Gitiles
Code Review Sign In
android-review.linaro.org / kernel / hikey-linaro / dd2f6c4481debfa389c1f2b2b1d5bd6449c42611
commitdd2f6c4481debfa389c1f2b2b1d5bd6449c42611[log] [tgz]
authorDavid Howells <dhowells@redhat.com>Fri Oct 03 16:17:02 2014 +0100
committerDavid Howells <dhowells@redhat.com>Fri Oct 03 16:17:02 2014 +0100
treeefdec24c56f02377b3edf6660d4775cf0c804e30
parent40b50e80c5ca78b3164d79d39b4889c4e58f462e [diff]
X.509: If available, use the raw subjKeyId to form the key description

Module signing matches keys by comparing against the key description exactly.
However, the way the key description gets constructed got changed to be
composed of the subject name plus the certificate serial number instead of the
subject name and the subjectKeyId.  I changed this to avoid problems with
certificates that don't *have* a subjectKeyId.

Instead, if available, use the raw subjectKeyId to form the key description
and only use the serial number if the subjectKeyId doesn't exist.

Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
3 files changed
tree: efdec24c56f02377b3edf6660d4775cf0c804e30
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS