OpenCloudOS-Kernel/include/crypto
David Howells 4573b64a31 X.509: Support X.509 lookup by Issuer+Serial form AuthorityKeyIdentifier
If an X.509 certificate has an AuthorityKeyIdentifier extension that provides
an issuer and serialNumber, then make it so that these are used in preference
to the keyIdentifier field also held therein for searching for the signing
certificate.

If both the issuer+serialNumber and the keyIdentifier are supplied, then the
certificate is looked up by the former but the latter is checked as well.  If
the latter doesn't match the subjectKeyIdentifier of the parent certificate,
EKEYREJECTED is returned.

This makes it possible to chain X.509 certificates based on the issuer and
serialNumber fields rather than on subjectKeyIdentifier.  This is necessary as
we are having to deal with keys that are represented by X.509 certificates
that lack a subjectKeyIdentifier.

Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Vivek Goyal <vgoyal@redhat.com>
2015-08-07 16:26:13 +01:00
..
internal crypto: rng - Do not free default RNG when it becomes unused 2015-06-22 15:49:18 +08:00
ablk_helper.h crypto: create generic version of ablk_helper 2013-09-24 06:02:24 +10:00
aead.h crypto: doc - Fix typo in crypto-API.xml 2015-06-04 15:05:08 +08:00
aes.h crypto: aes - Move key_length in struct crypto_aes_ctx to be the last field 2009-02-18 16:48:04 +08:00
akcipher.h crypto: akcipher - add PKE API 2015-06-17 17:03:14 +08:00
algapi.h crypto: aead - Convert top level interface to new style 2015-05-13 10:31:53 +08:00
authenc.h crypto: authenc - Export key parsing helper function 2013-10-16 20:56:25 +08:00
b128ops.h [CRYPTO] lib: some common 128-bit block operations, nicely centralized 2006-12-06 18:38:55 -08:00
blowfish.h crypto: blowfish - split generic and common c code 2011-09-22 21:25:25 +10:00
cast5.h crypto: cast5/cast6 - move lookup tables to shared module 2012-12-06 17:16:26 +08:00
cast6.h crypto: cast5/cast6 - move lookup tables to shared module 2012-12-06 17:16:26 +08:00
cast_common.h crypto: cast5/cast6 - move lookup tables to shared module 2012-12-06 17:16:26 +08:00
compress.h crypto: pcomp - Constify (de)compression parameters 2015-05-01 11:16:37 +08:00
cryptd.h crypto: cryptd - Add missing aead.h inclusion 2015-05-13 10:31:46 +08:00
crypto_wq.h crypto: api - Use dedicated workqueue for crypto subsystem 2009-02-19 14:33:40 +08:00
ctr.h [CRYPTO] ctr: Refactor into ctr and rfc3686 2008-01-11 08:16:41 +11:00
des.h crypto: des_3des - add x86-64 assembly implementation 2014-06-20 21:27:58 +08:00
drbg.h crypto: drbg - reseed often if seedsource is degraded 2015-06-10 19:14:05 +08:00
gf128mul.h Update broken web addresses in the kernel. 2010-10-18 11:03:14 +02:00
hash.h crypto: doc - Fix typo in crypto-API.xml 2015-06-04 15:05:08 +08:00
hash_info.h crypto: provide single place for hash algo information 2013-10-25 17:14:03 -04:00
if_alg.h crypto: af_alg - Allow to link sgl 2015-03-23 16:41:37 -04:00
lrw.h crypto: lrw - add interface for parallelized cipher implementions 2011-11-09 11:50:31 +08:00
mcryptd.h crypto: sha-mb - multibuffer crypto infrastructure 2014-08-25 20:32:25 +08:00
md5.h crypto: md5 - add MD5 initial vectors 2015-05-18 12:20:18 +08:00
null.h crypto: null - Add default null skcipher 2015-05-22 11:25:55 +08:00
padlock.h crypto: padlock - Move padlock.h into include/crypto 2011-01-07 14:52:00 +11:00
pcrypt.h crypto: pcrypt - Add pcrypt crypto parallelization wrapper 2010-01-07 15:57:19 +11:00
pkcs7.h PKCS#7: Find intersection between PKCS#7 message and known, trusted keys 2014-07-08 13:50:15 +01:00
public_key.h X.509: Support X.509 lookup by Issuer+Serial form AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
rng.h crypto: doc - Fix typo in crypto-API.xml 2015-06-04 15:05:08 +08:00
scatterwalk.h crypto: scatterwalk - Add scatterwalk_ffwd helper 2015-05-22 11:25:50 +08:00
serpent.h crypto: serpent-sse2 - add lrw support 2011-11-21 16:13:24 +08:00
sha.h crypto: sha512-generic - move to generic glue implementation 2015-04-10 21:39:41 +08:00
sha1_base.h crypto: sha1 - implement base layer for SHA-1 2015-04-10 21:39:39 +08:00
sha256_base.h crypto: sha256 - implement base layer for SHA-256 2015-04-10 21:39:39 +08:00
sha512_base.h crypto: sha512 - implement base layer for SHA-512 2015-04-10 21:39:39 +08:00
skcipher.h crypto: Resolve shadow warnings 2014-08-01 22:35:55 +08:00
twofish.h crypto: twofish-x86_64-3way - add lrw support 2011-11-09 11:53:32 +08:00
vmac.h crypto: vmac - Make VMAC work when blocks aren't aligned 2012-10-15 22:33:20 +08:00
xts.h crypto: xts: add interface for parallelized cipher implementations 2011-11-09 11:56:06 +08:00