KEYS: use swapped SKID for performing partial matching (8dd60980) · Commits · e / devices / android_kernel_fairphone_FP3

crypto/asymmetric_keys/x509_cert_parser.c

+6 −6

Original line number	Original line	Diff line number	Diff line
	@@ -437,9 +437,9 @@ int x509_process_extension(void *context, size_t hdrlen,

	ctx->cert->raw_skid_size = vlen;		ctx->cert->raw_skid_size = vlen;
	ctx->cert->raw_skid = v;		ctx->cert->raw_skid = v;
	kid = asymmetric_key_generate_id(v, vlen,		kid = asymmetric_key_generate_id(ctx->cert->raw_subject,
	ctx->cert->raw_subject,		ctx->cert->raw_subject_size,
	ctx->cert->raw_subject_size);		v, vlen);
	if (IS_ERR(kid))		if (IS_ERR(kid))
	return PTR_ERR(kid);		return PTR_ERR(kid);
	ctx->cert->skid = kid;		ctx->cert->skid = kid;
	@@ -493,9 +493,9 @@ int x509_process_extension(void *context, size_t hdrlen,
	v += (sub + 2);		v += (sub + 2);
	}		}

	kid = asymmetric_key_generate_id(v, vlen,		kid = asymmetric_key_generate_id(ctx->cert->raw_issuer,
	ctx->cert->raw_issuer,		ctx->cert->raw_issuer_size,
	ctx->cert->raw_issuer_size);		v, vlen);
	if (IS_ERR(kid))		if (IS_ERR(kid))
	return PTR_ERR(kid);		return PTR_ERR(kid);
	pr_debug("authkeyid %*phN\n", kid->len, kid->data);		pr_debug("authkeyid %*phN\n", kid->len, kid->data);

+3 −3

Original line number	Original line	Diff line number	Diff line
	@@ -19,9 +19,9 @@ struct x509_certificate {
	struct public_key_signature sig; /* Signature parameters */		struct public_key_signature sig; /* Signature parameters */
	char issuer; / Name of certificate issuer */		char issuer; / Name of certificate issuer */
	char subject; / Name of certificate subject */		char subject; / Name of certificate subject */
	struct asymmetric_key_id id; / Issuer + serial number */		struct asymmetric_key_id id; / Serial number + issuer */
	struct asymmetric_key_id skid; / Subject key identifier */		struct asymmetric_key_id skid; / Subject + subjectKeyId (optional) */
	struct asymmetric_key_id authority; / Authority key identifier */		struct asymmetric_key_id authority; / Authority key identifier (optional) */
	struct tm valid_from;		struct tm valid_from;
	struct tm valid_to;		struct tm valid_to;
	const void tbs; / Signed data */		const void tbs; / Signed data */

Original line number	Original line	Diff line number	Diff line
	@@ -19,9 +19,9 @@ struct x509_certificate {
	struct public_key_signature sig; /* Signature parameters */		struct public_key_signature sig; /* Signature parameters */
	char issuer; / Name of certificate issuer */		char issuer; / Name of certificate issuer */
	char subject; / Name of certificate subject */		char subject; / Name of certificate subject */
	struct asymmetric_key_id id; / Issuer + serial number */		struct asymmetric_key_id id; / Serial number + issuer */
	struct asymmetric_key_id skid; / Subject key identifier */		struct asymmetric_key_id skid; / Subject + subjectKeyId (optional) */
	struct asymmetric_key_id authority; / Authority key identifier */		struct asymmetric_key_id authority; / Authority key identifier (optional) */
	struct tm valid_from;		struct tm valid_from;
	struct tm valid_to;		struct tm valid_to;
	const void tbs; / Signed data */		const void tbs; / Signed data */