Code Review
/
kvmfornfv.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
These changes are the raw update to linux-4.4.6-rt14. Kernel sources
[kvmfornfv.git]
/
kernel
/
crypto
/
asymmetric_keys
/
pkcs7_trust.c
diff --git
a/kernel/crypto/asymmetric_keys/pkcs7_trust.c
b/kernel/crypto/asymmetric_keys/pkcs7_trust.c
index
1d29376
..
90d6d47
100644
(file)
--- a/
kernel/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/
kernel/crypto/asymmetric_keys/pkcs7_trust.c
@@
-54,7
+54,8
@@
static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
/* Look to see if this certificate is present in the trusted
* keys.
*/
/* Look to see if this certificate is present in the trusted
* keys.
*/
- key = x509_request_asymmetric_key(trust_keyring, x509->id,
+ key = x509_request_asymmetric_key(trust_keyring,
+ x509->id, x509->skid,
false);
if (!IS_ERR(key)) {
/* One of the X.509 certificates in the PKCS#7 message
false);
if (!IS_ERR(key)) {
/* One of the X.509 certificates in the PKCS#7 message
@@
-85,8
+86,10
@@
static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
/* No match - see if the root certificate has a signer amongst the
* trusted keys.
*/
/* No match - see if the root certificate has a signer amongst the
* trusted keys.
*/
- if (last && last->authority) {
- key = x509_request_asymmetric_key(trust_keyring, last->authority,
+ if (last && (last->akid_id || last->akid_skid)) {
+ key = x509_request_asymmetric_key(trust_keyring,
+ last->akid_id,
+ last->akid_skid,
false);
if (!IS_ERR(key)) {
x509 = last;
false);
if (!IS_ERR(key)) {
x509 = last;
@@
-103,6
+106,7
@@
static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
*/
key = x509_request_asymmetric_key(trust_keyring,
sinfo->signing_cert_id,
*/
key = x509_request_asymmetric_key(trust_keyring,
sinfo->signing_cert_id,
+ NULL,
false);
if (!IS_ERR(key)) {
pr_devel("sinfo %u: Direct signer is key %x\n",
false);
if (!IS_ERR(key)) {
pr_devel("sinfo %u: Direct signer is key %x\n",