Robbie Harwood e9424e5234 verify_pefile: relax wrapper length check ... [ Upstream commit 4fc5c74dde ] The PE Format Specification (section "The Attribute Certificate Table (Image Only)") states that `dwLength` is to be rounded up to 8-byte alignment when used for traversal. Therefore, the field is not required to be an 8-byte multiple in the first place. Accordingly, pesign has not performed this alignment since version 0.110. This causes kexec failure on pesign'd binaries with "PEFILE: Signature wrapper len wrong". Update the comment and relax the check. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> cc: Jarkko Sakkinen <jarkko@kernel.org> cc: Eric Biederman <ebiederm@xmission.com> cc: Herbert Xu <herbert@gondor.apana.org.au> cc: keyrings@vger.kernel.org cc: linux-crypto@vger.kernel.org cc: kexec@lists.infradead.org Link: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#the-attribute-certificate-table-image-only Link: https://github.com/rhboot/pesign Link: https://lore.kernel.org/r/20230220171254.592347-2-rharwood@redhat.com/ # v2 Signed-off-by: Sasha Levin <sashal@kernel.org>		2023-04-20 12:02:12 +02:00
..
.gitignore
asymmetric_keys.h
asymmetric_type.c
Kconfig	crypto: asymmetric_keys - select CRYPTO_HASH where needed	2019-07-31 07:28:31 +02:00
Makefile
mscode.asn1
mscode_parser.c
pkcs7.asn1
pkcs7_key_type.c	Replace magic for trusting the secondary keyring with #define	2018-09-09 19:55:54 +02:00
pkcs7_parser.c
pkcs7_parser.h
pkcs7_trust.c
pkcs7_verify.c
public_key.c
restrict.c
signature.c
verify_pefile.c	verify_pefile: relax wrapper length check	2023-04-20 12:02:12 +02:00
verify_pefile.h
x509.asn1
x509_akid.asn1
x509_cert_parser.c
x509_parser.h
x509_public_key.c