summaryrefslogtreecommitdiff
path: root/crypto/asymmetric_keys/pkcs7_trust.c
diff options
context:
space:
mode:
authorDmitry Kasatkin <d.kasatkin@samsung.com>2014-10-06 15:21:05 +0100
committerDavid Howells <dhowells@redhat.com>2014-10-06 15:21:05 +0100
commitf1b731dbc2530cab93fcfc5fcb18c9f3a100feeb (patch)
treeb5b02c3fd51b13e11a5212e4b726f5e2df653f8a /crypto/asymmetric_keys/pkcs7_trust.c
parentdd2f6c4481debfa389c1f2b2b1d5bd6449c42611 (diff)
downloadlwn-f1b731dbc2530cab93fcfc5fcb18c9f3a100feeb.tar.gz
lwn-f1b731dbc2530cab93fcfc5fcb18c9f3a100feeb.zip
KEYS: Restore partial ID matching functionality for asymmetric keys
Bring back the functionality whereby an asymmetric key can be matched with a partial match on one of its IDs. Whilst we're at it, allow for the possibility of having an increased number of IDs. Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'crypto/asymmetric_keys/pkcs7_trust.c')
-rw-r--r--crypto/asymmetric_keys/pkcs7_trust.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
index ae47be6128c4..1d29376072da 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -54,7 +54,8 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
/* Look to see if this certificate is present in the trusted
* keys.
*/
- key = x509_request_asymmetric_key(trust_keyring, x509->id);
+ key = x509_request_asymmetric_key(trust_keyring, x509->id,
+ false);
if (!IS_ERR(key)) {
/* One of the X.509 certificates in the PKCS#7 message
* is apparently the same as one we already trust.
@@ -85,7 +86,8 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
* trusted keys.
*/
if (last && last->authority) {
- key = x509_request_asymmetric_key(trust_keyring, last->authority);
+ key = x509_request_asymmetric_key(trust_keyring, last->authority,
+ false);
if (!IS_ERR(key)) {
x509 = last;
pr_devel("sinfo %u: Root cert %u signer is key %x\n",
@@ -100,7 +102,8 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
* the signed info directly.
*/
key = x509_request_asymmetric_key(trust_keyring,
- sinfo->signing_cert_id);
+ sinfo->signing_cert_id,
+ false);
if (!IS_ERR(key)) {
pr_devel("sinfo %u: Direct signer is key %x\n",
sinfo->index, key_serial(key));