Hi James,
Here are three miscellaneous fixes:
(1) Fix a panic in some debugging code in PKCS#7. This can only happen by
explicitly inserting a #define DEBUG into the code.
(2) Fix the calculation of the digest length in the PE file parser. This
causes a failure where there should be a success.
(3) Fix the case where an X.509 cert can be added as an asymmetric key to
a trusted keyring with no trust restriction if no AKID is supplied.
Bugs (1) and (2) aren't particularly problematic, but (3) allows a security
check to be bypassed. Bug (3) is added since the 4.6 kernel.
The patches can be found here also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
at tag:
keys-fixes-20160718
David
---
Lans Zhang (2):
PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined
pefile: Fix the failure of calculation for digest
Mat Martineau (1):
KEYS: Fix for erroneous trust of incorrectly signed X.509 certs
crypto/asymmetric_keys/mscode_parser.c | 7 ++++++-
crypto/asymmetric_keys/pkcs7_verify.c | 2 +-
crypto/asymmetric_keys/restrict.c | 2 +-
3 files changed, 8 insertions(+), 3 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
