|
@@ -108,7 +108,6 @@ EXPORT_SYMBOL_GPL(x509_check_signature);
|
|
|
static int x509_key_preparse(struct key_preparsed_payload *prep)
|
|
static int x509_key_preparse(struct key_preparsed_payload *prep)
|
|
|
{
|
|
{
|
|
|
struct x509_certificate *cert;
|
|
struct x509_certificate *cert;
|
|
|
- struct tm now;
|
|
|
|
|
size_t srlen, sulen;
|
|
size_t srlen, sulen;
|
|
|
char *desc = NULL;
|
|
char *desc = NULL;
|
|
|
int ret;
|
|
int ret;
|
|
@@ -150,43 +149,6 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
|
|
|
goto error_free_cert;
|
|
goto error_free_cert;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- time_to_tm(CURRENT_TIME.tv_sec, 0, &now);
|
|
|
|
|
- pr_devel("Now: %04ld-%02d-%02d %02d:%02d:%02d\n",
|
|
|
|
|
- now.tm_year + 1900, now.tm_mon + 1, now.tm_mday,
|
|
|
|
|
- now.tm_hour, now.tm_min, now.tm_sec);
|
|
|
|
|
- if (now.tm_year < cert->valid_from.tm_year ||
|
|
|
|
|
- (now.tm_year == cert->valid_from.tm_year &&
|
|
|
|
|
- (now.tm_mon < cert->valid_from.tm_mon ||
|
|
|
|
|
- (now.tm_mon == cert->valid_from.tm_mon &&
|
|
|
|
|
- (now.tm_mday < cert->valid_from.tm_mday ||
|
|
|
|
|
- (now.tm_mday == cert->valid_from.tm_mday &&
|
|
|
|
|
- (now.tm_hour < cert->valid_from.tm_hour ||
|
|
|
|
|
- (now.tm_hour == cert->valid_from.tm_hour &&
|
|
|
|
|
- (now.tm_min < cert->valid_from.tm_min ||
|
|
|
|
|
- (now.tm_min == cert->valid_from.tm_min &&
|
|
|
|
|
- (now.tm_sec < cert->valid_from.tm_sec
|
|
|
|
|
- ))))))))))) {
|
|
|
|
|
- pr_warn("Cert %s is not yet valid\n", cert->fingerprint);
|
|
|
|
|
- ret = -EKEYREJECTED;
|
|
|
|
|
- goto error_free_cert;
|
|
|
|
|
- }
|
|
|
|
|
- if (now.tm_year > cert->valid_to.tm_year ||
|
|
|
|
|
- (now.tm_year == cert->valid_to.tm_year &&
|
|
|
|
|
- (now.tm_mon > cert->valid_to.tm_mon ||
|
|
|
|
|
- (now.tm_mon == cert->valid_to.tm_mon &&
|
|
|
|
|
- (now.tm_mday > cert->valid_to.tm_mday ||
|
|
|
|
|
- (now.tm_mday == cert->valid_to.tm_mday &&
|
|
|
|
|
- (now.tm_hour > cert->valid_to.tm_hour ||
|
|
|
|
|
- (now.tm_hour == cert->valid_to.tm_hour &&
|
|
|
|
|
- (now.tm_min > cert->valid_to.tm_min ||
|
|
|
|
|
- (now.tm_min == cert->valid_to.tm_min &&
|
|
|
|
|
- (now.tm_sec > cert->valid_to.tm_sec
|
|
|
|
|
- ))))))))))) {
|
|
|
|
|
- pr_warn("Cert %s has expired\n", cert->fingerprint);
|
|
|
|
|
- ret = -EKEYEXPIRED;
|
|
|
|
|
- goto error_free_cert;
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
cert->pub->algo = pkey_algo[cert->pub->pkey_algo];
|
|
cert->pub->algo = pkey_algo[cert->pub->pkey_algo];
|
|
|
cert->pub->id_type = PKEY_ID_X509;
|
|
cert->pub->id_type = PKEY_ID_X509;
|
|
|
|
|
|
David Howells