empty exit() 2017-11-06 14:45:04 +08:00
echainiv.c crypto: echainiv - Remove unused alg/spawn variable 2017-12-22 19:52:45 +11:00
fcrypt.c
fips.c
gcm.c crypto: null - Get rid of crypto_{get,put}_default_null_skcipher2() 2017-12-22 19:29:08 +11:00
gf128mul.c crypto: gf128mul - remove incorrect comment 2017-12-22 19:52:40 +11:00
ghash-generic.c crypto: ghash - remove checks for key being set 2018-01-12 23:03:38 +11:00
hash_info.c
hmac.c crypto: hmac - require that the underlying hash algorithm is unkeyed 2017-11-29 13:39:15 +11:00
internal.h crypto: algapi - remove unused notifications 2018-01-05 18:43:10 +11:00
jitterentropy-kcapi.c
jitterentropy.c
Kconfig Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-01-31 14:22:45 -08:00
keywrap.c crypto: keywrap - Add missing ULL suffixes for 64-bit constants 2017-11-29 17:33:26 +11:00
khazad.c
kpp.c
lrw.c crypto: remove redundant backlog checks on EBUSY 2017-11-03 22:11:17 +08:00
lz4.c crypto: lz4 - fixed decompress function to return error code 2017-04-10 19:17:27 +08:00
lz4hc.c crypto: lz4 - fixed decompress function to return error code 2017-04-10 19:17:27 +08:00
lzo.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
Makefile crypto: aes-generic - fix aes-generic regression on powerpc 2018-01-20 11:43:36 +11:00
mcryptd.c crypto: hash - annotate algorithms taking optional key 2018-01-12 23:03:35 +11:00
md4.c
md5.c md5: remove from lib and only live in crypto 2017-03-24 22:02:56 +08:00
memneq.c
michael_mic.c
pcbc.c crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
pcrypt.c crypto: pcrypt - fix freeing pcrypt instances 2017-12-22 19:02:47 +11:00
poly1305_generic.c crypto: poly1305 - remove ->setkey() method 2018-01-12 23:03:14 +11:00
proc.c crypto: algapi - convert cra_refcnt to refcount_t 2018-01-05 18:43:09 +11:00
ripemd.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rmd128.c crypto: drop unnecessary return statements 2017-09-22 17:43:28 +08:00
rmd160.c crypto: drop unnecessary return statements 2017-09-22 17:43:28 +08:00
rmd256.c crypto: drop unnecessary return statements 2017-09-22 17:43:28 +08:00
rmd320.c crypto: drop unnecessary return statements 2017-09-22 17:43:28 +08:00
rng.c crypto: rng - ensure that the RNG is ready before using 2017-07-28 17:56:00 +08:00
rsa_helper.c crypto: rsa - fix buffer overread when stripping leading zeroes 2017-11-29 13:39:14 +11:00
rsa-pkcs1pad.c crypto: remove redundant backlog checks on EBUSY 2017-11-03 22:11:17 +08:00
rsa.c crypto: rsa - comply with crypto_akcipher_maxsize() 2017-06-10 12:04:30 +08:00
rsaprivkey.asn1
rsapubkey.asn1
salsa20_generic.c crypto: salsa20 - export generic helpers 2018-01-12 23:03:42 +11:00
scatterwalk.c
scompress.c crypto: scompress - use sgl_alloc() and sgl_free() 2018-01-06 09:18:00 -07:00
seed.c
seqiv.c crypto: seqiv - Remove unused alg/spawn variable 2017-12-22 19:52:45 +11:00
serpent_generic.c crypto: serpent - improve __serpent_setkey with UBSAN 2017-08-09 20:17:54 +08:00
sha1_generic.c
sha3_generic.c crypto: sha3-generic - Use __optimize to support old compilers 2018-02-08 22:38:12 +11:00
sha256_generic.c
sha512_generic.c
shash.c crypto: hash - prevent using keyed hashes without setting key 2018-01-12 23:03:37 +11:00
simd.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
skcipher.c crypto: skcipher - prevent using skciphers without setting key 2018-01-12 23:03:39 +11:00
sm3_generic.c crypto: sm3 - add OSCCA SM3 secure hash 2017-09-22 17:43:07 +08:00
tcrypt.c crypto: tcrypt - free xoutbuf instead of axbuf 2018-01-12 23:03:07 +11:00
tcrypt.h
tea.c
testmgr.c crypto: testmgr - test misuse of result in ahash 2018-01-26 01:10:29 +11:00
testmgr.h crypto: testmgr - add new testcases for sha3 2018-01-26 01:10:34 +11:00
tgr192.c
twofish_common.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
twofish_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
vmac.c
wp512.c
xcbc.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
xor.c kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK 2017-11-15 18:21:04 -08:00
xts.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-11-14 10:52:09 -08:00