2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-28 07:04:00 +08:00
linux-next/crypto/asymmetric_keys
David Howells 0aa0409401 PEFILE: Relax the check on the length of the PKCS#7 cert
Relax the check on the length of the PKCS#7 cert as it appears that the PE
file wrapper size gets rounded up to the nearest 8.

The debugging output looks like this:

	PEFILE: ==> verify_pefile_signature()
	PEFILE: ==> pefile_parse_binary()
	PEFILE: checksum @ 110
	PEFILE: header size = 200
	PEFILE: cert = 968 @547be0 [68 09 00 00 00 02 02 00 30 82 09 56 ]
	PEFILE: sig wrapper = { 968, 200, 2 }
	PEFILE: Signature data not PKCS#7

The wrapper is the first 8 bytes of the hex dump inside [].  This indicates a
length of 0x968 bytes, including the wrapper header - so 0x960 bytes of
payload.

The ASN.1 wrapper begins [ ... 30 82 09 56 ].  That indicates an object of size
0x956 - a four byte discrepency, presumably just padding for alignment
purposes.

So we just check that the ASN.1 container is no bigger than the payload and
reduce the recorded size appropriately.

Whilst we're at it, allow shorter PKCS#7 objects that manage to squeeze within
127 or 255 bytes.  It's just about conceivable if no X.509 certs are included
in the PKCS#7 message.

Reported-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Peter Jones <pjones@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2014-09-03 10:30:24 +10:00
..
.gitignore X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
asymmetric_keys.h KEYS: make partial key id matching as a dedicated function 2014-07-17 09:35:16 -04:00
asymmetric_type.c Merge remote-tracking branch 'integrity/next-with-keys' into keys-next 2014-07-22 21:54:43 +01:00
Kconfig Merge branch 'keys-fixes' into keys-next 2014-07-22 21:55:45 +01:00
Makefile pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
mscode_parser.c pefile: Handle pesign using the wrong OID 2014-07-09 14:58:37 +01:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
pkcs7_key_type.c PKCS#7: fix sparse non static symbol warning 2014-07-28 14:55:54 +01:00
pkcs7_parser.c PKCS#7: Implement a parser [RFC 2315] 2014-07-08 13:49:56 +01:00
pkcs7_parser.h PKCS#7: Implement a parser [RFC 2315] 2014-07-08 13:49:56 +01:00
pkcs7_trust.c PKCS#7: Use x509_request_asymmetric_key() 2014-07-29 13:07:58 +01:00
pkcs7_verify.c PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1 2014-07-31 14:46:44 +01:00
pkcs7.asn1 PKCS#7: Implement a parser [RFC 2315] 2014-07-08 13:49:56 +01:00
public_key.c KEYS: Fix public_key asymmetric key subtype name 2014-09-03 10:27:28 +10:00
public_key.h KEYS: Split public_key_verify_signature() and make available 2013-09-25 17:17:00 +01:00
rsa.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-11-23 16:18:25 -08:00
signature.c KEYS: Provide signature verification with an asymmetric key 2012-10-08 13:50:15 +10:30
verify_pefile.c PEFILE: Relax the check on the length of the PKCS#7 cert 2014-09-03 10:30:24 +10:00
verify_pefile.h pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
x509_cert_parser.c X.509: Export certificate parse and free functions 2014-07-02 22:07:50 +01:00
x509_parser.h X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00
x509_public_key.c X.509: Need to export x509_request_asymmetric_key() 2014-08-03 12:54:48 +01:00
x509_rsakey.asn1 X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
x509.asn1 X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00