Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit 8dd609805b87923a700a2fad646390a58013cdb9

Authored by Dmitry Kasatkin
Committed by David Howells
1 parent f1b731dbc2
Exists in ti-lsk-linux-4.1.y and in 10 other branches dlt-processor-sdk-linux-03.00.00.04, processor-sdk-linux-02.00.01, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04

KEYS: use swapped SKID for performing partial matching 

Earlier KEYS code used pure subject key identifiers (fingerprint)
for searching keys. Latest merged code removed that and broke
compatibility with integrity subsytem signatures and original
format of module signatures.

This patch returns back partial matching on SKID.

Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>

Showing 2 changed files with 9 additions and 9 deletions Side-by-side Diff

crypto/asymmetric_keys/x509_cert_parser.c
Diff comments   View file @ 8dd6098
... ... @@ -437,9 +437,9 @@
437 437  
438 438 ctx->cert->raw_skid_size = vlen;
439 439 ctx->cert->raw_skid = v;
440   - kid = asymmetric_key_generate_id(v, vlen,
441   - ctx->cert->raw_subject,
442   - ctx->cert->raw_subject_size);
  440 + kid = asymmetric_key_generate_id(ctx->cert->raw_subject,
  441 + ctx->cert->raw_subject_size,
  442 + v, vlen);
443 443 if (IS_ERR(kid))
444 444 return PTR_ERR(kid);
445 445 ctx->cert->skid = kid;
... ... @@ -493,9 +493,9 @@
493 493 v += (sub + 2);
494 494 }
495 495  
496   - kid = asymmetric_key_generate_id(v, vlen,
497   - ctx->cert->raw_issuer,
498   - ctx->cert->raw_issuer_size);
  496 + kid = asymmetric_key_generate_id(ctx->cert->raw_issuer,
  497 + ctx->cert->raw_issuer_size,
  498 + v, vlen);
499 499 if (IS_ERR(kid))
500 500 return PTR_ERR(kid);
501 501 pr_debug("authkeyid %*phN\n", kid->len, kid->data);
crypto/asymmetric_keys/x509_parser.h
Diff comments   View file @ 8dd6098
... ... @@ -19,9 +19,9 @@
19 19 struct public_key_signature sig; /* Signature parameters */
20 20 char *issuer; /* Name of certificate issuer */
21 21 char *subject; /* Name of certificate subject */
22   - struct asymmetric_key_id *id; /* Issuer + serial number */
23   - struct asymmetric_key_id *skid; /* Subject key identifier */
24   - struct asymmetric_key_id *authority; /* Authority key identifier */
  22 + struct asymmetric_key_id *id; /* Serial number + issuer */
  23 + struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */
  24 + struct asymmetric_key_id *authority; /* Authority key identifier (optional) */
25 25 struct tm valid_from;
26 26 struct tm valid_to;
27 27 const void *tbs; /* Signed data */