commit f1b731dbc2530cab93fcfc5fcb18c9f3a100feeb
author Dmitry Kasatkin <d.kasatkin@samsung.com> Mon Oct 06 15:21:05 2014 +0100
committer David Howells <dhowells@redhat.com> Mon Oct 06 15:21:05 2014 +0100
tree b5b02c3fd51b13e11a5212e4b726f5e2df653f8a
parent dd2f6c4481debfa389c1f2b2b1d5bd6449c42611

KEYS: Restore partial ID matching functionality for asymmetric keys

Bring back the functionality whereby an asymmetric key can be matched with a
partial match on one of its IDs.

Whilst we're at it, allow for the possibility of having an increased number of
IDs.

Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>

crypto/asymmetric_keys/pkcs7_trust.c

diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
index ae47be6..1d29376 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -54,7 +54,8 @@
 		/* Look to see if this certificate is present in the trusted
 		 * keys.
 		 */
-		key = x509_request_asymmetric_key(trust_keyring, x509->id);
+		key = x509_request_asymmetric_key(trust_keyring, x509->id,
+						  false);
 		if (!IS_ERR(key)) {
 			/* One of the X.509 certificates in the PKCS#7 message
 			 * is apparently the same as one we already trust.
@@ -85,7 +86,8 @@
 	 * trusted keys.
 	 */
 	if (last && last->authority) {
-		key = x509_request_asymmetric_key(trust_keyring, last->authority);
+		key = x509_request_asymmetric_key(trust_keyring, last->authority,
+						  false);
 		if (!IS_ERR(key)) {
 			x509 = last;
 			pr_devel("sinfo %u: Root cert %u signer is key %x\n",
@@ -100,7 +102,8 @@
 	 * the signed info directly.
 	 */
 	key = x509_request_asymmetric_key(trust_keyring,
-					  sinfo->signing_cert_id);
+					  sinfo->signing_cert_id,
+					  false);
 	if (!IS_ERR(key)) {
 		pr_devel("sinfo %u: Direct signer is key %x\n",
 			 sinfo->index, key_serial(key));