Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 412eccba authored by David Howells's avatar David Howells
Browse files

PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1 



X.509 certificate issuer and subject fields are mandatory fields in the ASN.1
and so their existence needn't be tested for.  They are guaranteed to end up
with an empty string if the name material has nothing we can use (see
x509_fabricate_name()).

Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Acked-by: default avatarVivek Goyal <vgoyal@redhat.com>
parent 5ce43ad2

crypto/asymmetric_keys/pkcs7_verify.c

+2 −4
Original line number Diff line number Diff line
@@ -190,14 +190,12 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7, 
		if (ret < 0)

			return ret;



		if (x509->issuer)

		pr_debug("- issuer %s\n", x509->issuer);

		if (x509->authority)

			pr_debug("- authkeyid %s\n", x509->authority);



		if (!x509->authority ||

		    (x509->subject &&

		     strcmp(x509->subject, x509->issuer) == 0)) {

		    strcmp(x509->subject, x509->issuer) == 0) {

			/* If there's no authority certificate specified, then

			 * the certificate must be self-signed and is the root

			 * of the chain.  Likewise if the cert is its own