| /linux-6.1.9/crypto/asymmetric_keys/ |
| D | pkcs7_trust.c | 27 struct x509_certificate *x509, *last = NULL, *p; in pkcs7_validate_trust_one() local
38 for (x509 = sinfo->signer; x509; x509 = x509->signer) { in pkcs7_validate_trust_one()
39 if (x509->seen) { in pkcs7_validate_trust_one()
40 if (x509->verified) in pkcs7_validate_trust_one()
45 x509->seen = true; in pkcs7_validate_trust_one()
51 x509->id, x509->skid, NULL, false); in pkcs7_validate_trust_one()
59 sinfo->index, x509->index, key_serial(key)); in pkcs7_validate_trust_one()
68 if (x509->signer == x509) { in pkcs7_validate_trust_one()
74 last = x509; in pkcs7_validate_trust_one()
87 x509 = last; in pkcs7_validate_trust_one()
[all …]
|
| D | pkcs7_verify.c | 161 struct x509_certificate *x509; in pkcs7_find_key() local
166 for (x509 = pkcs7->certs; x509; x509 = x509->next, certix++) { in pkcs7_find_key()
172 if (!asymmetric_key_id_same(x509->id, sinfo->sig->auth_ids[0])) in pkcs7_find_key()
177 sinfo->signer = x509; in pkcs7_find_key()
197 struct x509_certificate *x509 = sinfo->signer, *p; in pkcs7_verify_sig_chain() local
208 x509->subject, in pkcs7_verify_sig_chain()
209 x509->raw_serial_size, x509->raw_serial); in pkcs7_verify_sig_chain()
210 x509->seen = true; in pkcs7_verify_sig_chain()
212 if (x509->blacklisted) { in pkcs7_verify_sig_chain()
217 for (p = sinfo->signer; p != x509; p = p->signer) in pkcs7_verify_sig_chain()
[all …]
|
| D | Makefile | 20 x509.asn1.o \
28 $(obj)/x509.asn1.h \
31 $(obj)/x509.asn1.o: $(obj)/x509.asn1.c $(obj)/x509.asn1.h
|
| D | pkcs7_parser.c | 407 struct x509_certificate *x509; in pkcs7_extract_cert() local
426 x509 = x509_cert_parse(value, vlen); in pkcs7_extract_cert()
427 if (IS_ERR(x509)) in pkcs7_extract_cert()
428 return PTR_ERR(x509); in pkcs7_extract_cert()
430 x509->index = ++ctx->x509_index; in pkcs7_extract_cert()
431 pr_debug("Got cert %u for %s\n", x509->index, x509->subject); in pkcs7_extract_cert()
432 pr_debug("- fingerprint %*phN\n", x509->id->len, x509->id->data); in pkcs7_extract_cert()
434 *ctx->ppcerts = x509; in pkcs7_extract_cert()
435 ctx->ppcerts = &x509->next; in pkcs7_extract_cert()
|
| /linux-6.1.9/certs/ |
| D | extract-cert.c | 83 static void write_cert(X509 *x509) in write_cert() argument
91 X509_NAME_oneline(X509_get_subject_name(x509), buf, sizeof(buf)); in write_cert()
92 ERR(!i2d_X509_bio(wb, x509), "%s", cert_dst); in write_cert()
146 X509 *x509; in main() local
152 x509 = PEM_read_bio_X509(b, NULL, NULL, NULL); in main()
153 if (wb && !x509) { in main()
161 ERR(!x509, "%s", cert_src); in main()
162 write_cert(x509); in main()
|
| D | Makefile | 49 -batch -x509 -config $< \
52 $(obj)/signing_key.pem: $(obj)/x509.genkey FORCE
61 $(obj)/x509.genkey:
66 $(obj)/system_certificates.o: $(obj)/signing_key.x509
70 $(obj)/signing_key.x509: extract-cert-in := $(PKCS11_URI)
73 $(obj)/signing_key.x509: $(filter-out $(PKCS11_URI),$(CONFIG_MODULE_SIG_KEY)) $(obj)/extract-cert F…
76 targets += signing_key.x509
|
| D | Kconfig | 66 form of DER-encoded *.x509 files in the top-level build directory,
|
| /linux-6.1.9/scripts/ |
| D | sign-file.c | 180 X509 *x509; in read_x509() local
205 x509 = d2i_X509_bio(b, NULL); in read_x509()
208 x509 = PEM_read_bio_X509(b, NULL, NULL, NULL); in read_x509()
211 ERR(!x509, "%s", x509_name); in read_x509()
213 return x509; in read_x509()
236 X509 *x509; in main() local
305 x509 = read_x509(x509_name); in main()
320 ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, in main()
329 pkcs7 = PKCS7_sign(x509, private_key, NULL, bm, in main()
|
| D | Makefile.modinst | 71 cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(sig-key) certs/signing_key.x509 $@ \
|
| /linux-6.1.9/tools/testing/selftests/bpf/ |
| D | verify_sig_setup.sh | 39 echo "${x509_genkey_content}" > ${tmp_dir}/x509.genkey
42 -batch -x509 -config ${tmp_dir}/x509.genkey \
46 openssl x509 -in ${tmp_dir}/signing_key.pem -out \
|
| /linux-6.1.9/Documentation/admin-guide/ |
| D | module-signing.rst | 144 certs/x509.genkey
148 It is strongly recommended that you provide your own x509.genkey file.
150 Most notably, in the x509.genkey file, the req_distinguished_name section
165 x509.genkey key generation configuration file in the root node of the Linux
169 openssl req -new -nodes -utf8 -sha256 -days 36500 -batch -x509 \
170 -config x509.genkey -outform PEM -out kernel_key.pem \
204 keyctl padd asymmetric "" 0x223c7853 <my_public_key.x509
226 kernel-signkey.x509 module.ko
|
| /linux-6.1.9/ |
| D | .gitignore | 146 signing_key.x509
147 x509.genkey
|
| D | Makefile | 1598 certs/x509.genkey \
|
| /linux-6.1.9/tools/certs/ |
| D | print-cert-tbs-hash.sh | 88 openssl x509 -in - -outform DER | \
|
| /linux-6.1.9/include/linux/ |
| D | kernel_read_file.h | 16 id(X509_CERTIFICATE, x509-certificate) \
|
| /linux-6.1.9/net/wireless/ |
| D | Makefile | 37 $(wildcard $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR)/*.x509)
|