* [PATCH] PKCS#7: issuer and subject are mandatory fields in the ASN.1
@ 2014-07-31 14:11 ` David Howells
0 siblings, 0 replies; 4+ messages in thread
From: David Howells @ 2014-07-31 14:11 UTC (permalink / raw)
To: dan.carpenter
Cc: keyrings, kexec, linux-kernel, dhowells, linux-security-module,
vgoyal
issuer and subject are mandatory fields in the ASN.1 and so their existence
needn't be tested for. They are guaranteed to end up with an empty string if
the name material has nothing we can use (see x509_fabricate_name()).
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
crypto/asymmetric_keys/pkcs7_verify.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 51ff36f3a913..c62cf8006e1f 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -190,14 +190,12 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
if (ret < 0)
return ret;
- if (x509->issuer)
- pr_debug("- issuer %s\n", x509->issuer);
+ pr_debug("- issuer %s\n", x509->issuer);
if (x509->authority)
pr_debug("- authkeyid %s\n", x509->authority);
if (!x509->authority ||
- (x509->subject &&
- strcmp(x509->subject, x509->issuer) == 0)) {
+ strcmp(x509->subject, x509->issuer) == 0) {
/* If there's no authority certificate specified, then
* the certificate must be self-signed and is the root
* of the chain. Likewise if the cert is its own
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] PKCS#7: issuer and subject are mandatory fields in the ASN.1
@ 2014-07-31 14:11 ` David Howells
0 siblings, 0 replies; 4+ messages in thread
From: David Howells @ 2014-07-31 14:11 UTC (permalink / raw)
To: dan.carpenter
Cc: keyrings, kexec, linux-kernel, dhowells, linux-security-module,
vgoyal
issuer and subject are mandatory fields in the ASN.1 and so their existence
needn't be tested for. They are guaranteed to end up with an empty string if
the name material has nothing we can use (see x509_fabricate_name()).
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
crypto/asymmetric_keys/pkcs7_verify.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 51ff36f3a913..c62cf8006e1f 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -190,14 +190,12 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
if (ret < 0)
return ret;
- if (x509->issuer)
- pr_debug("- issuer %s\n", x509->issuer);
+ pr_debug("- issuer %s\n", x509->issuer);
if (x509->authority)
pr_debug("- authkeyid %s\n", x509->authority);
if (!x509->authority ||
- (x509->subject &&
- strcmp(x509->subject, x509->issuer) == 0)) {
+ strcmp(x509->subject, x509->issuer) == 0) {
/* If there's no authority certificate specified, then
* the certificate must be self-signed and is the root
* of the chain. Likewise if the cert is its own
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] PKCS#7: issuer and subject are mandatory fields in the ASN.1
2014-07-31 14:11 ` David Howells
@ 2014-08-01 16:03 ` Vivek Goyal
-1 siblings, 0 replies; 4+ messages in thread
From: Vivek Goyal @ 2014-08-01 16:03 UTC (permalink / raw)
To: David Howells
Cc: linux-security-module, keyrings, kexec, linux-kernel,
dan.carpenter
On Thu, Jul 31, 2014 at 03:11:03PM +0100, David Howells wrote:
> issuer and subject are mandatory fields in the ASN.1 and so their existence
> needn't be tested for. They are guaranteed to end up with an empty string if
> the name material has nothing we can use (see x509_fabricate_name()).
>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: David Howells <dhowells@redhat.com>
Looks good to me.
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Thanks
Vivek
> ---
> crypto/asymmetric_keys/pkcs7_verify.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
> index 51ff36f3a913..c62cf8006e1f 100644
> --- a/crypto/asymmetric_keys/pkcs7_verify.c
> +++ b/crypto/asymmetric_keys/pkcs7_verify.c
> @@ -190,14 +190,12 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
> if (ret < 0)
> return ret;
>
> - if (x509->issuer)
> - pr_debug("- issuer %s\n", x509->issuer);
> + pr_debug("- issuer %s\n", x509->issuer);
> if (x509->authority)
> pr_debug("- authkeyid %s\n", x509->authority);
>
> if (!x509->authority ||
> - (x509->subject &&
> - strcmp(x509->subject, x509->issuer) == 0)) {
> + strcmp(x509->subject, x509->issuer) == 0) {
> /* If there's no authority certificate specified, then
> * the certificate must be self-signed and is the root
> * of the chain. Likewise if the cert is its own
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] PKCS#7: issuer and subject are mandatory fields in the ASN.1
@ 2014-08-01 16:03 ` Vivek Goyal
0 siblings, 0 replies; 4+ messages in thread
From: Vivek Goyal @ 2014-08-01 16:03 UTC (permalink / raw)
To: David Howells
Cc: dan.carpenter, keyrings, kexec, linux-kernel,
linux-security-module
On Thu, Jul 31, 2014 at 03:11:03PM +0100, David Howells wrote:
> issuer and subject are mandatory fields in the ASN.1 and so their existence
> needn't be tested for. They are guaranteed to end up with an empty string if
> the name material has nothing we can use (see x509_fabricate_name()).
>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: David Howells <dhowells@redhat.com>
Looks good to me.
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Thanks
Vivek
> ---
> crypto/asymmetric_keys/pkcs7_verify.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
> index 51ff36f3a913..c62cf8006e1f 100644
> --- a/crypto/asymmetric_keys/pkcs7_verify.c
> +++ b/crypto/asymmetric_keys/pkcs7_verify.c
> @@ -190,14 +190,12 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
> if (ret < 0)
> return ret;
>
> - if (x509->issuer)
> - pr_debug("- issuer %s\n", x509->issuer);
> + pr_debug("- issuer %s\n", x509->issuer);
> if (x509->authority)
> pr_debug("- authkeyid %s\n", x509->authority);
>
> if (!x509->authority ||
> - (x509->subject &&
> - strcmp(x509->subject, x509->issuer) == 0)) {
> + strcmp(x509->subject, x509->issuer) == 0) {
> /* If there's no authority certificate specified, then
> * the certificate must be self-signed and is the root
> * of the chain. Likewise if the cert is its own
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-08-01 16:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-31 14:11 [PATCH] PKCS#7: issuer and subject are mandatory fields in the ASN.1 David Howells
2014-07-31 14:11 ` David Howells
2014-08-01 16:03 ` Vivek Goyal
2014-08-01 16:03 ` Vivek Goyal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.