linux/crypto/asymmetric_keys
David Howells 4155942000 PKCS#7: Better handling of unsupported crypto
Provide better handling of unsupported crypto when verifying a PKCS#7 message.
If we can't bridge the gap between a pair of X.509 certs or between a signed
info block and an X.509 cert because it involves some crypto we don't support,
that's not necessarily the end of the world as there may be other ways points
at which we can intersect with a ring of trusted keys.

Instead, only produce ENOPKG immediately if all the signed info blocks in a
PKCS#7 message require unsupported crypto to bridge to the first X.509 cert.
Otherwise, we defer the generation of ENOPKG until we get ENOKEY during trust
validation.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2014-09-16 17:36:15 +01:00
..
.gitignore X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
asymmetric_keys.h KEYS: Overhaul key identification when searching for asymmetric keys 2014-09-16 17:36:13 +01:00
asymmetric_type.c KEYS: Overhaul key identification when searching for asymmetric keys 2014-09-16 17:36:13 +01:00
Kconfig Merge branch 'keys-fixes' into keys-next 2014-07-22 21:55:45 +01:00
Makefile pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
mscode_parser.c pefile: Handle pesign using the wrong OID 2014-07-09 14:58:37 +01:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
pkcs7_key_type.c KEYS: Remove key_type::match in favour of overriding default by match_preparse 2014-09-16 17:36:06 +01:00
pkcs7_parser.c KEYS: Overhaul key identification when searching for asymmetric keys 2014-09-16 17:36:13 +01:00
pkcs7_parser.h PKCS#7: Better handling of unsupported crypto 2014-09-16 17:36:15 +01:00
pkcs7_trust.c PKCS#7: Better handling of unsupported crypto 2014-09-16 17:36:15 +01:00
pkcs7_verify.c PKCS#7: Better handling of unsupported crypto 2014-09-16 17:36:15 +01:00
pkcs7.asn1 PKCS#7: Implement a parser [RFC 2315] 2014-07-08 13:49:56 +01:00
public_key.c keys: change asymmetric keys to use common hash definitions 2013-10-25 17:15:18 -04:00
public_key.h KEYS: Split public_key_verify_signature() and make available 2013-09-25 17:17:00 +01:00
rsa.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-11-23 16:18:25 -08:00
signature.c KEYS: Set pr_fmt() in asymmetric key signature handling 2014-09-03 11:08:45 +10:00
verify_pefile.c pefile: Validate PKCS#7 trust chain 2014-07-09 14:58:47 +01:00
verify_pefile.h pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
x509_cert_parser.c KEYS: Overhaul key identification when searching for asymmetric keys 2014-09-16 17:36:13 +01:00
x509_parser.h PKCS#7: Better handling of unsupported crypto 2014-09-16 17:36:15 +01:00
x509_public_key.c PKCS#7: Better handling of unsupported crypto 2014-09-16 17:36:15 +01:00
x509_rsakey.asn1 X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
x509.asn1 X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00