PKCS#7: Make trust determination dependent on contents of trust keyring
authorDavid Howells <dhowells@redhat.com>
Wed, 6 Apr 2016 15:14:24 +0000 (16:14 +0100)
committerDavid Howells <dhowells@redhat.com>
Wed, 6 Apr 2016 15:14:24 +0000 (16:14 +0100)
commitbda850cd214e90b1be0cc25bc48c4f6ac53eb543
treeacb936239ac766592c557295aec265ec9a2d04fb
parente68503bd6836ba765dc8e0ee77ea675fedc07e41
PKCS#7: Make trust determination dependent on contents of trust keyring

Make the determination of the trustworthiness of a key dependent on whether
a key that can verify it is present in the supplied ring of trusted keys
rather than whether or not the verifying key has KEY_FLAG_TRUSTED set.

verify_pkcs7_signature() will return -ENOKEY if the PKCS#7 message trust
chain cannot be verified.

Signed-off-by: David Howells <dhowells@redhat.com>
certs/system_keyring.c
crypto/asymmetric_keys/pkcs7_key_type.c
crypto/asymmetric_keys/pkcs7_parser.h
crypto/asymmetric_keys/pkcs7_trust.c
crypto/asymmetric_keys/verify_pefile.c
crypto/asymmetric_keys/x509_parser.h
include/crypto/pkcs7.h
include/linux/verification.h
kernel/module_signing.c