summaryrefslogtreecommitdiff
path: root/crypto/asymmetric_keys/x509_cert_parser.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2014-10-03 19:17:02 +0400
committerDavid Howells <dhowells@redhat.com>2014-10-03 19:17:02 +0400
commitdd2f6c4481debfa389c1f2b2b1d5bd6449c42611 (patch)
treeefdec24c56f02377b3edf6660d4775cf0c804e30 /crypto/asymmetric_keys/x509_cert_parser.c
parent40b50e80c5ca78b3164d79d39b4889c4e58f462e (diff)
downloadlinux-dd2f6c4481debfa389c1f2b2b1d5bd6449c42611.tar.xz
X.509: If available, use the raw subjKeyId to form the key description
Module signing matches keys by comparing against the key description exactly. However, the way the key description gets constructed got changed to be composed of the subject name plus the certificate serial number instead of the subject name and the subjectKeyId. I changed this to avoid problems with certificates that don't *have* a subjectKeyId. Instead, if available, use the raw subjectKeyId to form the key description and only use the serial number if the subjectKeyId doesn't exist. Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'crypto/asymmetric_keys/x509_cert_parser.c')
-rw-r--r--crypto/asymmetric_keys/x509_cert_parser.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 96151b2b91a2..393706f33fa5 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -435,6 +435,8 @@ int x509_process_extension(void *context, size_t hdrlen,
v += 2;
vlen -= 2;
+ ctx->cert->raw_skid_size = vlen;
+ ctx->cert->raw_skid = v;
kid = asymmetric_key_generate_id(v, vlen,
ctx->cert->raw_subject,
ctx->cert->raw_subject_size);