1 files changed, 4 insertions, 9 deletions
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index a83bffedc0aa..dc18869ff680 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -121,7 +121,6 @@ late_initcall(load_system_certificate_list);
 int verify_pkcs7_signature(const void *data, size_t len,
                           const void *raw_pkcs7, size_t pkcs7_len,
                           struct key *trusted_keys,
-                           int untrusted_error,
                           enum key_being_used_for usage,
                           int (*view_content)(void *ctx,
                                               const void *data, size_t len,
@@ -129,7 +128,6 @@ int verify_pkcs7_signature(const void *data, size_t len,
                           void *ctx)
 {
        struct pkcs7_message *pkcs7;
-        bool trusted;
        int ret;
        pkcs7 = pkcs7_parse_message(raw_pkcs7, pkcs7_len);
@@ -149,13 +147,10 @@ int verify_pkcs7_signature(const void *data, size_t len,
        if (!trusted_keys)
                trusted_keys = system_trusted_keyring;
-        ret = pkcs7_validate_trust(pkcs7, trusted_keys, &trusted);
+        ret = pkcs7_validate_trust(pkcs7, trusted_keys);
-        if (ret < 0)
+        if (ret < 0) {
-                goto error;
+                if (ret == -ENOKEY)
+                        pr_err("PKCS#7 signature not signed with a trusted key\n");
-        if (!trusted && untrusted_error) {
-                pr_err("PKCS#7 signature not signed with a trusted key\n");
-                ret = untrusted_error;
                goto error;
        }

diff --git a/certs/system_keyring.c b/certs/system_keyring.c index a83bffedc0aa..dc18869ff680 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c
@@ -121,7 +121,6 @@ late_initcall(load_system_certificate_list);
121	int verify_pkcs7_signature(const void *data, size_t len,	121	int verify_pkcs7_signature(const void *data, size_t len,
122	const void *raw_pkcs7, size_t pkcs7_len,	122	const void *raw_pkcs7, size_t pkcs7_len,
123	struct key *trusted_keys,	123	struct key *trusted_keys,
124	int untrusted_error,
125	enum key_being_used_for usage,	124	enum key_being_used_for usage,
126	int (view_content)(void ctx,	125	int (view_content)(void ctx,
127	const void *data, size_t len,	126	const void *data, size_t len,
@@ -129,7 +128,6 @@ int verify_pkcs7_signature(const void *data, size_t len,
129	void *ctx)	128	void *ctx)
130	{	129	{
131	struct pkcs7_message *pkcs7;	130	struct pkcs7_message *pkcs7;
132	bool trusted;
133	int ret;	131	int ret;
134		132
135	pkcs7 = pkcs7_parse_message(raw_pkcs7, pkcs7_len);	133	pkcs7 = pkcs7_parse_message(raw_pkcs7, pkcs7_len);
@@ -149,13 +147,10 @@ int verify_pkcs7_signature(const void *data, size_t len,
149		147
150	if (!trusted_keys)	148	if (!trusted_keys)
151	trusted_keys = system_trusted_keyring;	149	trusted_keys = system_trusted_keyring;
152	ret = pkcs7_validate_trust(pkcs7, trusted_keys, &trusted);	150	ret = pkcs7_validate_trust(pkcs7, trusted_keys);
153	if (ret < 0)	151	if (ret < 0) {
154	goto error;	152	if (ret == -ENOKEY)
155		153	pr_err("PKCS#7 signature not signed with a trusted key\n");
156	if (!trusted && untrusted_error) {
157	pr_err("PKCS#7 signature not signed with a trusted key\n");
158	ret = untrusted_error;
159	goto error;	154	goto error;
160	}	155	}
161		156