1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
--- a/compat/verification/pkcs7_trust.c
+++ b/compat/verification/pkcs7_trust.c
@@ -115,7 +115,7 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
return -ENOKEY;
matched:
- ret = verify_signature(key, sig);
+ ret = public_key_verify_signature(key->public_key, sig);
key_put(key);
if (ret < 0) {
if (ret == -ENOMEM)
--- a/compat/verification/x509_public_key.c
+++ b/compat/verification/x509_public_key.c
@@ -13,11 +13,8 @@
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/slab.h>
-#include <keys/asymmetric-subtype.h>
-#include <keys/asymmetric-parser.h>
#include <keys/system_keyring.h>
#include <crypto/hash.h>
-#include "asymmetric_keys.h"
#include "x509_parser.h"
/*
@@ -159,6 +156,7 @@ not_self_signed:
return 0;
}
+#if 0
/*
* Attempt to parse a data blob for a key as an X509 certificate.
*/
@@ -276,3 +274,4 @@ module_exit(x509_key_exit);
MODULE_DESCRIPTION("X.509 certificate parser");
MODULE_LICENSE("GPL");
+#endif
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -2,5 +2,10 @@
#ifndef CPTCFG_BPAUTO_PKCS7
#include_next <crypto/pkcs7.h>
#else
+#define pkcs7_verify LINUX_BACKPORT(pkcs7_verify)
+#define pkcs7_get_content_data LINUX_BACKPORT(pkcs7_get_content_data)
+#define pkcs7_parse_message LINUX_BACKPORT(pkcs7_parse_message)
+#define pkcs7_free_message LINUX_BACKPORT(pkcs7_free_message)
+#define pkcs7_validate_trust LINUX_BACKPORT(pkcs7_validate_trust)
#include <crypto/backport-pkcs7.h>
#endif /* CPTCFG_BPAUTO_PKCS7 */
--- a/compat/verification/x509_parser.h
+++ b/compat/verification/x509_parser.h
@@ -13,6 +13,10 @@
#include <crypto/public_key.h>
#include <keys/asymmetric-type.h>
+#define x509_decode_time LINUX_BACKPORT(x509_decode_time)
+#define x509_cert_parse LINUX_BACKPORT(x509_cert_parse)
+#define x509_free_certificate LINUX_BACKPORT(x509_free_certificate)
+
struct x509_certificate {
struct x509_certificate *next;
struct x509_certificate *signer; /* Certificate that signed this one */
--- a/compat/verification/pkcs7_verify.c
+++ b/compat/verification/pkcs7_verify.c
@@ -150,7 +150,7 @@
pr_devel("Sig %u: Found cert serial match X.509[%u]\n",
sinfo->index, certix);
- if (x509->pub->pkey_algo != sinfo->sig->pkey_algo) {
+ if (strcmp(x509->pub->pkey_algo, sinfo->sig->pkey_algo)) {
pr_warn("Sig %u: X.509 algo and PKCS#7 sig algo don't match\n",
sinfo->index);
continue;
|
