X.509: Retain the key verification data

Retain the key verification data (ie. the struct public_key_signature)
including the digest and the key identifiers.

Note that this means that we need to take a separate copy of the digest in
x509_get_sig_params() rather than lumping it in with the crypto layer data.

Signed-off-by: David Howells <dhowells@redhat.com>

1 files changed, 1 insertions, 3 deletions

diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index dbeed6018e63..26a4d83e4e6d 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -17,13 +17,11 @@ struct x509_certificate {
         struct x509_certificate *next;
         struct x509_certificate *signer;        /* Certificate that signed this one */
         struct public_key *pub;                 /* Public key details */
-        struct public_key_signature sig;        /* Signature parameters */
+        struct public_key_signature *sig;       /* Signature parameters */
         char            *issuer;                /* Name of certificate issuer */
         char            *subject;               /* Name of certificate subject */
         struct asymmetric_key_id *id;           /* Issuer + Serial number */
         struct asymmetric_key_id *skid;         /* Subject + subjectKeyId (optional) */
-        struct asymmetric_key_id *akid_id;      /* CA AuthKeyId matching ->id (optional) */
-        struct asymmetric_key_id *akid_skid;    /* CA AuthKeyId matching ->skid (optional) */
         time64_t        valid_from;
         time64_t        valid_to;
         const void      *tbs;                   /* Signed data */