| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Dec 2018 05:47:58 +1100 (AEDT)
From: James Morris <jmorris@...ei.org>
To: Nayna Jain <nayna@...ux.ibm.com>
cc: linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org,
linux-kernel@...r.kernel.org, zohar@...ux.ibm.com,
dhowells@...hat.com, jforbes@...hat.com,
seth.forshee@...onical.com, kexec@...ts.infradead.org,
keyrings@...r.kernel.org, vgoyal@...hat.com, ebiederm@...ssion.com,
mpe@...erman.id.au, Josh Boyer <jwboyer@...oraproject.org>
Subject: Re: [PATCH v2 5/7] efi: Import certificates from UEFI Secure Boot
On Sun, 9 Dec 2018, Nayna Jain wrote:
> +/*
> + * Blacklist an X509 TBS hash.
> + */
> +static __init void uefi_blacklist_x509_tbs(const char *source,
> + const void *data, size_t len)
> +{
> + char *hash, *p;
> +
> + hash = kmalloc(4 + len * 2 + 1, GFP_KERNEL);
> + if (!hash)
> + return;
> + p = memcpy(hash, "tbs:", 4);
> + p += 4;
> + bin2hex(p, data, len);
> + p += len * 2;
> + *p = 0;
> +
> + mark_hash_blacklisted(hash);
> + kfree(hash);
> +}
> +
> +/*
> + * Blacklist the hash of an executable.
> + */
> +static __init void uefi_blacklist_binary(const char *source,
> + const void *data, size_t len)
> +{
> + char *hash, *p;
> +
> + hash = kmalloc(4 + len * 2 + 1, GFP_KERNEL);
> + if (!hash)
> + return;
> + p = memcpy(hash, "bin:", 4);
> + p += 4;
> + bin2hex(p, data, len);
> + p += len * 2;
> + *p = 0;
> +
> + mark_hash_blacklisted(hash);
> + kfree(hash);
> +}
>
These could be refactored into one function.
--
James Morris
<jmorris@...ei.org>
Powered by blists - more mailing lists