asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/crypto/asymmetric_keys
History
Robbie Harwood 96acda7332 verify_pefile: relax wrapper length check 
[ Upstream commit 4fc5c74dde69a7eda172514aaeb5a7df3600adb3 ]

The PE Format Specification (section "The Attribute Certificate Table
(Image Only)") states that `dwLength` is to be rounded up to 8-byte
alignment when used for traversal.  Therefore, the field is not required
to be an 8-byte multiple in the first place.

Accordingly, pesign has not performed this alignment since version
0.110.  This causes kexec failure on pesign'd binaries with "PEFILE:
Signature wrapper len wrong".  Update the comment and relax the check.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jarkko Sakkinen <jarkko@kernel.org>
cc: Eric Biederman <ebiederm@xmission.com>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
cc: kexec@lists.infradead.org
Link: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#the-attribute-certificate-table-image-only
Link: https://github.com/rhboot/pesign
Link: https://lore.kernel.org/r/20230220171254.592347-2-rharwood@redhat.com/ # v2
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-04-20 12:04:40 +02:00
..
asymmetric_keys.h KEYS: Generalise x509_request_asymmetric_key() 2016-04-11 22:41:56 +01:00
asymmetric_type.c docs: Fix some broken references 2018-06-15 18:10:01 -03:00
Kconfig crypto: asymmetric_keys - select CRYPTO_HASH where needed 2019-07-26 09:14:13 +02:00
Makefile kbuild: rename *-asn1.[ch] to *.asn1.[ch] 2018-04-07 19:04:02 +09:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
mscode_parser.c kbuild: rename *-asn1.[ch] to *.asn1.[ch] 2018-04-07 19:04:02 +09:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs7_key_type.c Replace magic for trusting the secondary keyring with #define 2018-08-16 09:57:20 -07:00
pkcs7_parser.c kbuild: rename *-asn1.[ch] to *.asn1.[ch] 2018-04-07 19:04:02 +09:00
pkcs7_parser.h PKCS#7: Handle blacklisted certificates 2017-04-03 16:07:25 +01:00
pkcs7_trust.c PKCS#7: fix direct verification of SignerInfo signature 2018-02-22 14:38:33 +00:00
pkcs7_verify.c PKCS#7: fix certificate blacklisting 2018-02-22 14:38:33 +00:00
public_key.c X.509: fix BUG_ON() when hash algorithm is unsupported 2018-02-22 14:38:33 +00:00
restrict.c X.509: fix NULL dereference when restricting key with unsupported_sig 2018-02-22 14:38:34 +00:00
signature.c docs: Fix some broken references 2018-06-15 18:10:01 -03:00
verify_pefile.c verify_pefile: relax wrapper length check 2023-04-20 12:04:40 +02:00
verify_pefile.h KEYS: Generalise system_verify_data() to provide access to internal content 2016-04-06 16:14:24 +01:00
x509.asn1 X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c X.509: unpack RSA signatureValue field from BIT STRING 2018-06-25 12:17:08 -07:00
x509_parser.h X.509: Allow X.509 certs to be blacklisted 2017-04-03 16:07:25 +01:00
x509_public_key.c X.509: fix comparisons of ->pkey_algo 2017-12-08 15:13:29 +00:00