You need to sign in or sign up before continuing.
- 26 9月, 2013 2 次提交
-
-
由 David Howells 提交于
Modify public_key_verify_signature() so that it now takes a public_key struct rather than a key struct and supply a wrapper that takes a key struct. The wrapper is then used by the asymmetric key subtype and the modified function is used by X.509 self-signature checking and can be used by other things also. Signed-off-by: NDavid Howells <dhowells@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org> Reviewed-by: NJosh Boyer <jwboyer@redhat.com>
-
由 David Howells 提交于
Store public key algo ID in public_key struct for reference purposes. This allows it to be removed from the x509_certificate struct and used to find a default in public_key_verify_signature(). Signed-off-by: NDavid Howells <dhowells@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org> Reviewed-by: NJosh Boyer <jwboyer@redhat.com>
-
- 25 9月, 2013 2 次提交
-
-
由 David Howells 提交于
Move the public-key algorithm pointer array from x509_public_key.c to public_key.c as it isn't X.509 specific. Note that to make this configure correctly, the public key part must be dependent on the RSA module rather than the other way round. This needs a further patch to make use of the crypto module loading stuff rather than using a fixed table. Signed-off-by: NDavid Howells <dhowells@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org> Reviewed-by: NJosh Boyer <jwboyer@redhat.com>
-
由 David Howells 提交于
Rename the arrays of public key parameters (public key algorithm names, hash algorithm names and ID type names) so that the array name ends in "_name". Signed-off-by: NDavid Howells <dhowells@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org> Reviewed-by: NJosh Boyer <jwboyer@redhat.com>
-
- 10 10月, 2012 2 次提交
-
-
由 David Howells 提交于
Some debugging printk() calls should've been converted to pr_devel() calls. Do that now. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
-
由 David Howells 提交于
The current choice of lifetime for the autogenerated X.509 of 100 years, putting the validTo date in 2112, causes problems on 32-bit systems where a 32-bit time_t wraps in 2106. 64-bit x86_64 systems seem to be unaffected. This can result in something like: Loading module verification certificates X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has expired MODSIGN: Problem loading in-kernel X.509 certificate (-127) Or: X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 is not yet valid MODSIGN: Problem loading in-kernel X.509 certificate (-129) Instead of turning the dates into time_t values and comparing, turn the system clock and the ASN.1 dates into tm structs and compare those piecemeal instead. Reported-by: NRusty Russell <rusty@rustcorp.com.au> Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NJosh Boyer <jwboyer@redhat.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
-
- 08 10月, 2012 1 次提交
-
-
由 David Howells 提交于
Add a crypto key parser for binary (DER) encoded X.509 certificates. The certificate is parsed and, if possible, the signature is verified. An X.509 key can be added like this: # keyctl padd crypto bar @s </tmp/x509.cert 15768135 and displayed like this: # cat /proc/keys 00f09a47 I--Q--- 1 perm 39390000 0 0 asymmetri bar: X509.RSA e9fd6d08 [] Note that this only works with binary certificates. PEM encoded certificates are ignored by the parser. Note also that the X.509 key ID is not congruent with the PGP key ID, but for the moment, they will match. If a NULL or "" name is given to add_key(), then the parser will generate a key description from the CertificateSerialNumber and Name fields of the TBSCertificate: 00aefc4e I--Q--- 1 perm 39390000 0 0 asymmetri bfbc0cd76d050ea4:/C=GB/L=Cambridge/O=Red Hat/CN=kernel key: X509.RSA 0c688c7b [] Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
-