diff options
| author | David Howells <dhowells@redhat.com> | 2016-04-12 20:10:19 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2016-04-12 20:10:19 +0100 |
| commit | b6e17c1be75c796b37d01d058ae17387f043e495 (patch) | |
| tree | b28635b7a29c43c9773cecf6f9eca46db5a71ed5 /crypto/asymmetric_keys/pkcs7_trust.c | |
| parent | 6e007f3186e398ec4e3b6d4f1c22740d9dc2715e (diff) | |
| parent | ad3043fda39db0361d9601685356db4512e914be (diff) | |
Merge branch 'keys-sig' into keys-next
These commits do the following:
(1) Retain a signature in an asymmetric-type key and associate with it the
identifiers that will match a key that can be used to verify it.
(2) Differentiate an X.509 cert that cannot be used versus one that cannot
be verified due to unavailable crypto. This is noted in the
structures involved.
(3) Determination of the self-signedness of an X.509 cert is improved to
include checks on the subject/issuer names and the key
algorithm/signature algorithm types.
(4) Self-signed X.509 certificates are consistency checked early on if the
appropriate crypto is available.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'crypto/asymmetric_keys/pkcs7_trust.c')
| -rw-r--r-- | crypto/asymmetric_keys/pkcs7_trust.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c index 7d7a39b47c62..b9a5487cd82d 100644 --- a/crypto/asymmetric_keys/pkcs7_trust.c +++ b/crypto/asymmetric_keys/pkcs7_trust.c @@ -27,7 +27,7 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, struct pkcs7_signed_info *sinfo, struct key *trust_keyring) { - struct public_key_signature *sig = &sinfo->sig; + struct public_key_signature *sig = sinfo->sig; struct x509_certificate *x509, *last = NULL, *p; struct key *key; bool trusted; @@ -80,16 +80,16 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, might_sleep(); last = x509; - sig = &last->sig; + sig = last->sig; } /* No match - see if the root certificate has a signer amongst the * trusted keys. */ - if (last && (last->akid_id || last->akid_skid)) { + if (last && (last->sig->auth_ids[0] || last->sig->auth_ids[1])) { key = x509_request_asymmetric_key(trust_keyring, - last->akid_id, - last->akid_skid, + last->sig->auth_ids[0], + last->sig->auth_ids[1], false); if (!IS_ERR(key)) { x509 = last; @@ -105,7 +105,7 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, * the signed info directly. */ key = x509_request_asymmetric_key(trust_keyring, - sinfo->signing_cert_id, + sinfo->sig->auth_ids[0], NULL, false); if (!IS_ERR(key)) { |