From patchwork Wed Feb  7 01:10:12 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 10204401
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	E721D6037E for <patchwork-linux-crypto@patchwork.kernel.org>;
	Wed,  7 Feb 2018 01:16:16 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D86CC28D8B
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Wed,  7 Feb 2018 01:16:16 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id CD3A528D98; Wed,  7 Feb 2018 01:16:16 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7517128D8B
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Wed,  7 Feb 2018 01:16:16 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932319AbeBGBQP (ORCPT
	<rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
	Tue, 6 Feb 2018 20:16:15 -0500
Received: from mail-it0-f66.google.com ([209.85.214.66]:35361 "EHLO
	mail-it0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932311AbeBGBQN (ORCPT
	<rfc822;linux-crypto@vger.kernel.org>);
	Tue, 6 Feb 2018 20:16:13 -0500
Received: by mail-it0-f66.google.com with SMTP id e1so223820ita.0;
	Tue, 06 Feb 2018 17:16:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=hcfBptVjLBlyI8LbFInjzUAH78hnxzuHFtkFox2CLRQ=;
	b=mqHgkmHaEMMqSN7A0CMCwT/vezUjmXGX97obShrRo+/XQhaWDh9fdRtsxTq3lMckhU
	KEzzZUpbtEjqN0DCC9VUU13nM7uk+z21RMBOJDtmq6bwnyyFwQE6RwquXFGUwXFSLAzD
	BD6CTtSLup4zNqE0rC/46xOga/2KoA1k8M6UHGivCqQkOSx293XC5Y89mpeRaazMfcfN
	5fkVuwQxnMCtR33Dp+ptf39/IYv+PR2faGX3Qc1V5Uht1iJ/UOVf+CYK3N/oRVqkZGU4
	3D2dY0wiPXKNmzs1Wu6kfrmuv+5N6KwmIiPrHMJrKBMwG0olfL4HZ2GVWYJ3dIIEGDG4
	9ZqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=hcfBptVjLBlyI8LbFInjzUAH78hnxzuHFtkFox2CLRQ=;
	b=jmH1gv+ImOnGvskF/2+6oWDdz7XY9uxIjRz24nFMvA8nwRcrjmOUDOkMx7O2gI/fn8
	lZieWJJ9pKuZzHEUtSGDEapWXL6yJfYMjLTbLLzMaB9sn9ePHEeed1gR0zODV4uoelQ2
	i47qwzKp4f3Yhu7tK9f9mf4+TA4l2LVkG+Lzfjb/LwF8skw6mAxaU/Xdf1w8+uR9O4rc
	O0PBGR0Duz0GEgulVZtt7V0itPzbBG8MtVoHgMT5cuLSkjiB4p03gI0DuCxA2nLBmGpI
	2BzSQrV5H/iQnQvKmXOpSzgOO5PnWiXVNSYWCiMpMR9y8iKQwETaIWM0Oc7KzSievDPJ
	SS4Q==
X-Gm-Message-State: APf1xPDG3vFayoCFnxw8qyvScCVCiRukZ62uviO5KirmS0p1eVl9/cBY
	NByZcqvZDHcvAOAryKwJSfR97zY7
X-Google-Smtp-Source: 
 AH8x225EUOaaqkvv7UMmn3X6ZfCjxJGI/V7GGJhryioE4tPKEWUuRCPIG40CSk4TM83U/hNZ/UZvaQ==
X-Received: by 10.36.13.5 with SMTP id 5mr5805809itx.68.1517966173188;
	Tue, 06 Feb 2018 17:16:13 -0800 (PST)
Received: from ebiggers-linuxstation.kir.corp.google.com
	([2620:15c:17:3:dc28:5c82:b905:e8a8])
	by smtp.gmail.com with ESMTPSA id c9sm186364iod.5.2018.02.06.17.16.11
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 06 Feb 2018 17:16:12 -0800 (PST)
From: Eric Biggers <ebiggers3@gmail.com>
To: David Howells <dhowells@redhat.com>, keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org, Michael Halcrow <mhalcrow@google.com>,
	Eric Biggers <ebiggers@google.com>
Subject: [PATCH 9/9] X.509: self_signed implies !unsupported_sig
Date: Tue,  6 Feb 2018 17:10:12 -0800
Message-Id: <20180207011012.5928-10-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.16.0.rc1.238.g530d649a79-goog
In-Reply-To: <20180207011012.5928-1-ebiggers3@gmail.com>
References: <20180207011012.5928-1-ebiggers3@gmail.com>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Eric Biggers <ebiggers@google.com>

The self_signed flag on a certificate implies we verified its signature.
Hence, the signature cannot have been unsupported.

Remove the dead code that resulted from this oversight.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/asymmetric_keys/pkcs7_verify.c | 18 +++---------------
 crypto/asymmetric_keys/x509_parser.h  |  2 +-
 2 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index beb47fd2fca5..c23255240b93 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -206,13 +206,10 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
 				 sig->auth_ids[1]->len, sig->auth_ids[1]->data);
 
 		if (x509->self_signed) {
-			/* If there's no authority certificate specified, then
-			 * the certificate must be self-signed and is the root
-			 * of the chain.  Likewise if the cert is its own
-			 * authority.
+			/*
+			 * If the certificate is self-signed, then it is the
+			 * root of the chain.
 			 */
-			if (x509->unsupported_sig)
-				goto unsupported_crypto_in_x509;
 			x509->signer = x509;
 			pr_debug("- self-signed\n");
 			return 0;
@@ -275,15 +272,6 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
 		x509 = p;
 		might_sleep();
 	}
-
-unsupported_crypto_in_x509:
-	/* Just prune the certificate chain at this point if we lack some
-	 * crypto module to go further.  Note, however, we don't want to set
-	 * sinfo->unsupported_crypto as the signed info block may still be
-	 * validatable against an X.509 cert lower in the chain that we have a
-	 * trusted copy of.
-	 */
-	return 0;
 }
 
 /*
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index 217341276ae0..1294cc2c855d 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -39,7 +39,7 @@ struct x509_certificate {
 	unsigned	index;
 	bool		seen;			/* Infinite recursion prevention */
 	bool		verified;
-	bool		self_signed;		/* T if self-signed (check unsupported_sig too) */
+	bool		self_signed;		/* T if self-signed */
 	bool		unsupported_sig;	/* T if signature uses unsupported crypto */
 	bool		blacklisted;
 };