lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140731141103.16348.91901.stgit@warthog.procyon.org.uk>
Date:	Thu, 31 Jul 2014 15:11:03 +0100
From:	David Howells <dhowells@...hat.com>
To:	dan.carpenter@...cle.com
Cc:	keyrings@...ux-nfs.org, kexec@...ts.infradead.org,
	linux-kernel@...r.kernel.org, dhowells@...hat.com,
	linux-security-module@...r.kernel.org, vgoyal@...hat.com
Subject: [PATCH] PKCS#7: issuer and subject are mandatory fields in the ASN.1

issuer and subject are mandatory fields in the ASN.1 and so their existence
needn't be tested for.  They are guaranteed to end up with an empty string if
the name material has nothing we can use (see x509_fabricate_name()).

Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
Signed-off-by: David Howells <dhowells@...hat.com>
---
 crypto/asymmetric_keys/pkcs7_verify.c |    6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 51ff36f3a913..c62cf8006e1f 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -190,14 +190,12 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
 		if (ret < 0)
 			return ret;
 
-		if (x509->issuer)
-			pr_debug("- issuer %s\n", x509->issuer);
+		pr_debug("- issuer %s\n", x509->issuer);
 		if (x509->authority)
 			pr_debug("- authkeyid %s\n", x509->authority);
 
 		if (!x509->authority ||
-		    (x509->subject &&
-		     strcmp(x509->subject, x509->issuer) == 0)) {
+		    strcmp(x509->subject, x509->issuer) == 0) {
 			/* If there's no authority certificate specified, then
 			 * the certificate must be self-signed and is the root
 			 * of the chain.  Likewise if the cert is its own

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ