iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9dc4030c87b77f7856b7d1388ad908e6a6d5f363
linux/crypto
History
Eric Biggers 29e76b211e PKCS#7: fix certificate blacklisting 
commit 29f4a67c17 upstream.

If there is a blacklisted certificate in a SignerInfo's certificate
chain, then pkcs7_verify_sig_chain() sets sinfo->blacklisted and returns
0.  But, pkcs7_verify() fails to handle this case appropriately, as it
actually continues on to the line 'actual_ret = 0;', indicating that the
SignerInfo has passed verification.  Consequently, PKCS#7 signature
verification ignores the certificate blacklist.

Fix this by not considering blacklisted SignerInfos to have passed
verification.

Also fix the function comment with regards to when 0 is returned.

Fixes: 03bb79315d ("PKCS#7: Handle blacklisted certificates")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-28 10:19:39 +01:00
..
asymmetric_keys
PKCS#7: fix certificate blacklisting
2018-02-28 10:19:39 +01:00
async_tx
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
.gitignore
crypto: rsa - add .gitignore for crypto/*.-asn1.[ch] files
2015-06-25 23:29:24 +08:00
842.c
crypto: acomp - add support for 842 via scomp
2016-10-25 11:08:33 +08:00
ablk_helper.c
crypto: ablk_helper - Fix cryptd reordering
2016-06-23 18:29:53 +08:00
ablkcipher.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
acompress.c
crypto: acomp - allow registration of multiple acomps
2017-04-21 20:30:50 +08:00
aead.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
aes_generic.c
crypto: aes-generic - drop alignment requirement
2017-02-11 17:50:43 +08:00
aes_ti.c
crypto: aes_ti - fix comment for MixColumns step
2017-06-19 14:11:53 +08:00
af_alg.c
crypto: af_alg - whitelist mask and type
2018-02-03 17:38:51 +01:00
ahash.c
crypto: hash - prevent using keyed hashes without setting key
2018-02-16 20:23:00 +01:00
akcipher.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
algapi.c
crypto: algapi - fix NULL dereference in crypto_remove_spawns()
2018-01-17 09:45:23 +01:00
algboss.c
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
algif_aead.c
crypto: af_alg - fix race accessing cipher request
2017-12-29 17:53:46 +01:00
algif_hash.c
crypto: hash - prevent using keyed hashes without setting key
2018-02-16 20:23:00 +01:00
algif_rng.c
crypto: algif_rng - Remove obsolete const-removal cast
2015-04-22 09:30:21 +08:00
algif_skcipher.c
crypto: af_alg - fix race accessing cipher request
2017-12-29 17:53:46 +01:00
ansi_cprng.c
crypto: ansi_cprng - Convert to new rng interface
2015-04-22 09:30:18 +08:00
anubis.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
api.c
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
arc4.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
authenc.c
crypto: skcipher - Get rid of crypto_spawn_skcipher2()
2016-11-01 08:37:17 +08:00
authencesn.c
crypto: authencesn - Fix digest_null crash
2017-07-18 17:01:11 +08:00
blkcipher.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
blowfish_common.c
blowfish_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
camellia_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
cast5_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
cast6_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
cast_common.c
crypto: make tables used from assembler __visible
2013-08-14 20:42:03 +10:00
cbc.c
crypto: cbc - Propagate NEED_FALLBACK bit
2017-03-09 18:34:39 +08:00
ccm.c
crypto: ccm - preserve the IV buffer
2017-11-03 21:35:35 +08:00
chacha20_generic.c
crypto: chacha20 - fix handling of chunked input
2017-08-22 14:45:47 +08:00
chacha20poly1305.c
crypto: chacha20poly1305 - validate the digest size
2018-01-10 09:31:18 +01:00
cipher.c
crypto: api - Remove no-op exit_ops code
2016-10-21 11:03:42 +08:00
cmac.c
crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic
2017-02-11 17:52:28 +08:00
compress.c
crypto: api - Remove no-op exit_ops code
2016-10-21 11:03:42 +08:00
crc32_generic.c
crypto: hash - annotate algorithms taking optional key
2018-02-16 20:23:00 +01:00
crc32c_generic.c
crypto: hash - annotate algorithms taking optional key
2018-02-16 20:23:00 +01:00
crct10dif_common.c
crypto: crct10dif - Add fallback for broken initrds
2013-09-12 15:31:34 +10:00
crct10dif_generic.c
crypto: squash lines for simple wrapper functions
2016-09-13 20:27:26 +08:00
cryptd.c
crypto: hash - annotate algorithms taking optional key
2018-02-16 20:23:00 +01:00
crypto_engine.c
crypto: engine - replace pr_xxx by dev_xxx
2017-06-19 14:19:54 +08:00
crypto_null.c
crypto: null - Remove default null blkcipher
2016-07-18 17:35:44 +08:00
crypto_user.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2017-05-02 16:40:27 -07:00
crypto_wq.c
crypto: crypto_wq - Fix late crypto work queue initialization
2014-03-21 21:54:28 +08:00
ctr.c
crypto: algapi - make crypto_xor() take separate dst and src arguments
2017-08-04 09:27:15 +08:00
cts.c
crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic
2017-02-11 17:52:28 +08:00
deflate.c
crypto: scomp - add support for deflate rfc1950 (zlib)
2017-04-24 18:11:08 +08:00
des_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
dh_helper.c
crypto: dh - Don't permit 'key' or 'g' size longer than 'p'
2017-11-21 09:49:21 +01:00
dh.c
crypto: dh - Fix double free of ctx->p
2017-11-21 09:49:20 +01:00
drbg.c
crypto: drbg - fix freeing of resources
2017-09-20 17:42:29 +08:00
ecb.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
ecc_curve_defs.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ecc.c
crypto: ecdh - add privkey generation support
2017-06-10 12:04:35 +08:00
ecc.h
crypto: ecdh - add privkey generation support
2017-06-10 12:04:35 +08:00
ecdh_helper.c
crypto: kpp, (ec)dh - fix typos
2017-06-10 12:04:25 +08:00
ecdh.c
crypto: ecdh - fix concurrency on shared secret and pubkey
2017-08-03 13:47:22 +08:00
echainiv.c
crypto: echainiv - Replace chaining with multiplication
2016-09-13 18:44:57 +08:00
fcrypt.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
fips.c
crypto: fips - Move fips_enabled sysctl into fips.c
2015-04-23 14:18:09 +08:00
gcm.c
crypto: gcm - wait for crypto op not signal safe
2017-05-23 12:45:11 +08:00
gf128mul.c
crypto: gf128mul - define gf128mul_x_* in gf128mul.h
2017-04-05 21:58:35 +08:00
ghash-generic.c
crypto: ghash-generic - move common definitions to a new header file
2016-10-02 22:26:40 +08:00
hash_info.c
keys, trusted: select hash algorithm for TPM2 chips
2015-12-20 15:27:12 +02:00
hmac.c
crypto: hmac - require that the underlying hash algorithm is unkeyed
2017-12-20 10:10:17 +01:00
internal.h
crypto: api - Remove no-op exit_ops code
2016-10-21 11:03:42 +08:00
jitterentropy-kcapi.c
crypto: jitterentropy - drop duplicate header module.h
2016-11-17 23:34:52 +08:00
jitterentropy.c
crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree"
2015-06-25 23:18:33 +08:00
Kconfig
crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
2018-02-03 17:38:48 +01:00
keywrap.c
crypto: keywrap - memzero the correct memory
2016-02-01 22:27:05 +08:00
khazad.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
kpp.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
lrw.c
crypto: lrw - Fix an error handling path in 'create()'
2017-12-25 14:26:25 +01:00
lz4.c
crypto: lz4 - fixed decompress function to return error code
2017-04-10 19:17:27 +08:00
lz4hc.c
crypto: lz4 - fixed decompress function to return error code
2017-04-10 19:17:27 +08:00
lzo.c
treewide: use kv[mz]alloc* rather than opencoded variants
2017-05-08 17:15:13 -07:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mcryptd.c
crypto: hash - annotate algorithms taking optional key
2018-02-16 20:23:00 +01:00
md4.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
md5.c
md5: remove from lib and only live in crypto
2017-03-24 22:02:56 +08:00
memneq.c
crypto: memneq - fix for archs without efficient unaligned access
2013-12-09 20:09:12 +08:00
michael_mic.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
pcbc.c
crypto: algapi - make crypto_xor() take separate dst and src arguments
2017-08-04 09:27:15 +08:00
pcrypt.c
crypto: pcrypt - fix freeing pcrypt instances
2018-01-10 09:31:18 +01:00
poly1305_generic.c
crypto: poly1305 - remove ->setkey() method
2018-02-16 20:23:00 +01:00
proc.c
crypto: fips - Move fips_enabled sysctl into fips.c
2015-04-23 14:18:09 +08:00
ripemd.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
rmd128.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rmd160.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rmd256.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rmd320.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rng.c
crypto: rng - ensure that the RNG is ready before using
2017-07-28 17:56:00 +08:00
rsa_helper.c
crypto: rsa - fix buffer overread when stripping leading zeroes
2017-12-20 10:10:17 +01:00
rsa-pkcs1pad.c
crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
2017-06-20 11:21:19 +08:00
rsa.c
crypto: rsa - comply with crypto_akcipher_maxsize()
2017-06-10 12:04:30 +08:00
rsaprivkey.asn1
crypto: rsa - Store rest of the private key components
2016-07-05 23:05:26 +08:00
rsapubkey.asn1
crypto: akcipher - Changes to asymmetric key API
2015-10-14 22:23:16 +08:00
salsa20_generic.c
crypto: salsa20 - fix blkcipher_walk API usage
2017-12-20 10:10:17 +01:00
scatterwalk.c
crypto: scatterwalk - Remove unnecessary aliasing check in map_and_copy
2016-11-22 15:02:25 +08:00
scompress.c
crypto: scompress - defer allocation of scratch buffer to first use
2017-08-03 13:52:44 +08:00
seed.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
seqiv.c
crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic
2017-02-11 17:52:28 +08:00
serpent_generic.c
crypto: serpent - improve __serpent_setkey with UBSAN
2017-08-09 20:17:54 +08:00
sha1_generic.c
crypto: hash - add zero length message hash for shax and md5
2015-12-22 20:43:35 +08:00
sha3_generic.c
crypto: sha3-generic - fixes for alignment and big endian operation
2018-02-03 17:38:51 +01:00
sha256_generic.c
crypto: hash - add zero length message hash for shax and md5
2015-12-22 20:43:35 +08:00
sha512_generic.c
crypto: sha512-generic - move to generic glue implementation
2015-04-10 21:39:41 +08:00
shash.c
crypto: hash - prevent using keyed hashes without setting key
2018-02-16 20:23:00 +01:00
simd.c
crypto: simd - Add simd skcipher helper
2016-11-28 21:23:18 +08:00
skcipher.c
crypto: skcipher - set walk.iv for zero-length inputs
2017-12-29 17:53:45 +01:00
tcrypt.c
crypto: tcrypt - fix S/G table for test_aead_speed()
2018-02-13 10:19:49 +01:00
tcrypt.h
crypto: tcrypt - Add ChaCha20/Poly1305 speed tests
2015-07-17 21:20:20 +08:00
tea.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
testmgr.c
crypto: testmgr - Reenable sha1/aes in FIPS mode
2017-06-28 22:18:58 +08:00
testmgr.h
crypto: testmgr - add chunked test cases for chacha20
2017-08-22 14:45:48 +08:00
tgr192.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
twofish_common.c
crypto: twofish-x86_64-3way - add lrw support
2011-11-09 11:53:32 +08:00
twofish_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
vmac.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
wp512.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
xcbc.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
xor.c
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
2018-02-22 15:42:23 +01:00
xts.c
crypto: xts - Fix an error handling path in 'create()'
2017-10-07 12:04:31 +08:00