linux/crypto
David Howells 0aa0409401 PEFILE: Relax the check on the length of the PKCS#7 cert
Relax the check on the length of the PKCS#7 cert as it appears that the PE
file wrapper size gets rounded up to the nearest 8.

The debugging output looks like this:

	PEFILE: ==> verify_pefile_signature()
	PEFILE: ==> pefile_parse_binary()
	PEFILE: checksum @ 110
	PEFILE: header size = 200
	PEFILE: cert = 968 @547be0 [68 09 00 00 00 02 02 00 30 82 09 56 ]
	PEFILE: sig wrapper = { 968, 200, 2 }
	PEFILE: Signature data not PKCS#7

The wrapper is the first 8 bytes of the hex dump inside [].  This indicates a
length of 0x968 bytes, including the wrapper header - so 0x960 bytes of
payload.

The ASN.1 wrapper begins [ ... 30 82 09 56 ].  That indicates an object of size
0x956 - a four byte discrepency, presumably just padding for alignment
purposes.

So we just check that the ASN.1 container is no bigger than the payload and
reduce the recorded size appropriately.

Whilst we're at it, allow shorter PKCS#7 objects that manage to squeeze within
127 or 255 bytes.  It's just about conceivable if no X.509 certs are included
in the PKCS#7 message.

Reported-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Peter Jones <pjones@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2014-09-03 10:30:24 +10:00
..
asymmetric_keys PEFILE: Relax the check on the length of the PKCS#7 cert 2014-09-03 10:30:24 +10:00
async_tx Merge commit 'dmaengine-3.13-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/dmaengine 2013-11-16 12:02:36 +05:30
842.c
ablk_helper.c crypto: ablk_helper - Replace memcpy with struct assignment 2013-10-07 14:16:57 +08:00
ablkcipher.c crypto: skcipher - Use eseqiv even on UP machines 2013-10-30 09:51:45 +08:00
aead.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
aes_generic.c crypto: make tables used from assembler __visible 2013-08-14 20:42:03 +10:00
af_alg.c crypto: af_alg - properly label AF_ALG socket 2014-07-31 21:54:00 +08:00
ahash.c crypto: hash - Add real ahash walk interface 2014-05-21 20:56:12 +08:00
algapi.c crypto: fips - only panic on bad/missing crypto mod signatures 2014-07-03 21:38:32 +08:00
algboss.c crypto: algboss - Hold ref count on larval 2013-06-25 19:15:17 +08:00
algif_hash.c net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST 2013-11-29 16:32:54 -05:00
algif_skcipher.c net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST 2013-11-29 16:32:54 -05:00
ansi_cprng.c crypto: ansi_cprng - Fix off by one error in non-block size request 2013-09-24 06:02:23 +10:00
anubis.c
api.c crypto: api - Fix race condition in larval lookup 2013-09-08 14:33:50 +10:00
arc4.c
authenc.c crypto: authenc - Find proper IV address in ablkcipher callback 2013-11-28 22:16:23 +08:00
authencesn.c crypto: authencesn - Simplify key parsing 2013-10-16 20:56:25 +08:00
blkcipher.c crypto: allow blkcipher walks over AEAD data 2014-03-10 20:17:11 +08:00
blowfish_common.c
blowfish_generic.c
camellia_generic.c crypto: camellia_generic - replace commas by semicolons and adjust code alignment 2013-08-21 21:08:33 +10:00
cast5_generic.c crypto: cast5/cast6 - move lookup tables to shared module 2012-12-06 17:16:26 +08:00
cast6_generic.c crypto: cast5/cast6 - move lookup tables to shared module 2012-12-06 17:16:26 +08:00
cast_common.c crypto: make tables used from assembler __visible 2013-08-14 20:42:03 +10:00
cbc.c
ccm.c crypto: ccm - Fix handling of zero plaintext when computing mac 2013-11-28 22:25:17 +08:00
chainiv.c arch: Mass conversion of smp_mb__*() 2014-04-18 14:20:48 +02:00
cipher.c
cmac.c crypto: add CMAC support to CryptoAPI 2013-04-25 21:01:47 +08:00
compress.c
crc32.c crypto: crc32 - add crc32 pclmulqdq implementation and wrappers for table implementation 2013-01-20 10:16:45 +11:00
crc32c_generic.c CRC32C: Add soft module dependency to load other accelerated crc32c modules 2014-02-25 19:45:04 +08:00
crct10dif_common.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
crct10dif_generic.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
cryptd.c crypto: Resolve shadow warnings 2014-08-01 22:35:55 +08:00
crypto_null.c crypto: export NULL algorithms defines 2014-03-21 21:54:26 +08:00
crypto_user.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6 into next 2014-06-07 19:44:40 -07:00
crypto_wq.c crypto: crypto_wq - Fix late crypto work queue initialization 2014-03-21 21:54:28 +08:00
ctr.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-02-25 15:56:15 -08:00
cts.c crypto: use ERR_CAST 2013-02-04 21:16:53 +08:00
deflate.c
des_generic.c crypto: des_3des - add x86-64 assembly implementation 2014-06-20 21:27:58 +08:00
drbg.c crypto: drbg - fix failure of generating multiple of 2**16 bytes 2014-08-01 22:36:14 +08:00
ecb.c
eseqiv.c crypto: Resolve shadow warnings 2014-08-01 22:35:55 +08:00
fcrypt.c crypto: fcrypt - Fix bitoperation for compilation with clang 2013-09-02 20:32:58 +10:00
fips.c
gcm.c crypto: Resolve shadow warnings 2014-08-01 22:35:55 +08:00
gf128mul.c
ghash-generic.c
hash_info.c crypto: provide single place for hash algo information 2013-10-25 17:14:03 -04:00
hmac.c
internal.h crypto: algboss - Hold ref count on larval 2013-06-25 19:15:17 +08:00
Kconfig Merge branch 'for-linus' of git://ftp.arm.linux.org.uk/~rmk/linux-arm 2014-08-05 10:05:29 -07:00
khazad.c
krng.c
lrw.c
lz4.c crypto: add lz4 Cryptographic API 2013-07-09 10:33:30 -07:00
lz4hc.c crypto: add lz4 Cryptographic API 2013-07-09 10:33:30 -07:00
lzo.c crypto: lzo - use kvfree() helper 2014-06-25 21:51:53 +08:00
Makefile crypto: drbg - Use Kconfig to ensure at least one RNG option is set 2014-07-04 22:15:08 +08:00
md4.c
md5.c
memneq.c crypto: memneq - fix for archs without efficient unaligned access 2013-12-09 20:09:12 +08:00
michael_mic.c
pcbc.c
pcompress.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
pcrypt.c crypto: pcrypt - Fix wrong usage of rcu_dereference() 2013-12-05 21:28:42 +08:00
proc.c
ripemd.h
rmd128.c
rmd160.c
rmd256.c
rmd320.c
rng.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
salsa20_generic.c
scatterwalk.c crypto: scatterwalk - Add support for calculating number of SG elements 2013-08-21 21:27:58 +10:00
seed.c
seqiv.c crypto: Resolve shadow warnings 2014-08-01 22:35:55 +08:00
serpent_generic.c
sha1_generic.c
sha256_generic.c crypto: sha256 - Expose SHA256 generic routine to be callable externally. 2013-04-03 09:06:31 +08:00
sha512_generic.c crypto: sha512_generic - set cra_driver_name 2013-05-28 15:43:04 +08:00
shash.c crypto: LLVMLinux: aligned-attribute.patch 2014-06-07 11:44:39 -07:00
tcrypt.c crypto: Resolve shadow warnings 2014-08-01 22:35:55 +08:00
tcrypt.h crypto: tcrypt - Added speed tests for AEAD crypto alogrithms in tcrypt test suite 2013-12-20 20:06:25 +08:00
tea.c
testmgr.c crypto: testmgr - add missing spaces to drbg error strings 2014-08-01 22:36:13 +08:00
testmgr.h crypto: testmgr - use chunks smaller than algo block size in chunk tests 2014-08-01 22:36:11 +08:00
tgr192.c
twofish_common.c
twofish_generic.c
vmac.c crypto: vmac - Make VMAC work when blocks aren't aligned 2012-10-15 22:33:20 +08:00
wp512.c
xcbc.c
xor.c add further __init annotations to crypto/xor.c 2012-10-11 13:42:32 +11:00
xts.c
zlib.c initramfs: support initramfs that is bigger than 2GiB 2014-08-08 15:57:26 -07:00