summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--crypto/asymmetric_keys/restrict.c21
1 files changed, 13 insertions, 8 deletions
diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c
index 86fb68508952..7c93c7728454 100644
--- a/crypto/asymmetric_keys/restrict.c
+++ b/crypto/asymmetric_keys/restrict.c
@@ -67,8 +67,9 @@ __setup("ca_keys=", ca_keys_setup);
67 * 67 *
68 * Returns 0 if the new certificate was accepted, -ENOKEY if we couldn't find a 68 * Returns 0 if the new certificate was accepted, -ENOKEY if we couldn't find a
69 * matching parent certificate in the trusted list, -EKEYREJECTED if the 69 * matching parent certificate in the trusted list, -EKEYREJECTED if the
70 * signature check fails or the key is blacklisted and some other error if 70 * signature check fails or the key is blacklisted, -ENOPKG if the signature
71 * there is a matching certificate but the signature check cannot be performed. 71 * uses unsupported crypto, or some other error if there is a matching
72 * certificate but the signature check cannot be performed.
72 */ 73 */
73int restrict_link_by_signature(struct key *dest_keyring, 74int restrict_link_by_signature(struct key *dest_keyring,
74 const struct key_type *type, 75 const struct key_type *type,
@@ -88,6 +89,8 @@ int restrict_link_by_signature(struct key *dest_keyring,
88 return -EOPNOTSUPP; 89 return -EOPNOTSUPP;
89 90
90 sig = payload->data[asym_auth]; 91 sig = payload->data[asym_auth];
92 if (!sig)
93 return -ENOPKG;
91 if (!sig->auth_ids[0] && !sig->auth_ids[1]) 94 if (!sig->auth_ids[0] && !sig->auth_ids[1])
92 return -ENOKEY; 95 return -ENOKEY;
93 96
@@ -139,6 +142,8 @@ static int key_or_keyring_common(struct key *dest_keyring,
139 return -EOPNOTSUPP; 142 return -EOPNOTSUPP;
140 143
141 sig = payload->data[asym_auth]; 144 sig = payload->data[asym_auth];
145 if (!sig)
146 return -ENOPKG;
142 if (!sig->auth_ids[0] && !sig->auth_ids[1]) 147 if (!sig->auth_ids[0] && !sig->auth_ids[1])
143 return -ENOKEY; 148 return -ENOKEY;
144 149
@@ -222,9 +227,9 @@ static int key_or_keyring_common(struct key *dest_keyring,
222 * 227 *
223 * Returns 0 if the new certificate was accepted, -ENOKEY if we 228 * Returns 0 if the new certificate was accepted, -ENOKEY if we
224 * couldn't find a matching parent certificate in the trusted list, 229 * couldn't find a matching parent certificate in the trusted list,
225 * -EKEYREJECTED if the signature check fails, and some other error if 230 * -EKEYREJECTED if the signature check fails, -ENOPKG if the signature uses
226 * there is a matching certificate but the signature check cannot be 231 * unsupported crypto, or some other error if there is a matching certificate
227 * performed. 232 * but the signature check cannot be performed.
228 */ 233 */
229int restrict_link_by_key_or_keyring(struct key *dest_keyring, 234int restrict_link_by_key_or_keyring(struct key *dest_keyring,
230 const struct key_type *type, 235 const struct key_type *type,
@@ -249,9 +254,9 @@ int restrict_link_by_key_or_keyring(struct key *dest_keyring,
249 * 254 *
250 * Returns 0 if the new certificate was accepted, -ENOKEY if we 255 * Returns 0 if the new certificate was accepted, -ENOKEY if we
251 * couldn't find a matching parent certificate in the trusted list, 256 * couldn't find a matching parent certificate in the trusted list,
252 * -EKEYREJECTED if the signature check fails, and some other error if 257 * -EKEYREJECTED if the signature check fails, -ENOPKG if the signature uses
253 * there is a matching certificate but the signature check cannot be 258 * unsupported crypto, or some other error if there is a matching certificate
254 * performed. 259 * but the signature check cannot be performed.
255 */ 260 */
256int restrict_link_by_key_or_keyring_chain(struct key *dest_keyring, 261int restrict_link_by_key_or_keyring_chain(struct key *dest_keyring,
257 const struct key_type *type, 262 const struct key_type *type,
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-17 20:30:16 -0400