X.509: Retain the key verification data Retain the key verification data (ie. the struct public_key_signature) including the digest and the key identifiers. Note that this means that we need to take a separate copy of the digest in x509_get_sig_params() rather than lumping it in with the crypto layer data. Signed-off-by: David Howells <dhowells@redhat.com>

commit: 77d0910d153a7946df17cc15d3f423e534345f65 [log] [tgz]
author: David Howells <dhowells@redhat.com> Wed Apr 06 16:13:33 2016 +0100
committer: David Howells <dhowells@redhat.com> Wed Apr 06 16:13:33 2016 +0100
tree: 2b32d94de42a5a2003b5bd5966e3e73f78d04934
parent: a022ec02691cf68e1fe237d5f79d54aa95446cc6 [diff] [blame]
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
index 7d7a39b4..ed81282 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c

@@ -80,16 +80,16 @@
 
 		might_sleep();
 		last = x509;
-		sig = &last->sig;
+		sig = last->sig;
 	}
 
 	/* No match - see if the root certificate has a signer amongst the
 	 * trusted keys.
 	 */
-	if (last && (last->akid_id || last->akid_skid)) {
+	if (last && (last->sig->auth_ids[0] || last->sig->auth_ids[1])) {
 		key = x509_request_asymmetric_key(trust_keyring,
-						  last->akid_id,
-						  last->akid_skid,
+						  last->sig->auth_ids[0],
+						  last->sig->auth_ids[1],
 						  false);
 		if (!IS_ERR(key)) {
 			x509 = last;
commit	77d0910d153a7946df17cc15d3f423e534345f65	[log] [tgz]
author	David Howells <dhowells@redhat.com>	Wed Apr 06 16:13:33 2016 +0100
committer	David Howells <dhowells@redhat.com>	Wed Apr 06 16:13:33 2016 +0100
tree	2b32d94de42a5a2003b5bd5966e3e73f78d04934
parent	a022ec02691cf68e1fe237d5f79d54aa95446cc6 [diff] [blame]