diff options
author | Dmitry Kasatkin <d.kasatkin@samsung.com> | 2014-10-06 15:21:05 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2014-10-06 15:21:05 +0100 |
commit | f1b731dbc2530cab93fcfc5fcb18c9f3a100feeb (patch) | |
tree | b5b02c3fd51b13e11a5212e4b726f5e2df653f8a /crypto/asymmetric_keys/pkcs7_trust.c | |
parent | dd2f6c4481debfa389c1f2b2b1d5bd6449c42611 (diff) | |
download | linux-stable-f1b731dbc2530cab93fcfc5fcb18c9f3a100feeb.tar.gz linux-stable-f1b731dbc2530cab93fcfc5fcb18c9f3a100feeb.tar.bz2 linux-stable-f1b731dbc2530cab93fcfc5fcb18c9f3a100feeb.zip |
KEYS: Restore partial ID matching functionality for asymmetric keys
Bring back the functionality whereby an asymmetric key can be matched with a
partial match on one of its IDs.
Whilst we're at it, allow for the possibility of having an increased number of
IDs.
Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'crypto/asymmetric_keys/pkcs7_trust.c')
-rw-r--r-- | crypto/asymmetric_keys/pkcs7_trust.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c index ae47be6128c4..1d29376072da 100644 --- a/crypto/asymmetric_keys/pkcs7_trust.c +++ b/crypto/asymmetric_keys/pkcs7_trust.c @@ -54,7 +54,8 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, /* Look to see if this certificate is present in the trusted * keys. */ - key = x509_request_asymmetric_key(trust_keyring, x509->id); + key = x509_request_asymmetric_key(trust_keyring, x509->id, + false); if (!IS_ERR(key)) { /* One of the X.509 certificates in the PKCS#7 message * is apparently the same as one we already trust. @@ -85,7 +86,8 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, * trusted keys. */ if (last && last->authority) { - key = x509_request_asymmetric_key(trust_keyring, last->authority); + key = x509_request_asymmetric_key(trust_keyring, last->authority, + false); if (!IS_ERR(key)) { x509 = last; pr_devel("sinfo %u: Root cert %u signer is key %x\n", @@ -100,7 +102,8 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, * the signed info directly. */ key = x509_request_asymmetric_key(trust_keyring, - sinfo->signing_cert_id); + sinfo->signing_cert_id, + false); if (!IS_ERR(key)) { pr_devel("sinfo %u: Direct signer is key %x\n", sinfo->index, key_serial(key)); |