korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-27 06:04:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
4fc5c74dde
linux/crypto/asymmetric_keys
History
Robbie Harwood 4fc5c74dde verify_pefile: relax wrapper length check 
The PE Format Specification (section "The Attribute Certificate Table
(Image Only)") states that `dwLength` is to be rounded up to 8-byte
alignment when used for traversal.  Therefore, the field is not required
to be an 8-byte multiple in the first place.

Accordingly, pesign has not performed this alignment since version
0.110.  This causes kexec failure on pesign'd binaries with "PEFILE:
Signature wrapper len wrong".  Update the comment and relax the check.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jarkko Sakkinen <jarkko@kernel.org>
cc: Eric Biederman <ebiederm@xmission.com>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
cc: kexec@lists.infradead.org
Link: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#the-attribute-certificate-table-image-only
Link: https://github.com/rhboot/pesign
Link: https://lore.kernel.org/r/20230220171254.592347-2-rharwood@redhat.com/ # v2
2023-03-21 16:23:17 +00:00
..
asymmetric_keys.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
asymmetric_type.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
Kconfig crypto: certs: fix FIPS selftest dependency 2023-02-13 10:00:41 +02:00
Makefile certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
mscode_parser.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
pkcs7_key_type.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
pkcs7_parser.c pkcs7: support EC-RDSA/streebog in SignerInfo 2022-08-03 23:56:20 +03:00
pkcs7_parser.h crypto: asymmetric_keys: fix some comments in pkcs7_parser.h 2021-01-21 16:16:09 +00:00
pkcs7_trust.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
pkcs7_verify.c crypto: certs: fix FIPS selftest dependency 2023-02-13 10:00:41 +02:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs8_parser.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
pkcs8.asn1 KEYS: Implement PKCS#8 RSA Private Key parser [ver #2] 2018-10-26 09:30:46 +01:00
public_key.c KEYS: asymmetric: Fix ECDSA use via keyctl uapi 2023-02-13 10:11:20 +02:00
restrict.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
selftest.c certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
signature.c crypto: cleanup comments 2022-03-03 10:49:20 +12:00
verify_pefile.c verify_pefile: relax wrapper length check 2023-03-21 16:23:17 +00:00
verify_pefile.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c X.509: Support parsing certificate using SM2 algorithm 2022-08-03 23:56:20 +03:00
x509_loader.c wifi: cfg80211: Deduplicate certificate loading 2023-01-19 14:46:45 +01:00
x509_parser.h certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
x509_public_key.c certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
x509.asn1 KEYS: x509: clearly distinguish between key and signature algorithms 2022-03-08 10:33:18 +02:00