1 files changed, 1 insertions, 80 deletions
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index f83300b6e8c1..382ef0d2ff2e 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -18,60 +18,12 @@
 #include <linux/asn1_decoder.h>
 #include <keys/asymmetric-subtype.h>
 #include <keys/asymmetric-parser.h>
-#include <keys/system_keyring.h>
 #include <crypto/hash.h>
 #include "asymmetric_keys.h"
 #include "public_key.h"
 #include "x509_parser.h"
 /*
- * Find a key in the given keyring by issuer and authority.
- */
-static struct key *x509_request_asymmetric_key(
-        struct key *keyring,
-        const char *signer, size_t signer_len,
-        const char *authority, size_t auth_len)
-{
-        key_ref_t key;
-        char *id;
-        /* Construct an identifier. */
-        id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL);
-        if (!id)
-                return ERR_PTR(-ENOMEM);
-        memcpy(id, signer, signer_len);
-        id[signer_len + 0] = ':';
-        id[signer_len + 1] = ' ';
-        memcpy(id + signer_len + 2, authority, auth_len);
-        id[signer_len + 2 + auth_len] = 0;
-        pr_debug("Look up: \"%s\"\n", id);
-        key = keyring_search(make_key_ref(keyring, 1),
-                             &key_type_asymmetric, id);
-        if (IS_ERR(key))
-                pr_debug("Request for module key '%s' err %ld\n",
-                         id, PTR_ERR(key));
-        kfree(id);
-        if (IS_ERR(key)) {
-                switch (PTR_ERR(key)) {
-                        /* Hide some search errors */
-                case -EACCES:
-                case -ENOTDIR:
-                case -EAGAIN:
-                        return ERR_PTR(-ENOKEY);
-                default:
-                        return ERR_CAST(key);
-                }
-        }
-        pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
-        return key_ref_to_ptr(key);
-}
-/*
 * Set up the signature parameters in an X.509 certificate.  This involves
 * digesting the signed data and extracting the signature.
 */
@@ -151,33 +103,6 @@ int x509_check_signature(const struct public_key *pub,
 EXPORT_SYMBOL_GPL(x509_check_signature);
 /*
- * Check the new certificate against the ones in the trust keyring.  If one of
- * those is the signing key and validates the new certificate, then mark the
- * new certificate as being trusted.
- *
- * Return 0 if the new certificate was successfully validated, 1 if we couldn't
- * find a matching parent certificate in the trusted list and an error if there
- * is a matching certificate but the signature check fails.
- */
-static int x509_validate_trust(struct x509_certificate *cert,
-                               struct key *trust_keyring)
-{
-        const struct public_key *pk;
-        struct key *key;
-        int ret = 1;
-        key = x509_request_asymmetric_key(trust_keyring,
-                                          cert->issuer, strlen(cert->issuer),
-                                          cert->authority,
-                                          strlen(cert->authority));
-        if (!IS_ERR(key))  {
-                pk = key->payload.data;
-                ret = x509_check_signature(pk, cert);
-        }
-        return ret;
-}
-/*
 * Attempt to parse a data blob for a key as an X509 certificate.
 */
 static int x509_key_preparse(struct key_preparsed_payload *prep)
@@ -230,13 +155,9 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
        /* Check the signature on the key if it appears to be self-signed */
        if (!cert->authority ||
            strcmp(cert->fingerprint, cert->authority) == 0) {
-                ret = x509_check_signature(cert->pub, cert); /* self-signed */
+                ret = x509_check_signature(cert->pub, cert);
                if (ret < 0)
                        goto error_free_cert;
-        } else {
-                ret = x509_validate_trust(cert, system_trusted_keyring);
-                if (!ret)
-                        prep->trusted = 1;
        }
        /* Propose a description */

diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index f83300b6e8c1..382ef0d2ff2e 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -18,60 +18,12 @@
18	#include <linux/asn1_decoder.h>	18	#include <linux/asn1_decoder.h>
19	#include <keys/asymmetric-subtype.h>	19	#include <keys/asymmetric-subtype.h>
20	#include <keys/asymmetric-parser.h>	20	#include <keys/asymmetric-parser.h>
21	#include <keys/system_keyring.h>
22	#include <crypto/hash.h>	21	#include <crypto/hash.h>
23	#include "asymmetric_keys.h"	22	#include "asymmetric_keys.h"
24	#include "public_key.h"	23	#include "public_key.h"
25	#include "x509_parser.h"	24	#include "x509_parser.h"
26		25
27	/*	26	/*
28	* Find a key in the given keyring by issuer and authority.
29	*/
30	static struct key *x509_request_asymmetric_key(
31	struct key *keyring,
32	const char *signer, size_t signer_len,
33	const char *authority, size_t auth_len)
34	{
35	key_ref_t key;
36	char *id;
37
38	/* Construct an identifier. */
39	id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL);
40	if (!id)
41	return ERR_PTR(-ENOMEM);
42
43	memcpy(id, signer, signer_len);
44	id[signer_len + 0] = ':';
45	id[signer_len + 1] = ' ';
46	memcpy(id + signer_len + 2, authority, auth_len);
47	id[signer_len + 2 + auth_len] = 0;
48
49	pr_debug("Look up: \"%s\"\n", id);
50
51	key = keyring_search(make_key_ref(keyring, 1),
52	&key_type_asymmetric, id);
53	if (IS_ERR(key))
54	pr_debug("Request for module key '%s' err %ld\n",
55	id, PTR_ERR(key));
56	kfree(id);
57
58	if (IS_ERR(key)) {
59	switch (PTR_ERR(key)) {
60	/* Hide some search errors */
61	case -EACCES:
62	case -ENOTDIR:
63	case -EAGAIN:
64	return ERR_PTR(-ENOKEY);
65	default:
66	return ERR_CAST(key);
67	}
68	}
69
70	pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
71	return key_ref_to_ptr(key);
72	}
73
74	/*
75	* Set up the signature parameters in an X.509 certificate. This involves	27	* Set up the signature parameters in an X.509 certificate. This involves
76	* digesting the signed data and extracting the signature.	28	* digesting the signed data and extracting the signature.
77	*/	29	*/
@@ -151,33 +103,6 @@ int x509_check_signature(const struct public_key *pub,
151	EXPORT_SYMBOL_GPL(x509_check_signature);	103	EXPORT_SYMBOL_GPL(x509_check_signature);
152		104
153	/*	105	/*
154	* Check the new certificate against the ones in the trust keyring. If one of
155	* those is the signing key and validates the new certificate, then mark the
156	* new certificate as being trusted.
157	*
158	* Return 0 if the new certificate was successfully validated, 1 if we couldn't
159	* find a matching parent certificate in the trusted list and an error if there
160	* is a matching certificate but the signature check fails.
161	*/
162	static int x509_validate_trust(struct x509_certificate *cert,
163	struct key *trust_keyring)
164	{
165	const struct public_key *pk;
166	struct key *key;
167	int ret = 1;
168
169	key = x509_request_asymmetric_key(trust_keyring,
170	cert->issuer, strlen(cert->issuer),
171	cert->authority,
172	strlen(cert->authority));
173	if (!IS_ERR(key)) {
174	pk = key->payload.data;
175	ret = x509_check_signature(pk, cert);
176	}
177	return ret;
178	}
179
180	/*
181	* Attempt to parse a data blob for a key as an X509 certificate.	106	* Attempt to parse a data blob for a key as an X509 certificate.
182	*/	107	*/
183	static int x509_key_preparse(struct key_preparsed_payload *prep)	108	static int x509_key_preparse(struct key_preparsed_payload *prep)
@@ -230,13 +155,9 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
230	/* Check the signature on the key if it appears to be self-signed */	155	/* Check the signature on the key if it appears to be self-signed */
231	if (!cert->authority \|\|	156	if (!cert->authority \|\|
232	strcmp(cert->fingerprint, cert->authority) == 0) {	157	strcmp(cert->fingerprint, cert->authority) == 0) {
233	ret = x509_check_signature(cert->pub, cert); /* self-signed */	158	ret = x509_check_signature(cert->pub, cert);
234	if (ret < 0)	159	if (ret < 0)
235	goto error_free_cert;	160	goto error_free_cert;
236	} else {
237	ret = x509_validate_trust(cert, system_trusted_keyring);
238	if (!ret)
239	prep->trusted = 1;
240	}	161	}
241		162
242	/* Propose a description */	163	/* Propose a description */