* [PATCH] PKCS#7: issuer and subject are mandatory fields in the ASN.1
@ 2014-07-31 14:11 David Howells
2014-08-01 16:03 ` Vivek Goyal
0 siblings, 1 reply; 2+ messages in thread
From: David Howells @ 2014-07-31 14:11 UTC (permalink / raw)
To: dan.carpenter
Cc: keyrings, kexec, linux-kernel, dhowells, linux-security-module,
vgoyal
issuer and subject are mandatory fields in the ASN.1 and so their existence
needn't be tested for. They are guaranteed to end up with an empty string if
the name material has nothing we can use (see x509_fabricate_name()).
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
crypto/asymmetric_keys/pkcs7_verify.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 51ff36f3a913..c62cf8006e1f 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -190,14 +190,12 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
if (ret < 0)
return ret;
- if (x509->issuer)
- pr_debug("- issuer %s\n", x509->issuer);
+ pr_debug("- issuer %s\n", x509->issuer);
if (x509->authority)
pr_debug("- authkeyid %s\n", x509->authority);
if (!x509->authority ||
- (x509->subject &&
- strcmp(x509->subject, x509->issuer) == 0)) {
+ strcmp(x509->subject, x509->issuer) == 0) {
/* If there's no authority certificate specified, then
* the certificate must be self-signed and is the root
* of the chain. Likewise if the cert is its own
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] PKCS#7: issuer and subject are mandatory fields in the ASN.1
2014-07-31 14:11 [PATCH] PKCS#7: issuer and subject are mandatory fields in the ASN.1 David Howells
@ 2014-08-01 16:03 ` Vivek Goyal
0 siblings, 0 replies; 2+ messages in thread
From: Vivek Goyal @ 2014-08-01 16:03 UTC (permalink / raw)
To: David Howells
Cc: dan.carpenter, keyrings, kexec, linux-kernel,
linux-security-module
On Thu, Jul 31, 2014 at 03:11:03PM +0100, David Howells wrote:
> issuer and subject are mandatory fields in the ASN.1 and so their existence
> needn't be tested for. They are guaranteed to end up with an empty string if
> the name material has nothing we can use (see x509_fabricate_name()).
>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: David Howells <dhowells@redhat.com>
Looks good to me.
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Thanks
Vivek
> ---
> crypto/asymmetric_keys/pkcs7_verify.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
> index 51ff36f3a913..c62cf8006e1f 100644
> --- a/crypto/asymmetric_keys/pkcs7_verify.c
> +++ b/crypto/asymmetric_keys/pkcs7_verify.c
> @@ -190,14 +190,12 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
> if (ret < 0)
> return ret;
>
> - if (x509->issuer)
> - pr_debug("- issuer %s\n", x509->issuer);
> + pr_debug("- issuer %s\n", x509->issuer);
> if (x509->authority)
> pr_debug("- authkeyid %s\n", x509->authority);
>
> if (!x509->authority ||
> - (x509->subject &&
> - strcmp(x509->subject, x509->issuer) == 0)) {
> + strcmp(x509->subject, x509->issuer) == 0) {
> /* If there's no authority certificate specified, then
> * the certificate must be self-signed and is the root
> * of the chain. Likewise if the cert is its own
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-08-01 16:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-31 14:11 [PATCH] PKCS#7: issuer and subject are mandatory fields in the ASN.1 David Howells
2014-08-01 16:03 ` Vivek Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox