Re: [PATCH v3 03/10] KEYS: X.509: Parse Basic Constraints for CA

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jarkko Sakkinen <jarkko@kernel.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Eric Snowberg <eric.snowberg@oracle.com>,
	dhowells@redhat.com, dwmw2@infradead.org,
	herbert@gondor.apana.org.au, davem@davemloft.net,
	dmitry.kasatkin@gmail.com, paul@paul-moore.com,
	jmorris@namei.org, serge@hallyn.com, pvorel@suse.cz,
	noodles@fb.com, tiwai@suse.de, kanth.ghatraju@oracle.com,
	konrad.wilk@oracle.com, erpalmer@linux.vnet.ibm.com,
	coxu@redhat.com, keyrings@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH v3 03/10] KEYS: X.509: Parse Basic Constraints for CA
Date: Wed, 4 Jan 2023 12:29:02 +0000	[thread overview]
Message-ID: <Y7VxDloaHyF8cX5j@kernel.org> (raw)
In-Reply-To: <b0f29738b919e2705d770017f2f1eb0542c2fad4.camel@linux.ibm.com>

On Thu, Dec 15, 2022 at 06:10:04AM -0500, Mimi Zohar wrote:
> > diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
> > index a299c9c56f40..7c5c0ad1c22e 100644
> > --- a/crypto/asymmetric_keys/x509_parser.h
> > +++ b/crypto/asymmetric_keys/x509_parser.h
> > @@ -38,6 +38,7 @@ struct x509_certificate {
> >  	bool		self_signed;		/* T if self-signed (check unsupported_sig too) */
> >  	bool		unsupported_sig;	/* T if signature uses unsupported crypto */
> >  	bool		blacklisted;
> > +	bool		root_ca;		/* T if basic constraints CA is set */
> >  }; 
> 
> The variable "root_ca" should probably be renamed to just "ca", right?

Perhaps is_ca?

BR, Jarkko

next prev parent reply	other threads:[~2023-01-04 12:29 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-14  0:33 [PATCH v3 00/10] Add CA enforcement keyring restrictions Eric Snowberg
2022-12-14  0:33 ` [PATCH v3 01/10] KEYS: Create static version of public_key_verify_signature Eric Snowberg
2023-01-04 11:31   ` Jarkko Sakkinen
2022-12-14  0:33 ` [PATCH v3 02/10] KEYS: Add missing function documentation Eric Snowberg
2023-01-04 11:33   ` Jarkko Sakkinen
2022-12-14  0:33 ` [PATCH v3 03/10] KEYS: X.509: Parse Basic Constraints for CA Eric Snowberg
2022-12-15 11:10   ` Mimi Zohar
2023-01-04 12:29     ` Jarkko Sakkinen [this message]
2023-01-04 20:14       ` Eric Snowberg
2023-01-04 22:38         ` Mimi Zohar
2023-01-04 11:40   ` Jarkko Sakkinen
2022-12-14  0:33 ` [PATCH v3 04/10] KEYS: X.509: Parse Key Usage Eric Snowberg
2022-12-15 11:25   ` Mimi Zohar
2023-01-04 11:43   ` Jarkko Sakkinen
2023-01-04 21:46     ` Eric Snowberg
2022-12-14  0:33 ` [PATCH v3 05/10] KEYS: Introduce a CA endorsed flag Eric Snowberg
2023-01-04 11:45   ` Jarkko Sakkinen
2022-12-14  0:33 ` [PATCH v3 06/10] KEYS: Introduce keyring restriction that validates ca trust Eric Snowberg
2022-12-14  0:33 ` [PATCH v3 07/10] KEYS: X.509: Flag Intermediate CA certs as endorsed Eric Snowberg
2022-12-15 10:21   ` Mimi Zohar
2022-12-14  0:33 ` [PATCH v3 08/10] integrity: Use root of trust signature restriction Eric Snowberg
2022-12-14  0:34 ` [PATCH v3 09/10] KEYS: CA link restriction Eric Snowberg
2023-01-04 11:51   ` Jarkko Sakkinen
2023-01-04 11:54     ` Jarkko Sakkinen
2022-12-14  0:34 ` [PATCH v3 10/10] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca Eric Snowberg
2022-12-15 10:21 ` [PATCH v3 00/10] Add CA enforcement keyring restrictions Mimi Zohar
2022-12-15 16:26   ` Eric Snowberg
2022-12-15 19:58     ` Mimi Zohar
2022-12-15 20:28       ` Eric Snowberg
2022-12-15 21:03         ` Mimi Zohar
2022-12-15 21:45           ` Eric Snowberg
2022-12-16 14:06             ` Coiby Xu
2022-12-18 12:21               ` Mimi Zohar
2022-12-21 18:27                 ` Eric Snowberg
2022-12-21 19:01                   ` Mimi Zohar
2022-12-22 15:15                     ` Eric Snowberg
2022-12-22 15:41                       ` Mimi Zohar
2022-12-23 16:13                         ` Eric Snowberg
2022-12-23 16:34                           ` Mimi Zohar
2022-12-23 18:17                             ` Eric Snowberg
2022-12-23 19:45                               ` Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y7VxDloaHyF8cX5j@kernel.org \
    --to=jarkko@kernel.org \
    --cc=coxu@redhat.com \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=dwmw2@infradead.org \
    --cc=eric.snowberg@oracle.com \
    --cc=erpalmer@linux.vnet.ibm.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jmorris@namei.org \
    --cc=kanth.ghatraju@oracle.com \
    --cc=keyrings@vger.kernel.org \
    --cc=konrad.wilk@oracle.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=noodles@fb.com \
    --cc=paul@paul-moore.com \
    --cc=pvorel@suse.cz \
    --cc=serge@hallyn.com \
    --cc=tiwai@suse.de \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.