X.509: Retain the key verification data

Retain the key verification data (ie. the struct public_key_signature) including the digest and the key identifiers. Note that this means that we need to take a separate copy of the digest in x509_get_sig_params() rather than lumping it in with the crypto layer data. Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2016-04-06 16:13:33 +0100
committer: David Howells <dhowells@redhat.com> 2016-04-06 16:13:33 +0100
commit: 77d0910d153a7946df17cc15d3f423e534345f65 (patch)
tree: 2b32d94de42a5a2003b5bd5966e3e73f78d04934 /crypto/asymmetric_keys/pkcs7_trust.c
parent: a022ec02691cf68e1fe237d5f79d54aa95446cc6 (diff)
download: linux-77d0910d153a7946df17cc15d3f423e534345f65.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
index 7d7a39b47c62..ed8128230dce 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -80,16 +80,16 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
 
 		might_sleep();
 		last = x509;
-		sig = &last->sig;
+		sig = last->sig;
 	}
 
 	/* No match - see if the root certificate has a signer amongst the
 	 * trusted keys.
 	 */
-	if (last && (last->akid_id || last->akid_skid)) {
+	if (last && (last->sig->auth_ids[0] || last->sig->auth_ids[1])) {
 		key = x509_request_asymmetric_key(trust_keyring,
-						  last->akid_id,
-						  last->akid_skid,
+						  last->sig->auth_ids[0],
+						  last->sig->auth_ids[1],
 						  false);
 		if (!IS_ERR(key)) {
 			x509 = last;
author	David Howells <dhowells@redhat.com>	2016-04-06 16:13:33 +0100
committer	David Howells <dhowells@redhat.com>	2016-04-06 16:13:33 +0100
commit	77d0910d153a7946df17cc15d3f423e534345f65 (patch)
tree	2b32d94de42a5a2003b5bd5966e3e73f78d04934 /crypto/asymmetric_keys/pkcs7_trust.c
parent	a022ec02691cf68e1fe237d5f79d54aa95446cc6 (diff)
download	linux-77d0910d153a7946df17cc15d3f423e534345f65.tar.gz