linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-22 16:06:04 -05:00

History

Mickaël Salaün bf21dc591b certs: Make blacklist_vet_description() more strict Before exposing this new key type to user space, make sure that only meaningful blacklisted hashes are accepted. This is also checked for builtin blacklisted hashes, but a following commit make sure that the user will notice (at built time) and will fix the configuration if it already included errors. Check that a blacklist key description starts with a valid prefix and then a valid hexadecimal string. Cc: David Howells <dhowells@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Eric Snowberg <eric.snowberg@oracle.com> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Link: https://lore.kernel.org/r/20210712170313.884724-4-mic@digikod.net Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>		2022-05-23 18:47:49 +03:00
..
.gitignore	certs: move scripts/extract-cert to certs/	2022-01-08 18:28:21 +09:00
blacklist.c	certs: Make blacklist_vet_description() more strict	2022-05-23 18:47:49 +03:00
blacklist.h
blacklist_hashes.c
blacklist_nohashes.c
common.c
common.h
default_x509.genkey	certs: check-in the default x509 config file	2021-12-11 22:09:14 +09:00
extract-cert.c	certs: move scripts/extract-cert to certs/	2022-01-08 18:28:21 +09:00
Kconfig	certs: move the 'depends on' to the choice of module signing keys	2021-12-11 22:09:14 +09:00
Makefile	certs: simplify empty certs creation in certs/Makefile	2022-03-03 08:18:20 +09:00
revocation_certificates.S
system_certificates.S	certs: include certs/signing_key.x509 unconditionally	2022-03-03 08:16:19 +09:00
system_keyring.c	KEYS: Introduce link restriction for machine keys	2022-03-08 13:55:52 +02:00