if (strncmp(str, "id:", 3) == 0) {
struct asymmetric_key_id *p;
- p = asymmetric_key_hex_to_key_id(str);
+ p = asymmetric_key_hex_to_key_id(str + 3);
if (p == ERR_PTR(-EINVAL))
pr_err("Unparsable hex string in ca_keys\n");
else if (!IS_ERR(p))
* x509_request_asymmetric_key - Request a key by X.509 certificate params.
* @keyring: The keys to search.
* @kid: The key ID.
+ * @partial: Use partial match if true, exact if false.
*
* Find a key in the given keyring by subject name and key ID. These might,
* for instance, be the issuer name and the authority key ID of an X.509
* certificate that needs to be verified.
*/
struct key *x509_request_asymmetric_key(struct key *keyring,
- const struct asymmetric_key_id *kid)
+ const struct asymmetric_key_id *kid,
+ bool partial)
{
key_ref_t key;
char *id, *p;
if (!id)
return ERR_PTR(-ENOMEM);
- *p++ = 'i';
- *p++ = 'd';
+ if (partial) {
+ *p++ = 'i';
+ *p++ = 'd';
+ } else {
+ *p++ = 'e';
+ *p++ = 'x';
+ }
*p++ = ':';
p = bin2hex(p, kid->data, kid->len);
*p = 0;
if (!trust_keyring)
return -EOPNOTSUPP;
- if (ca_keyid && !asymmetric_key_id_same(cert->authority, ca_keyid))
+ if (ca_keyid && !asymmetric_key_id_partial(cert->authority, ca_keyid))
return -EPERM;
- key = x509_request_asymmetric_key(trust_keyring, cert->authority);
+ key = x509_request_asymmetric_key(trust_keyring, cert->authority,
+ false);
if (!IS_ERR(key)) {
if (!use_builtin_keys
|| test_bit(KEY_FLAG_BUILTIN, &key->flags))
/* Propose a description */
sulen = strlen(cert->subject);
- srlen = cert->raw_serial_size;
- q = cert->raw_serial;
+ if (cert->raw_skid) {
+ srlen = cert->raw_skid_size;
+ q = cert->raw_skid;
+ } else {
+ srlen = cert->raw_serial_size;
+ q = cert->raw_serial;
+ }
if (srlen > 1 && *q == 0) {
srlen--;
q++;
projects / firefly-linux-kernel-4.4.55.git / blobdiff