Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 5ce43ad28262115a1eab866392f8cfb985094160^! / . / crypto / asymmetric_keys / x509_public_key.c
commit5ce43ad28262115a1eab866392f8cfb985094160[log] [tgz]
authorDavid Howells <dhowells@redhat.com>Mon Jul 28 14:11:32 2014 +0100
committerDavid Howells <dhowells@redhat.com>Tue Jul 29 13:07:58 2014 +0100
treeb89fbce6bb60fcd4dcb2102a11cf084fa6375552
parent185de09c6aa9d38ec04e34b2d9a996561963f895 [diff] [blame]
PKCS#7: Use x509_request_asymmetric_key()

pkcs7_request_asymmetric_key() and x509_request_asymmetric_key() do the same
thing, the latter being a copy of the former created by the IMA folks, so drop
the PKCS#7 version as the X.509 location is more general.

Whilst we're at it, rename the arguments of x509_request_asymmetric_key() to
better reflect what the values being passed in are intended to match on an
X.509 cert.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 4ae9822..da1e5fc 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c

@@ -43,35 +43,41 @@
 __setup("ca_keys=", ca_keys_setup);
 #endif
 
-/*
- * Find a key in the given keyring by issuer and authority.
+/**
+ * x509_request_asymmetric_key - Request a key by X.509 certificate params.
+ * @keyring: The keys to search.
+ * @subject: The name of the subject to whom the key belongs.
+ * @key_id: The subject key ID as a hex string.
+ *
+ * Find a key in the given keyring by subject name and key ID.  These might,
+ * for instance, be the issuer name and the authority key ID of an X.509
+ * certificate that needs to be verified.
  */
-static struct key *x509_request_asymmetric_key(struct key *keyring,
-					       const char *signer,
-					       const char *authority)
+struct key *x509_request_asymmetric_key(struct key *keyring,
+					const char *subject,
+					const char *key_id)
 {
 	key_ref_t key;
-	size_t signer_len = strlen(signer), auth_len = strlen(authority);
+	size_t subject_len = strlen(subject), key_id_len = strlen(key_id);
 	char *id;
 
-	/* Construct an identifier. */
-	id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL);
+	/* Construct an identifier "<subjname>:<keyid>". */
+	id = kmalloc(subject_len + 2 + key_id_len + 1, GFP_KERNEL);
 	if (!id)
 		return ERR_PTR(-ENOMEM);
 
-	memcpy(id, signer, signer_len);
-	id[signer_len + 0] = ':';
-	id[signer_len + 1] = ' ';
-	memcpy(id + signer_len + 2, authority, auth_len);
-	id[signer_len + 2 + auth_len] = 0;
+	memcpy(id, subject, subject_len);
+	id[subject_len + 0] = ':';
+	id[subject_len + 1] = ' ';
+	memcpy(id + subject_len + 2, key_id, key_id_len);
+	id[subject_len + 2 + key_id_len] = 0;
 
 	pr_debug("Look up: \"%s\"\n", id);
 
 	key = keyring_search(make_key_ref(keyring, 1),
 			     &key_type_asymmetric, id);
 	if (IS_ERR(key))
-		pr_debug("Request for module key '%s' err %ld\n",
-			 id, PTR_ERR(key));
+		pr_debug("Request for key '%s' err %ld\n", id, PTR_ERR(key));
 	kfree(id);
 
 	if (IS_ERR(key)) {