git.baikalelectronics.ru Git - kernel.git/commit

author	David Howells <dhowells@redhat.com>
	Fri, 3 Oct 2014 15:17:02 +0000 (16:17 +0100)
committer	David Howells <dhowells@redhat.com>
	Fri, 3 Oct 2014 15:17:02 +0000 (16:17 +0100)
commit	f9608748a4b59ea7e7287b6b06ed1f92f98914d0
tree	efdec24c56f02377b3edf6660d4775cf0c804e30	tree \| snapshot
parent	e950a77c652d3cc091225a76e0ab9a0e43a8b3ab	commit \| diff

X.509: If available, use the raw subjKeyId to form the key description

Module signing matches keys by comparing against the key description exactly.
However, the way the key description gets constructed got changed to be
composed of the subject name plus the certificate serial number instead of the
subject name and the subjectKeyId. I changed this to avoid problems with
certificates that don't *have* a subjectKeyId.

Instead, if available, use the raw subjectKeyId to form the key description
and only use the serial number if the subjectKeyId doesn't exist.

Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>

crypto/asymmetric_keys/x509_cert_parser.c		diff \| blob \| history
crypto/asymmetric_keys/x509_parser.h		diff \| blob \| history
crypto/asymmetric_keys/x509_public_key.c		diff \| blob \| history