iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/crypto/asymmetric_keys
History
David Howells 436529562d X.509: Allow X.509 certs to be blacklisted 
Allow X.509 certs to be blacklisted based on their TBSCertificate hash.
This is convenient since we have to determine this anyway to be able to
check the signature on an X.509 certificate.  This is also what UEFI uses
in its blacklist.

If a certificate built into the kernel is blacklisted, something like the
following might then be seen during boot:

	X.509: Cert 123412341234c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 is blacklisted
	Problem loading in-kernel X.509 certificate (-129)

where the hex string shown is the blacklisted hash.

Signed-off-by: David Howells <dhowells@redhat.com>
2017-04-03 16:07:25 +01:00
..
.gitignore
X.509: Add a crypto key parser for binary (DER) X.509 certificates
2012-10-08 13:50:22 +10:30
asymmetric_keys.h
KEYS: Generalise x509_request_asymmetric_key()
2016-04-11 22:41:56 +01:00
asymmetric_type.c
KEYS: Generalise x509_request_asymmetric_key()
2016-04-11 22:41:56 +01:00
Kconfig
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2016-05-30 15:20:18 -07:00
Makefile
X.509: Move the trust validation code out to its own file
2016-04-11 22:42:55 +01:00
mscode_parser.c
pefile: Fix the failure of calculation for digest
2016-07-18 12:19:46 +10:00
mscode.asn1
pefile: Parse the "Microsoft individual code signing" data blob
2014-07-09 14:58:37 +01:00
pkcs7_key_type.c
KEYS: The PKCS#7 test key type should use the secondary keyring
2016-05-11 14:31:55 +01:00
pkcs7_parser.c
KEYS: Generalise system_verify_data() to provide access to internal content
2016-04-06 16:14:24 +01:00
pkcs7_parser.h
PKCS#7: Make trust determination dependent on contents of trust keyring
2016-04-06 16:14:24 +01:00
pkcs7_trust.c
KEYS: Generalise x509_request_asymmetric_key()
2016-04-11 22:41:56 +01:00
pkcs7_verify.c
PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined
2016-07-18 12:19:44 +10:00
pkcs7.asn1
PKCS#7: Appropriately restrict authenticated attributes and content type
2015-08-12 17:01:01 +01:00
public_key.c
crypto: asymmetric_keys - set error code on failure
2016-12-14 18:33:13 +08:00
restrict.c
KEYS: Fix for erroneous trust of incorrectly signed X.509 certs
2016-07-18 12:19:47 +10:00
signature.c
KEYS: Add identifier pointers to public_key_signature struct
2016-04-06 16:13:33 +01:00
verify_pefile.c
PKCS#7: Make trust determination dependent on contents of trust keyring
2016-04-06 16:14:24 +01:00
verify_pefile.h
KEYS: Generalise system_verify_data() to provide access to internal content
2016-04-06 16:14:24 +01:00
x509_akid.asn1
X.509: Extract both parts of the AuthorityKeyIdentifier
2015-08-07 16:26:13 +01:00
x509_cert_parser.c
X.509: Fix double free in x509_cert_parse() [ver #3]
2016-11-25 12:57:48 +11:00
x509_parser.h
X.509: Allow X.509 certs to be blacklisted
2017-04-03 16:07:25 +01:00
x509_public_key.c
X.509: Allow X.509 certs to be blacklisted
2017-04-03 16:07:25 +01:00
x509.asn1
X.509: Add bits needed for PKCS#7
2014-07-01 16:40:19 +01:00