bianbu-repo-mirror/bianbu-linux-6.6
1
0
Fork 0
mirror of https://gitee.com/bianbu-linux/linux-6.6 synced 2025-07-01 23:53:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

PKCS#7: Make trust determination dependent on contents of trust keyring

Browse source 
Make the determination of the trustworthiness of a key dependent on whether
a key that can verify it is present in the supplied ring of trusted keys
rather than whether or not the verifying key has KEY_FLAG_TRUSTED set.

verify_pkcs7_signature() will return -ENOKEY if the PKCS#7 message trust
chain cannot be verified.

Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
David Howells 2016-04-06 16:14:24 +01:00
parent e68503bd68
commit bda850cd21
9 changed files with 11 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

1
include/linux/verification.h
View file

@ -33,7 +33,6 @@ struct key;
extern int verify_pkcs7_signature(const void *data, size_t len,
const void *raw_pkcs7, size_t pkcs7_len,
struct key *trusted_keys,
int untrusted_error,
enum key_being_used_for usage,
int (*view_content)(void *ctx,
const void *data, size_t len,