Message ID | 20220111180318.591029-10-roberto.sassu@huawei.com (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show |
Series | KEYS: Add support for PGP keys and signatures | expand |
diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c index 84cefe3b3585..f1ad1862ee9d 100644 --- a/crypto/asymmetric_keys/restrict.c +++ b/crypto/asymmetric_keys/restrict.c @@ -97,8 +97,14 @@ int restrict_link_by_signature(struct key *dest_keyring, key = find_asymmetric_key(trust_keyring, sig->auth_ids[0], sig->auth_ids[1], false); - if (IS_ERR(key)) - return -ENOKEY; + if (IS_ERR(key)) { + /* Retry with a partial ID. */ + key = find_asymmetric_key(trust_keyring, + sig->auth_ids[0], sig->auth_ids[1], + true); + if (IS_ERR(key)) + return -ENOKEY; + } if (use_builtin_keys && !test_bit(KEY_FLAG_BUILTIN, &key->flags)) ret = -ENOKEY;
Retry asymmetric key search in restrict_link_by_signature() to support the case of partial IDs, provided by PGP signatures (only the last 8 bytes). Although recently draft-ietf-openpgp-rfc4880bis-10 supports the signature subpacket type 33, which contains the full issuer fingerprint, we cannot rely on existing signatures to support it. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> --- crypto/asymmetric_keys/restrict.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)