pefile: Validate PKCS#7 trust chain

Validate the PKCS#7 trust chain against the contents of the system keyring. Signed-off-by: David Howells <[email protected]> Acked-by: Vivek Goyal <[email protected]>
nelseric · Jul 9, 2014 · 98801c0 · 98801c0
1 parent af316fc
commit 98801c0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/crypto/asymmetric_keys/verify_pefile.c b/crypto/asymmetric_keys/verify_pefile.c
@@ -449,7 +449,7 @@ int verify_pefile_signature(const void *pebuf, unsigned pelen,
 	if (ret < 0)
 		goto error;
 
-	ret = -ENOANO; // Not yet complete
+	ret = pkcs7_validate_trust(pkcs7, trusted_keyring, _trusted);
 
 error:
 	pkcs7_free_message(ctx.pkcs7);