Searched hist:dd2f6c4481debfa389c1f2b2b1d5bd6449c42611 (Results 1 – 3 of 3) sorted by relevance
| /openbmc/linux/crypto/asymmetric_keys/ |
| H A D | x509_parser.h | diff dd2f6c4481debfa389c1f2b2b1d5bd6449c42611 Fri Oct 03 10:17:02 CDT 2014 David Howells <dhowells@redhat.com> X.509: If available, use the raw subjKeyId to form the key description
Module signing matches keys by comparing against the key description exactly.
However, the way the key description gets constructed got changed to be
composed of the subject name plus the certificate serial number instead of the
subject name and the subjectKeyId. I changed this to avoid problems with
certificates that don't *have* a subjectKeyId.
Instead, if available, use the raw subjectKeyId to form the key description
and only use the serial number if the subjectKeyId doesn't exist.
Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| H A D | x509_cert_parser.c | diff dd2f6c4481debfa389c1f2b2b1d5bd6449c42611 Fri Oct 03 10:17:02 CDT 2014 David Howells <dhowells@redhat.com> X.509: If available, use the raw subjKeyId to form the key description
Module signing matches keys by comparing against the key description exactly.
However, the way the key description gets constructed got changed to be
composed of the subject name plus the certificate serial number instead of the
subject name and the subjectKeyId. I changed this to avoid problems with
certificates that don't *have* a subjectKeyId.
Instead, if available, use the raw subjectKeyId to form the key description
and only use the serial number if the subjectKeyId doesn't exist.
Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| H A D | x509_public_key.c | diff dd2f6c4481debfa389c1f2b2b1d5bd6449c42611 Fri Oct 03 10:17:02 CDT 2014 David Howells <dhowells@redhat.com> X.509: If available, use the raw subjKeyId to form the key description
Module signing matches keys by comparing against the key description exactly.
However, the way the key description gets constructed got changed to be
composed of the subject name plus the certificate serial number instead of the
subject name and the subjectKeyId. I changed this to avoid problems with
certificates that don't *have* a subjectKeyId.
Instead, if available, use the raw subjectKeyId to form the key description
and only use the serial number if the subjectKeyId doesn't exist.
Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|