mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 13:55:32 +00:00
Code Issues Releases Wiki Activity
linux-stable/crypto/asymmetric_keys
History
Robbie Harwood 4fc5c74dde verify_pefile: relax wrapper length check 
The PE Format Specification (section "The Attribute Certificate Table
(Image Only)") states that `dwLength` is to be rounded up to 8-byte
alignment when used for traversal.  Therefore, the field is not required
to be an 8-byte multiple in the first place.

Accordingly, pesign has not performed this alignment since version
0.110.  This causes kexec failure on pesign'd binaries with "PEFILE:
Signature wrapper len wrong".  Update the comment and relax the check.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jarkko Sakkinen <jarkko@kernel.org>
cc: Eric Biederman <ebiederm@xmission.com>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
cc: kexec@lists.infradead.org
Link: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#the-attribute-certificate-table-image-only
Link: https://github.com/rhboot/pesign
Link: https://lore.kernel.org/r/20230220171254.592347-2-rharwood@redhat.com/ # v2
2023-03-21 16:23:17 +00:00
..
asymmetric_keys.h
asymmetric_type.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
Kconfig crypto: certs: fix FIPS selftest dependency 2023-02-13 10:00:41 +02:00
Makefile certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
mscode.asn1
mscode_parser.c
pkcs7.asn1
pkcs7_key_type.c
pkcs7_parser.c pkcs7: support EC-RDSA/streebog in SignerInfo 2022-08-03 23:56:20 +03:00
pkcs7_parser.h crypto: asymmetric_keys: fix some comments in pkcs7_parser.h 2021-01-21 16:16:09 +00:00
pkcs7_trust.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
pkcs7_verify.c crypto: certs: fix FIPS selftest dependency 2023-02-13 10:00:41 +02:00
pkcs8.asn1
pkcs8_parser.c
public_key.c KEYS: asymmetric: Fix ECDSA use via keyctl uapi 2023-02-13 10:11:20 +02:00
restrict.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
selftest.c certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
signature.c crypto: cleanup comments 2022-03-03 10:49:20 +12:00
verify_pefile.c verify_pefile: relax wrapper length check 2023-03-21 16:23:17 +00:00
verify_pefile.h
x509.asn1 KEYS: x509: clearly distinguish between key and signature algorithms 2022-03-08 10:33:18 +02:00
x509_akid.asn1
x509_cert_parser.c X.509: Support parsing certificate using SM2 algorithm 2022-08-03 23:56:20 +03:00
x509_loader.c wifi: cfg80211: Deduplicate certificate loading 2023-01-19 14:46:45 +01:00
x509_parser.h certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
x509_public_key.c certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00