Google Git
Sign in
linux / linux / kernel / git / dhowells / linux-fs / refs/heads/keys-sig
commitad3043fda39db0361d9601685356db4512e914be[log] [tgz]
authorDavid Howells <dhowells@redhat.com>Wed Apr 06 16:13:34 2016 +0100
committerDavid Howells <dhowells@redhat.com>Wed Apr 06 16:13:34 2016 +0100
tree3c3d8c2db36424117fca5561d27b170fd83e44bf
parent6c2dc5ae4ab719a61d19e8cef082226410b04ff8 [diff]
X.509: Fix self-signed determination

There's a bug in the code determining whether a certificate is self-signed
or not: if they have neither AKID nor SKID then we just assume that the
cert is self-signed, which may not be true.

Fix this by checking that the raw subject name matches the raw issuer name
and that the public key algorithm for the key and signature are both the
same in addition to requiring that the AKID bits match.

Signed-off-by: David Howells <dhowells@redhat.com>
1 file changed
tree: 3c3d8c2db36424117fca5561d27b170fd83e44bf
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS