Commit 8dd609805b87923a700a2fad646390a58013cdb9
Committed by
David Howells
1 parent
f1b731dbc2
Exists in
ti-lsk-linux-4.1.y
and in
10 other branches
KEYS: use swapped SKID for performing partial matching
Earlier KEYS code used pure subject key identifiers (fingerprint) for searching keys. Latest merged code removed that and broke compatibility with integrity subsytem signatures and original format of module signatures. This patch returns back partial matching on SKID. Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: David Howells <dhowells@redhat.com>
Showing 2 changed files with 9 additions and 9 deletions Side-by-side Diff
crypto/asymmetric_keys/x509_cert_parser.c
... | ... | @@ -437,9 +437,9 @@ |
437 | 437 | |
438 | 438 | ctx->cert->raw_skid_size = vlen; |
439 | 439 | ctx->cert->raw_skid = v; |
440 | - kid = asymmetric_key_generate_id(v, vlen, | |
441 | - ctx->cert->raw_subject, | |
442 | - ctx->cert->raw_subject_size); | |
440 | + kid = asymmetric_key_generate_id(ctx->cert->raw_subject, | |
441 | + ctx->cert->raw_subject_size, | |
442 | + v, vlen); | |
443 | 443 | if (IS_ERR(kid)) |
444 | 444 | return PTR_ERR(kid); |
445 | 445 | ctx->cert->skid = kid; |
... | ... | @@ -493,9 +493,9 @@ |
493 | 493 | v += (sub + 2); |
494 | 494 | } |
495 | 495 | |
496 | - kid = asymmetric_key_generate_id(v, vlen, | |
497 | - ctx->cert->raw_issuer, | |
498 | - ctx->cert->raw_issuer_size); | |
496 | + kid = asymmetric_key_generate_id(ctx->cert->raw_issuer, | |
497 | + ctx->cert->raw_issuer_size, | |
498 | + v, vlen); | |
499 | 499 | if (IS_ERR(kid)) |
500 | 500 | return PTR_ERR(kid); |
501 | 501 | pr_debug("authkeyid %*phN\n", kid->len, kid->data); |
crypto/asymmetric_keys/x509_parser.h
... | ... | @@ -19,9 +19,9 @@ |
19 | 19 | struct public_key_signature sig; /* Signature parameters */ |
20 | 20 | char *issuer; /* Name of certificate issuer */ |
21 | 21 | char *subject; /* Name of certificate subject */ |
22 | - struct asymmetric_key_id *id; /* Issuer + serial number */ | |
23 | - struct asymmetric_key_id *skid; /* Subject key identifier */ | |
24 | - struct asymmetric_key_id *authority; /* Authority key identifier */ | |
22 | + struct asymmetric_key_id *id; /* Serial number + issuer */ | |
23 | + struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */ | |
24 | + struct asymmetric_key_id *authority; /* Authority key identifier (optional) */ | |
25 | 25 | struct tm valid_from; |
26 | 26 | struct tm valid_to; |
27 | 27 | const void *tbs; /* Signed data */ |