mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-24 11:25:43 +00:00
Code Issues Releases Wiki Activity

KEYS: use swapped SKID for performing partial matching

Browse source 
Earlier KEYS code used pure subject key identifiers (fingerprint)
for searching keys. Latest merged code removed that and broke
compatibility with integrity subsytem signatures and original
format of module signatures.

This patch returns back partial matching on SKID.

Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
Dmitry Kasatkin 2014-10-06 16:52:12 +01:00 committed by David Howells
parent f1b731dbc2
commit 8dd609805b
2 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
crypto/asymmetric_keys/x509_cert_parser.c
View file

@ -437,9 +437,9 @@ int x509_process_extension(void *context, size_t hdrlen,
ctx->cert->raw_skid_size = vlen;
ctx->cert->raw_skid = v;
kid = asymmetric_key_generate_id(v, vlen,
ctx->cert->raw_subject,
ctx->cert->raw_subject_size);
kid = asymmetric_key_generate_id(ctx->cert->raw_subject,
ctx->cert->raw_subject_size,
v, vlen);
if (IS_ERR(kid))
return PTR_ERR(kid);
ctx->cert->skid = kid;
@ -493,9 +493,9 @@ int x509_process_extension(void *context, size_t hdrlen,
v += (sub + 2);
}
kid = asymmetric_key_generate_id(v, vlen,
ctx->cert->raw_issuer,
ctx->cert->raw_issuer_size);
kid = asymmetric_key_generate_id(ctx->cert->raw_issuer,
ctx->cert->raw_issuer_size,
v, vlen);
if (IS_ERR(kid))
return PTR_ERR(kid);
pr_debug("authkeyid %*phN\n", kid->len, kid->data);

6
crypto/asymmetric_keys/x509_parser.h
View file

@ -19,9 +19,9 @@ struct x509_certificate {
struct public_key_signature sig; /* Signature parameters */
char *issuer; /* Name of certificate issuer */
char *subject; /* Name of certificate subject */
struct asymmetric_key_id *id; /* Issuer + serial number */
struct asymmetric_key_id *skid; /* Subject key identifier */
struct asymmetric_key_id *authority; /* Authority key identifier */
struct asymmetric_key_id *id; /* Serial number + issuer */
struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */
struct asymmetric_key_id *authority; /* Authority key identifier (optional) */
struct tm valid_from;
struct tm valid_to;
const void *tbs; /* Signed data */