Lukas Wunner a1e452026e X.509: Add missing IMPLICIT annotations to AKID ASN.1 module ... The ASN.1 module in RFC 5280 appendix A.1 uses EXPLICIT TAGS whereas the one in appendix A.2 uses IMPLICIT TAGS. The kernel's simplified asn1_compiler.c always uses EXPLICIT TAGS, hence definitions from appendix A.2 need to be annotated as IMPLICIT for the compiler to generate RFC-compliant code. In particular, GeneralName is defined in appendix A.2: GeneralName ::= CHOICE { otherName [0] OtherName, ... dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ... } Because appendix A.2 uses IMPLICIT TAGS, the IA5String tag (0x16) of a dNSName is not rendered. Instead, the string directly succeeds the [2] tag (0x82). Likewise, the SEQUENCE tag (0x30) of an OtherName is not rendered. Instead, only the constituents of the SEQUENCE are rendered: An OID tag (0x06), a [0] tag (0xa0) and an ANY tag. That's three consecutive tags instead of a single encompassing tag. The situation is different for x400Address and directoryName choices: They reference ORAddress and Name, which are defined in appendix A.1, therefore use EXPLICIT TAGS. The AKID ASN.1 module is missing several IMPLICIT annotations, hence isn't RFC-compliant. In the unlikely event that an AKID contains other elements beside a directoryName, users may see parse errors. Add the missing annotations but do not tag this commit for stable as I am not aware of any issue reports. Fixes are only eligible for stable if they're "obviously correct" and with ASN.1 there's no such thing. Signed-off-by: Lukas Wunner <lukas@wunner.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>		2023-10-05 18:16:30 +08:00
..
asymmetric_keys.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36	2019-05-24 17:27:11 +02:00
asymmetric_type.c	KEYS: remove MODULE_LICENSE in non-modules	2023-04-13 13:13:51 -07:00
Kconfig	crypto: certs: fix FIPS selftest dependency	2023-02-13 10:00:41 +02:00
Makefile	certs: Add FIPS selftests	2022-06-21 16:05:12 +01:00
mscode_parser.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36	2019-05-24 17:27:11 +02:00
mscode.asn1	pefile: Parse the "Microsoft individual code signing" data blob	2014-07-09 14:58:37 +01:00
pkcs7_key_type.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36	2019-05-24 17:27:11 +02:00
pkcs7_parser.c	pkcs7: support EC-RDSA/streebog in SignerInfo	2022-08-03 23:56:20 +03:00
pkcs7_parser.h	crypto: asymmetric_keys: fix some comments in pkcs7_parser.h	2021-01-21 16:16:09 +00:00
pkcs7_trust.c	keys: X.509 public key issuer lookup without AKID	2022-01-09 00:18:42 +02:00
pkcs7_verify.c	asymmetric_keys: log on fatal failures in PE/pkcs7	2023-03-21 16:23:56 +00:00
pkcs7.asn1	PKCS#7: Appropriately restrict authenticated attributes and content type	2015-08-12 17:01:01 +01:00
pkcs8_parser.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36	2019-05-24 17:27:11 +02:00
pkcs8.asn1	KEYS: Implement PKCS#8 RSA Private Key parser [ver #2]	2018-10-26 09:30:46 +01:00
public_key.c	KEYS: use kfree_sensitive with key	2023-07-28 18:20:25 +08:00
restrict.c	KEYS: DigitalSignature link restriction	2023-08-17 20:12:20 +00:00
selftest.c	certs: Add FIPS selftests	2022-06-21 16:05:12 +01:00
signature.c	crypto: cleanup comments	2022-03-03 10:49:20 +12:00
verify_pefile.c	KEYS: fix kernel-doc warnings in verify_pefile	2023-07-14 18:23:14 +10:00
verify_pefile.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36	2019-05-24 17:27:11 +02:00
x509_akid.asn1	X.509: Add missing IMPLICIT annotations to AKID ASN.1 module	2023-10-05 18:16:30 +08:00
x509_cert_parser.c	KEYS: X.509: Parse Key Usage	2023-04-24 16:15:53 +03:00
x509_loader.c	wifi: cfg80211: Deduplicate certificate loading	2023-01-19 14:46:45 +01:00
x509_parser.h	certs: Add FIPS selftests	2022-06-21 16:05:12 +01:00
x509_public_key.c	X.509: if signature is unsupported skip validation	2023-08-25 18:46:55 +08:00
x509.asn1	KEYS: x509: clearly distinguish between key and signature algorithms	2022-03-08 10:33:18 +02:00