PKCS#7: Handle PKCS#7 messages that contain no X.509 certs
authorDavid Howells <dhowells@redhat.com>
Tue, 16 Sep 2014 16:36:17 +0000 (17:36 +0100)
committerDavid Howells <dhowells@redhat.com>
Tue, 16 Sep 2014 16:36:17 +0000 (17:36 +0100)
commit757932e6da6de05b91cc4cb85493b17de48c2667
treead9bf9a2fa35fa4dbb1a4402f1c3d6b092fc7f28
parent41559420003cfe99522257dded7793192c77b4e9
PKCS#7: Handle PKCS#7 messages that contain no X.509 certs

The X.509 certificate list in a PKCS#7 message is optional.  To save space, we
can omit the inclusion of any X.509 certificates if we are sure that we can
look the relevant public key up by the serial number and issuer given in a
signed info block.

This also supports use of a signed info block for which we can't find a
matching X.509 cert in the certificate list, though it be populated.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
crypto/asymmetric_keys/pkcs7_trust.c
crypto/asymmetric_keys/pkcs7_verify.c