OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
a4c6e57f4f
linux/crypto
History
David Howells a4c6e57f4f X.509: Change recorded SKID & AKID to not include Subject or Issuer 
The key identifiers fabricated from an X.509 certificate are currently:

 (A) Concatenation of serial number and issuer

 (B) Concatenation of subject and subjectKeyID (SKID)

When verifying one X.509 certificate with another, the AKID in the target
can be used to match the authoritative certificate.  The AKID can specify
the match in one or both of two ways:

 (1) Compare authorityCertSerialNumber and authorityCertIssuer from the AKID
     to identifier (A) above.

 (2) Compare keyIdentifier from the AKID plus the issuer from the target
     certificate to identifier (B) above.

When verifying a PKCS#7 message, the only available comparison is between
the IssuerAndSerialNumber field and identifier (A) above.

However, a subsequent patch adds CMS support.  Whilst CMS still supports a
match on IssuerAndSerialNumber as for PKCS#7, it also supports an
alternative - which is the SubjectKeyIdentifier field.  This is used to
match to an X.509 certificate on the SKID alone.  No subject information is
available to be used.

To this end change the fabrication of (B) above to be from the X.509 SKID
alone.  The AKID in keyIdentifier form then only matches on that and does
not include the issuer.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-By: David Woodhouse <David.Woodhouse@intel.com>
2015-08-12 17:01:01 +01:00
..
asymmetric_keys X.509: Change recorded SKID & AKID to not include Subject or Issuer 2015-08-12 17:01:01 +01:00
async_tx md/raid5: activate raid6 rmw feature 2015-04-22 08:00:42 +10:00
.gitignore crypto: rsa - add .gitignore for crypto/*.-asn1.[ch] files 2015-06-25 23:29:24 +08:00
842.c crypto: 842 - change 842 alg to use software 2015-05-11 15:06:43 +08:00
ablk_helper.c crypto: cryptd - process CRYPTO_ALG_INTERNAL 2015-03-31 21:21:04 +08:00
ablkcipher.c crypto: skcipher - Allow givencrypt to be NULL 2015-06-22 15:49:16 +08:00
aead.c crypto: aead - Add multiple algorithm registration interface 2015-06-03 10:48:35 +08:00
aes_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
af_alg.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-06-24 16:49:49 -07:00
ahash.c crypto: replace scatterwalk_sg_next with sg_next 2015-01-26 11:34:22 +11:00
akcipher.c crypto: akcipher - fix spelling cihper -> cipher 2015-06-25 23:18:32 +08:00
algapi.c crypto: api - Include alignment in crypto_alg_extsize 2015-06-03 10:48:34 +08:00
algboss.c
algif_aead.c crypto: algif_aead - Temporarily disable all AEAD algorithms 2015-06-22 15:49:30 +08:00
algif_hash.c new helper: msg_data_left() 2015-04-11 15:53:35 -04:00
algif_rng.c crypto: algif_rng - Remove obsolete const-removal cast 2015-04-22 09:30:21 +08:00
algif_skcipher.c new helper: msg_data_left() 2015-04-11 15:53:35 -04:00
ansi_cprng.c crypto: ansi_cprng - Convert to new rng interface 2015-04-22 09:30:18 +08:00
anubis.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
api.c crypto: api - prevent helper ciphers from being used 2015-03-31 21:21:03 +08:00
arc4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
authenc.c crypto: authenc - Use crypto_aead_set_reqsize helper 2015-05-13 10:31:37 +08:00
authencesn.c crypto: authencesn - Use crypto_aead_set_reqsize helper 2015-05-13 10:31:38 +08:00
blkcipher.c crypto: blkcipher - Include crypto/aead.h 2015-05-13 10:31:34 +08:00
blowfish_common.c
blowfish_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
camellia_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast5_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast6_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast_common.c
cbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
ccm.c crypto: ccm - Use crypto_aead_set_reqsize helper 2015-05-13 10:31:39 +08:00
chacha20_generic.c crypto: chacha20 - Add a generic ChaCha20 stream cipher implementation 2015-06-04 15:04:49 +08:00
chacha20poly1305.c crypto: poly1305 - Pass key as first two message blocks to each desc_ctx 2015-06-17 15:35:11 +08:00
chainiv.c crypto: chainiv - Offer normal cipher functionality without RNG 2015-06-22 15:49:28 +08:00
cipher.c
cmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
compress.c
crc32.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
crc32c_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
crct10dif_common.c
crct10dif_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cryptd.c crypto: cryptd - Convert to new AEAD interface 2015-06-03 10:48:37 +08:00
crypto_null.c crypto: null - Add default null skcipher 2015-05-22 11:25:55 +08:00
crypto_user.c crypto: user - Add CRYPTO_MSG_DELRNG 2015-06-22 15:49:27 +08:00
crypto_wq.c
ctr.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
cts.c crypto: cts - Weed out non-CBC algorithms 2015-01-20 14:44:15 +11:00
deflate.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
des_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
drbg.c crypto: drbg - report backend_cra_name when allocation fails 2015-06-11 21:55:28 +08:00
ecb.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
echainiv.c crypto: echainiv - Only hold RNG during initialisation 2015-06-22 15:49:29 +08:00
eseqiv.c crypto: eseqiv - Offer normal cipher functionality without RNG 2015-06-22 15:49:28 +08:00
fcrypt.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
fips.c crypto: fips - Move fips_enabled sysctl into fips.c 2015-04-23 14:18:09 +08:00
gcm.c crypto: gcm - Convert to new AEAD interface 2015-06-17 15:35:05 +08:00
gf128mul.c
ghash-generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
hash_info.c
hmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
internal.h crypto: api - Remove linux/fips.h from internal.h 2015-04-23 14:18:10 +08:00
jitterentropy-kcapi.c crypto: jitterentropy - avoid compiler warnings 2015-06-25 23:18:32 +08:00
jitterentropy.c crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree" 2015-06-25 23:18:33 +08:00
Kconfig crypto: rsa - fix invalid select for AKCIPHER 2015-06-21 19:59:28 +08:00
khazad.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
lrw.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
lz4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
lz4hc.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
lzo.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
Makefile crypto: jitterentropy - avoid compiler warnings 2015-06-25 23:18:32 +08:00
mcryptd.c crypto: mcryptd - process CRYPTO_ALG_INTERNAL 2015-03-31 21:21:13 +08:00
md4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
md5.c crypto: md5 - use md5 IV MD5_HX instead of their raw value 2015-05-18 12:20:18 +08:00
memneq.c
michael_mic.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
pcbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
pcompress.c crypto: pcomp - Use crypto_alg_extsize helper 2015-04-21 10:19:55 +08:00
pcrypt.c crypto: pcrypt - Add support for new AEAD interface 2015-06-03 10:48:35 +08:00
poly1305_generic.c crypto: poly1305 - Pass key as first two message blocks to each desc_ctx 2015-06-17 15:35:11 +08:00
proc.c crypto: fips - Move fips_enabled sysctl into fips.c 2015-04-23 14:18:09 +08:00
ripemd.h
rmd128.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd160.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd256.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd320.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rng.c crypto: rng - Do not free default RNG when it becomes unused 2015-06-22 15:49:18 +08:00
rsa_helper.c crypto: rsa - add a new rsa generic implementation 2015-06-17 17:03:53 +08:00
rsa.c crypto: rsa - add a new rsa generic implementation 2015-06-17 17:03:53 +08:00
rsakey.asn1 crypto: rsa - add a new rsa generic implementation 2015-06-17 17:03:53 +08:00
salsa20_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
scatterwalk.c crypto: scatterwalk - Hide PageSlab call to optimise away flush_dcache_page 2015-06-03 10:51:25 +08:00
seed.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
seqiv.c crypto: seqiv - Add compatibility support without RNG 2015-06-22 15:49:28 +08:00
serpent_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
sha1_generic.c crypto: sha1-generic - move to generic glue implementation 2015-04-10 21:39:40 +08:00
sha256_generic.c crypto: sha256-generic - move to generic glue implementation 2015-04-10 21:39:41 +08:00
sha512_generic.c crypto: sha512-generic - move to generic glue implementation 2015-04-10 21:39:41 +08:00
shash.c crypto: shash - Use crypto_alg_extsize helper 2015-04-21 10:19:54 +08:00
tcrypt.c crypto: tcrypt - Fixed AEAD speed test setup 2015-06-18 14:45:33 +08:00
tcrypt.h crypto: tcrypt - Add rfc4309(ccm(aes)) speed test 2015-06-18 14:45:32 +08:00
tea.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
testmgr.c crypto: testmgr - don't print info about missing test for gcm-aes-aesni 2015-06-25 23:18:33 +08:00
testmgr.h crypto: testmgr - add tests vectors for RSA 2015-06-17 17:03:54 +08:00
tgr192.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
twofish_common.c
twofish_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
vmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
wp512.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
xcbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
xor.c
xts.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
zlib.c crypto: pcomp - Constify (de)compression parameters 2015-05-01 11:16:37 +08:00