diff options
author | Doug Ledford <dledford@redhat.com> | 2015-09-25 10:46:07 -0400 |
---|---|---|
committer | Doug Ledford <dledford@redhat.com> | 2015-09-25 10:46:07 -0400 |
commit | a99c59c0accea388f83ea651e90c814aeac04785 (patch) | |
tree | 1d102927807aa7c12a8a66cbb59d6560c6520645 /crypto/asymmetric_keys/pkcs7_trust.c | |
parent | c16e43ca0904ac1f8c20a2c007801d4d69bdb6f7 (diff) | |
parent | 733601f243cfd24755f2c120fb9f9ec284fa5ca1 (diff) | |
download | linux-crypto-a99c59c0accea388f83ea651e90c814aeac04785.tar.gz linux-crypto-a99c59c0accea388f83ea651e90c814aeac04785.zip |
Merge tag 'v4.3-rc2' into k.o/for-4.3-v1
Linux 4.3-rc2
Diffstat (limited to 'crypto/asymmetric_keys/pkcs7_trust.c')
-rw-r--r-- | crypto/asymmetric_keys/pkcs7_trust.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c index 1d293760..90d6d479 100644 --- a/crypto/asymmetric_keys/pkcs7_trust.c +++ b/crypto/asymmetric_keys/pkcs7_trust.c @@ -54,7 +54,8 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, /* Look to see if this certificate is present in the trusted * keys. */ - key = x509_request_asymmetric_key(trust_keyring, x509->id, + key = x509_request_asymmetric_key(trust_keyring, + x509->id, x509->skid, false); if (!IS_ERR(key)) { /* One of the X.509 certificates in the PKCS#7 message @@ -85,8 +86,10 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, /* No match - see if the root certificate has a signer amongst the * trusted keys. */ - if (last && last->authority) { - key = x509_request_asymmetric_key(trust_keyring, last->authority, + if (last && (last->akid_id || last->akid_skid)) { + key = x509_request_asymmetric_key(trust_keyring, + last->akid_id, + last->akid_skid, false); if (!IS_ERR(key)) { x509 = last; @@ -103,6 +106,7 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, */ key = x509_request_asymmetric_key(trust_keyring, sinfo->signing_cert_id, + NULL, false); if (!IS_ERR(key)) { pr_devel("sinfo %u: Direct signer is key %x\n", |