MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,322,153 Commits 589 Branches 4,509 Tags 4.3 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
Other 0.1%
bd117f729d
Go to file
Fan Wu bd117f729d KEYS: X.509: Fix Basic Constraints CA flag parsing 
[ Upstream commit 5851afffe2ab323a53e184ba5a35fddf268f096b ]

Fix the X.509 Basic Constraints CA flag parsing to correctly handle
the ASN.1 DER encoded structure. The parser was incorrectly treating
the length field as the boolean value.

Per RFC 5280 section 4.1, X.509 certificates must use ASN.1 DER encoding.
According to ITU-T X.690, a DER-encoded BOOLEAN is represented as:

Tag (0x01), Length (0x01), Value (0x00 for FALSE, 0xFF for TRUE)

The basicConstraints extension with CA:TRUE is encoded as:

  SEQUENCE (0x30) | Length | BOOLEAN (0x01) | Length (0x01) | Value (0xFF)
                             ^-- v[2]         ^-- v[3]        ^-- v[4]

The parser was checking v[3] (the length field, always 0x01) instead
of v[4] (the actual boolean value, 0xFF for TRUE in DER encoding).

Also handle the case where the extension is an empty SEQUENCE (30 00),
which is valid for CA:FALSE when the default value is omitted as
required by DER encoding rules (X.690 section 11.5).

Per ITU-T X.690-0207:
- Section 11.5: Default values must be omitted in DER
- Section 11.1: DER requires TRUE to be encoded as 0xFF

Link: https://datatracker.ietf.org/doc/html/rfc5280
Link: https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
Fixes: 30eae2b037 ("KEYS: X.509: Parse Basic Constraints for CA")
Signed-off-by: Fan Wu <wufan@kernel.org>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-10-15 12:00:18 +02:00
arch sparc: fix accurate exception reporting in copy_{from,to}_user for M7 2025-10-15 12:00:14 +02:00
block block: use int to store blk_stack_limits() return value 2025-10-15 11:59:58 +02:00
certs sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 2024-09-20 19:52:48 +03:00
crypto KEYS: X.509: Fix Basic Constraints CA flag parsing 2025-10-15 12:00:18 +02:00
Documentation Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram 2025-10-15 12:00:13 +02:00
drivers vhost: vringh: Fix copy_to_iter return value check 2025-10-15 12:00:17 +02:00
fs NFSv4.1: fix backchannel max_resp_sz verification check 2025-10-15 12:00:16 +02:00
include HID: hidraw: tighten ioctl command parsing 2025-10-15 12:00:12 +02:00
init init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD 2025-10-15 11:59:53 +02:00
io_uring io_uring: fix incorrect io_kiocb reference in io_link_skb 2025-09-25 11:13:49 +02:00
ipc ipc: fix to protect IPCS lookups using RCU 2025-06-27 11:11:22 +01:00
kernel bpf: Enforce expected_attach_type for tailcall compatibility 2025-10-15 12:00:04 +02:00
lib lib/sbitmap: convert shallow_depth from one word to the whole sbitmap 2025-08-20 18:30:49 +02:00
LICENSES LICENSES: add 0BSD license text 2024-09-01 20:43:24 -07:00
mm mm: swap: check for stable address space before operating on the VMA 2025-10-06 11:17:52 +02:00
net Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements 2025-10-15 12:00:18 +02:00
rust rust: block: fix srctree/ links 2025-10-12 12:57:16 +02:00
samples ftrace/samples: Fix function size computation 2025-09-19 16:35:44 +02:00
scripts gcc-plugins: Remove TODO_verify_il for GCC >= 16 2025-10-06 11:17:52 +02:00
security lsm: CONFIG_LSM can depend on CONFIG_SECURITY 2025-10-15 11:59:55 +02:00
sound ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback 2025-10-15 12:00:13 +02:00
tools libbpf: Fix error when st-prefix_ops and ops from differ btf 2025-10-15 12:00:04 +02:00
usr kbuild: hdrcheck: fix cross build with clang 2025-03-13 13:02:18 +01:00
virt KVM: Allow CPU to reschedule while setting per-page memory attributes 2025-07-17 18:37:08 +02:00
.clang-format clang-format: Update with v6.11-rc1's for_each macro list 2024-08-02 13:20:31 +02:00
.clippy.toml rust: give Clippy the minimum supported Rust version 2025-08-01 09:48:44 +01:00
.cocciconfig
.editorconfig .editorconfig: remove trim_trailing_whitespace option 2024-06-13 16:47:52 +02:00
.get_maintainer.ignore Add Jeff Kirsher to .get_maintainer.ignore 2024-03-08 11:36:54 +00:00
.gitattributes
.gitignore rust: introduce .clippy.toml 2025-03-13 13:01:42 +01:00
.mailmap mailmap: add entry for Thorsten Blum 2024-11-07 14:14:59 -08:00
.rustfmt.toml
COPYING
CREDITS MAINTAINERS: Remove self from DSA entry 2024-11-03 12:52:38 -08:00
Kbuild
Kconfig
MAINTAINERS MAINTAINERS: Update Alexey Makhalov's email address 2025-05-22 14:29:46 +02:00
Makefile Linux 6.12.52 2025-10-12 12:57:19 +02:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.