aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorDmitry Kasatkin <d.kasatkin@samsung.com>2014-10-06 11:52:12 -0400
committerDavid Howells <dhowells@redhat.com>2014-10-06 11:56:08 -0400
commit8dd609805b87923a700a2fad646390a58013cdb9 (patch)
treec6f4d35bfbcf6a905054e3448bf54bd3e5f92189 /crypto
parentf1b731dbc2530cab93fcfc5fcb18c9f3a100feeb (diff)
KEYS: use swapped SKID for performing partial matching
Earlier KEYS code used pure subject key identifiers (fingerprint) for searching keys. Latest merged code removed that and broke compatibility with integrity subsytem signatures and original format of module signatures. This patch returns back partial matching on SKID. Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asymmetric_keys/x509_cert_parser.c12
-rw-r--r--crypto/asymmetric_keys/x509_parser.h6
2 files changed, 9 insertions, 9 deletions
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 393706f33fa5..a668d90302d3 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -437,9 +437,9 @@ int x509_process_extension(void *context, size_t hdrlen,
437 437
438 ctx->cert->raw_skid_size = vlen; 438 ctx->cert->raw_skid_size = vlen;
439 ctx->cert->raw_skid = v; 439 ctx->cert->raw_skid = v;
440 kid = asymmetric_key_generate_id(v, vlen, 440 kid = asymmetric_key_generate_id(ctx->cert->raw_subject,
441 ctx->cert->raw_subject, 441 ctx->cert->raw_subject_size,
442 ctx->cert->raw_subject_size); 442 v, vlen);
443 if (IS_ERR(kid)) 443 if (IS_ERR(kid))
444 return PTR_ERR(kid); 444 return PTR_ERR(kid);
445 ctx->cert->skid = kid; 445 ctx->cert->skid = kid;
@@ -493,9 +493,9 @@ int x509_process_extension(void *context, size_t hdrlen,
493 v += (sub + 2); 493 v += (sub + 2);
494 } 494 }
495 495
496 kid = asymmetric_key_generate_id(v, vlen, 496 kid = asymmetric_key_generate_id(ctx->cert->raw_issuer,
497 ctx->cert->raw_issuer, 497 ctx->cert->raw_issuer_size,
498 ctx->cert->raw_issuer_size); 498 v, vlen);
499 if (IS_ERR(kid)) 499 if (IS_ERR(kid))
500 return PTR_ERR(kid); 500 return PTR_ERR(kid);
501 pr_debug("authkeyid %*phN\n", kid->len, kid->data); 501 pr_debug("authkeyid %*phN\n", kid->len, kid->data);
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index 3f0f0f081621..3dfe6b5d6f0b 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -19,9 +19,9 @@ struct x509_certificate {
19 struct public_key_signature sig; /* Signature parameters */ 19 struct public_key_signature sig; /* Signature parameters */
20 char *issuer; /* Name of certificate issuer */ 20 char *issuer; /* Name of certificate issuer */
21 char *subject; /* Name of certificate subject */ 21 char *subject; /* Name of certificate subject */
22 struct asymmetric_key_id *id; /* Issuer + serial number */ 22 struct asymmetric_key_id *id; /* Serial number + issuer */
23 struct asymmetric_key_id *skid; /* Subject key identifier */ 23 struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */
24 struct asymmetric_key_id *authority; /* Authority key identifier */ 24 struct asymmetric_key_id *authority; /* Authority key identifier (optional) */
25 struct tm valid_from; 25 struct tm valid_from;
26 struct tm valid_to; 26 struct tm valid_to;
27 const void *tbs; /* Signed data */ 27 const void *tbs; /* Signed data */