]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit - certs/system_keyring.c
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e68503b) | patch
PKCS#7: Make trust determination dependent on contents of trust keyring
authorDavid Howells <dhowells@redhat.com>
Wed, 6 Apr 2016 15:14:24 +0000 (16:14 +0100)
committerDavid Howells <dhowells@redhat.com>
Wed, 6 Apr 2016 15:14:24 +0000 (16:14 +0100)
commitbda850cd214e90b1be0cc25bc48c4f6ac53eb543
treeacb936239ac766592c557295aec265ec9a2d04fbtree
parente68503bd6836ba765dc8e0ee77ea675fedc07e41commit | diff
PKCS#7: Make trust determination dependent on contents of trust keyring

Make the determination of the trustworthiness of a key dependent on whether
a key that can verify it is present in the supplied ring of trusted keys
rather than whether or not the verifying key has KEY_FLAG_TRUSTED set.

verify_pkcs7_signature() will return -ENOKEY if the PKCS#7 message trust
chain cannot be verified.

Signed-off-by: David Howells <dhowells@redhat.com>
certs/system_keyring.c diff | blob | blame | history
crypto/asymmetric_keys/pkcs7_key_type.c diff | blob | blame | history
crypto/asymmetric_keys/pkcs7_parser.h diff | blob | blame | history
crypto/asymmetric_keys/pkcs7_trust.c diff | blob | blame | history
crypto/asymmetric_keys/verify_pefile.c diff | blob | blame | history
crypto/asymmetric_keys/x509_parser.h diff | blob | blame | history
include/crypto/pkcs7.h diff | blob | blame | history
include/linux/verification.h diff | blob | blame | history
kernel/module_signing.c diff | blob | blame | history
Ubuntu Artful kernel mirror