diff options
| author | Dmitry Kasatkin <d.kasatkin@samsung.com> | 2014-10-06 16:52:12 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2014-10-06 16:56:08 +0100 |
| commit | 8715e2fc4bb2844dae78ddcdcd070d44b245a22b (patch) | |
| tree | 3e88ff7470ef3e20de1eb7589384e36c8357a02e /crypto/asymmetric_keys/x509_cert_parser.c | |
| parent | 6b78e9ccade294763344d8589255d10469862af2 (diff) | |
| download | linux-crypto-8715e2fc4bb2844dae78ddcdcd070d44b245a22b.tar.gz linux-crypto-8715e2fc4bb2844dae78ddcdcd070d44b245a22b.zip | |
KEYS: use swapped SKID for performing partial matching
Earlier KEYS code used pure subject key identifiers (fingerprint)
for searching keys. Latest merged code removed that and broke
compatibility with integrity subsytem signatures and original
format of module signatures.
This patch returns back partial matching on SKID.
Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'crypto/asymmetric_keys/x509_cert_parser.c')
| -rw-r--r-- | crypto/asymmetric_keys/x509_cert_parser.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 393706f3..a668d903 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -437,9 +437,9 @@ int x509_process_extension(void *context, size_t hdrlen, ctx->cert->raw_skid_size = vlen; ctx->cert->raw_skid = v; - kid = asymmetric_key_generate_id(v, vlen, - ctx->cert->raw_subject, - ctx->cert->raw_subject_size); + kid = asymmetric_key_generate_id(ctx->cert->raw_subject, + ctx->cert->raw_subject_size, + v, vlen); if (IS_ERR(kid)) return PTR_ERR(kid); ctx->cert->skid = kid; @@ -493,9 +493,9 @@ int x509_process_extension(void *context, size_t hdrlen, v += (sub + 2); } - kid = asymmetric_key_generate_id(v, vlen, - ctx->cert->raw_issuer, - ctx->cert->raw_issuer_size); + kid = asymmetric_key_generate_id(ctx->cert->raw_issuer, + ctx->cert->raw_issuer_size, + v, vlen); if (IS_ERR(kid)) return PTR_ERR(kid); pr_debug("authkeyid %*phN\n", kid->len, kid->data); |