aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/asymmetric_keys
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2014-07-31 09:46:44 -0400
committerDavid Howells <dhowells@redhat.com>2014-07-31 09:46:44 -0400
commit412eccbadfbb1521e62ae53db57d782d6bc36993 (patch)
treeb586323b6a88ebb192178eec2c6955db2a1d901a /crypto/asymmetric_keys
parent5ce43ad28262115a1eab866392f8cfb985094160 (diff)
PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1
X.509 certificate issuer and subject fields are mandatory fields in the ASN.1 and so their existence needn't be tested for. They are guaranteed to end up with an empty string if the name material has nothing we can use (see x509_fabricate_name()). Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com>
Diffstat (limited to 'crypto/asymmetric_keys')
-rw-r--r--crypto/asymmetric_keys/pkcs7_verify.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 51ff36f3a913..c62cf8006e1f 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -190,14 +190,12 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
190 if (ret < 0) 190 if (ret < 0)
191 return ret; 191 return ret;
192 192
193 if (x509->issuer) 193 pr_debug("- issuer %s\n", x509->issuer);
194 pr_debug("- issuer %s\n", x509->issuer);
195 if (x509->authority) 194 if (x509->authority)
196 pr_debug("- authkeyid %s\n", x509->authority); 195 pr_debug("- authkeyid %s\n", x509->authority);
197 196
198 if (!x509->authority || 197 if (!x509->authority ||
199 (x509->subject && 198 strcmp(x509->subject, x509->issuer) == 0) {
200 strcmp(x509->subject, x509->issuer) == 0)) {
201 /* If there's no authority certificate specified, then 199 /* If there's no authority certificate specified, then
202 * the certificate must be self-signed and is the root 200 * the certificate must be self-signed and is the root
203 * of the chain. Likewise if the cert is its own 201 * of the chain. Likewise if the cert is its own