From 8dd609805b87923a700a2fad646390a58013cdb9 Mon Sep 17 00:00:00 2001
From: Dmitry Kasatkin <d.kasatkin@samsung.com>
Date: Mon, 6 Oct 2014 16:52:12 +0100
Subject: KEYS: use swapped SKID for performing partial matching

Earlier KEYS code used pure subject key identifiers (fingerprint)
for searching keys. Latest merged code removed that and broke
compatibility with integrity subsytem signatures and original
format of module signatures.

This patch returns back partial matching on SKID.

Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
 crypto/asymmetric_keys/x509_cert_parser.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'crypto/asymmetric_keys/x509_cert_parser.c')

diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 393706f33fa5..a668d90302d3 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -437,9 +437,9 @@ int x509_process_extension(void *context, size_t hdrlen,
 
 		ctx->cert->raw_skid_size = vlen;
 		ctx->cert->raw_skid = v;
-		kid = asymmetric_key_generate_id(v, vlen,
-						 ctx->cert->raw_subject,
-						 ctx->cert->raw_subject_size);
+		kid = asymmetric_key_generate_id(ctx->cert->raw_subject,
+						 ctx->cert->raw_subject_size,
+						 v, vlen);
 		if (IS_ERR(kid))
 			return PTR_ERR(kid);
 		ctx->cert->skid = kid;
@@ -493,9 +493,9 @@ int x509_process_extension(void *context, size_t hdrlen,
 			v += (sub + 2);
 		}
 
-		kid = asymmetric_key_generate_id(v, vlen,
-						 ctx->cert->raw_issuer,
-						 ctx->cert->raw_issuer_size);
+		kid = asymmetric_key_generate_id(ctx->cert->raw_issuer,
+						 ctx->cert->raw_issuer_size,
+						 v, vlen);
 		if (IS_ERR(kid))
 			return PTR_ERR(kid);
 		pr_debug("authkeyid %*phN\n", kid->len, kid->data);
-- 
cgit v1.2.3