From patchwork Wed Feb 7 01:10:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10204397 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8A63E6037E for ; Wed, 7 Feb 2018 01:16:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7C53B28D8B for ; Wed, 7 Feb 2018 01:16:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7136728D98; Wed, 7 Feb 2018 01:16:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 197DE28D8B for ; Wed, 7 Feb 2018 01:16:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932307AbeBGBQL (ORCPT ); Tue, 6 Feb 2018 20:16:11 -0500 Received: from mail-io0-f193.google.com ([209.85.223.193]:34586 "EHLO mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932311AbeBGBQK (ORCPT ); Tue, 6 Feb 2018 20:16:10 -0500 Received: by mail-io0-f193.google.com with SMTP id c17so194610iod.1; Tue, 06 Feb 2018 17:16:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=y1MslfsijFmYsOkD30AKmyg3l63RSbc+tZquRnmwmzU=; b=bpq8Qqhf4kOyyUVK7y20dMWZdxwlSEZkps4elTn1dBSwoRA3Ao8MfBSh2tLeqwwQ05 IIXSUniZO4WjMH+5Yfm++rnF2IJSrGa5zFWVCM4MnbomKzBajfTb+QdpBUZD9QuDZOKH 5GxnkYGu8QULUhM7d11+O5rDswflMjmMN/fS1V0ayaudXx/mJKmjrLTrjpOa4oPS730J +a+qCH1DLO+oVYj9MVpB7UsOTIaVXTne52wBHYmd2ZDl182hJq9FLenXfViyJOWTQ2Cw t9LwsQwjcEsEeECZep36Ev51UOmtu+xezsZqAPCwygtwArlKVWbcZrrzyg3RQxIV2NcH +t/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=y1MslfsijFmYsOkD30AKmyg3l63RSbc+tZquRnmwmzU=; b=JhYAj1eRNwBcbzoqErWaZeORZ5Fk0AECNZjg0PovBJwXMcXKDiebHfrOw0OiSfdLlT aJOlqC8xUWmSowWx91PwciFVmqDeY9bF1lzqO31PlBn0NkzdakVH4SA8i+WXj5+HjebU LSpos4LQS/gb1iECiF6RBR21vCuvgoP8E+28wwizonuqInF9UwR70ak46Lifpg4QzGQP VIfC0uiBzs+2bchcQ6T0wtVyozGgJE+nhXRjnjSXsauW9nXvNPjgYr932NNbYGNotZnw vfwnZ7gytC8XVmKj7yyyIhmVa+N67Gr+NjnXcLjw+wJOPQODGlEH5pbO15oL+w8/VKD5 zSJg== X-Gm-Message-State: APf1xPAqF8Bpb0IgNQVCnYcmn5ikwPtpoSEtcSc/sPj5M8eN5Q7tC5Sn odCsUH0zTpEXfOKKR3+rnaw= X-Google-Smtp-Source: AH8x224fSb9XmBW5NjMvUVYEwRUZBdLl7lHmNOBvz49g4GJinmv1+pPIDMc0/3+TgH07F9N17TEKmg== X-Received: by 10.107.148.68 with SMTP id w65mr5499720iod.65.1517966169774; Tue, 06 Feb 2018 17:16:09 -0800 (PST) Received: from ebiggers-linuxstation.kir.corp.google.com ([2620:15c:17:3:dc28:5c82:b905:e8a8]) by smtp.gmail.com with ESMTPSA id c9sm186364iod.5.2018.02.06.17.16.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Feb 2018 17:16:09 -0800 (PST) From: Eric Biggers To: David Howells , keyrings@vger.kernel.org Cc: linux-crypto@vger.kernel.org, Michael Halcrow , Eric Biggers Subject: [PATCH 7/9] X.509: remove never-set ->unsupported_key flag Date: Tue, 6 Feb 2018 17:10:10 -0800 Message-Id: <20180207011012.5928-8-ebiggers3@gmail.com> X-Mailer: git-send-email 2.16.0.rc1.238.g530d649a79-goog In-Reply-To: <20180207011012.5928-1-ebiggers3@gmail.com> References: <20180207011012.5928-1-ebiggers3@gmail.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers The X.509 parser is guaranteed to set cert->pub->pkey_algo, since x509_extract_key_data() is a mandatory action in the X.509 ASN.1 grammar, and it returns an error code if an unrecognized AlgorithmIdentifier is given rather than leaving the algorithm as NULL. Therefore, remove the dead code which handled this algorithm being NULL. This results in the ->unsupported_key flag never being set at all, so remove that too. Signed-off-by: Eric Biggers --- crypto/asymmetric_keys/pkcs7_verify.c | 3 --- crypto/asymmetric_keys/x509_parser.h | 1 - crypto/asymmetric_keys/x509_public_key.c | 9 --------- 3 files changed, 13 deletions(-) diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c index a9e03f5c52e7..beb47fd2fca5 100644 --- a/crypto/asymmetric_keys/pkcs7_verify.c +++ b/crypto/asymmetric_keys/pkcs7_verify.c @@ -196,9 +196,6 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7, return 0; } - if (x509->unsupported_key) - goto unsupported_crypto_in_x509; - pr_debug("- issuer %s\n", x509->issuer); sig = x509->sig; if (sig->auth_ids[0]) diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h index e373e7483812..217341276ae0 100644 --- a/crypto/asymmetric_keys/x509_parser.h +++ b/crypto/asymmetric_keys/x509_parser.h @@ -40,7 +40,6 @@ struct x509_certificate { bool seen; /* Infinite recursion prevention */ bool verified; bool self_signed; /* T if self-signed (check unsupported_sig too) */ - bool unsupported_key; /* T if key uses unsupported crypto */ bool unsupported_sig; /* T if signature uses unsupported crypto */ bool blacklisted; }; diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index 9338b4558cdc..514007932ec9 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -34,9 +34,6 @@ int x509_get_sig_params(struct x509_certificate *cert) pr_devel("==>%s()\n", __func__); - if (!cert->pub->pkey_algo) - cert->unsupported_key = true; - if (!sig->pkey_algo) cert->unsupported_sig = true; @@ -173,12 +170,6 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) pr_devel("Cert Issuer: %s\n", cert->issuer); pr_devel("Cert Subject: %s\n", cert->subject); - - if (cert->unsupported_key) { - ret = -ENOPKG; - goto error_free_cert; - } - pr_devel("Cert Key Algo: %s\n", cert->pub->pkey_algo); pr_devel("Cert Valid period: %lld-%lld\n", cert->valid_from, cert->valid_to);