| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Sep 2018 16:31:56 +0800
From: Xiongwei Song <sxwjean@...il.com>
To: dhowells@...hat.com, herbert@...dor.apana.org.au,
davem@...emloft.net
Cc: keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Question about pe file verification
Hi,
Some code logic I don't understand about the function pefile_digest_pe_contents
in the file crypto/asymmetric_keys/verify_pefile.c.
At the end of pefile_digest_pe_contents, please see the comment [sxw] below:
static int pefile_digest_pe_contents(const void *pebuf, unsigned int pelen,
struct pefile_context *ctx,
struct shash_desc *desc)
{
unsigned *canon, tmp, loop, i, hashed_bytes;
int ret;
......
[sxw] I assume the image has signed by sbsign tool, there is a certificate
at the end of image file.
if (pelen > hashed_bytes) {
tmp = hashed_bytes + ctx->certs_size;
[sxw] The tmp value is the end of certificate.
ret = crypto_shash_update(desc,
pebuf + hashed_bytes,
[sxw] The data address is the beginning of the
certificate.
Why do we need to hash the
certification data block?
pelen - tmp);
[sxw] However, the data length doesn't include
the certificate,
sometimes it's zero.
if (ret < 0)
return ret;
}
return 0;
}
Is that for a special consider or something else?
Regards,
Xiongwei
Powered by blists - more mailing lists