]> git.ipfire.org Git - thirdparty/ipxe.git/commitdiff
projects / thirdparty / ipxe.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9106130)
[build] Mark MS-CHAPv2 as permitted for UEFI Secure Boot
authorMichael Brown <mcb30@ipxe.org>
Tue, 3 Feb 2026 16:02:19 +0000 (16:02 +0000)
committerMichael Brown <mcb30@ipxe.org>
Tue, 3 Feb 2026 16:02:19 +0000 (16:02 +0000)
MS-CHAPv2 and the underlying DES algorithm are cryptographically
obsolete, but still relatively widely used.  There is no impact to
UEFI Secure Boot from using these obsolete algorithms: the only
untrusted inputs are the username, password, and received network
packets, and all of these are thoroughly validated before use.

Review these files and mark them as permitted for UEFI Secure Boot.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
src/crypto/des.c patch | blob | blame | history
src/crypto/mschapv2.c patch | blob | blame | history
src/include/ipxe/des.h patch | blob | blame | history
src/include/ipxe/mschapv2.h patch | blob | blame | history
src/net/eap_mschapv2.c patch | blob | blame | history

diff --git a/src/crypto/des.c b/src/crypto/des.c
index 206f78d50fac1ef7b5fbfb13eca73d842dabcb11..a7fad9829146383124f2b672fb856d598d84cd1f 100644 (file)
--- a/src/crypto/des.c
+++ b/src/crypto/des.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 /** @file
  *
diff --git a/src/crypto/mschapv2.c b/src/crypto/mschapv2.c
index ac55fec1706643e4908803e8950452accd619053..f5fc8829c8dd74d66331458e68f9c2e4968247e8 100644 (file)
--- a/src/crypto/mschapv2.c
+++ b/src/crypto/mschapv2.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 /** @file
  *
diff --git a/src/include/ipxe/des.h b/src/include/ipxe/des.h
index 755a90ea0e37dcfbe1af305ee82a44be71f9bf28..9c1c24e5773efc11e6006415a1a174bd282a54e4 100644 (file)
--- a/src/include/ipxe/des.h
+++ b/src/include/ipxe/des.h
@@ -8,6 +8,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/crypto.h>
 
diff --git a/src/include/ipxe/mschapv2.h b/src/include/ipxe/mschapv2.h
index 59cf37eee981d478b6e012e0a5d261d4d074aa51..e39b46335c5af60e524fa4ab54b2e312070d798f 100644 (file)
--- a/src/include/ipxe/mschapv2.h
+++ b/src/include/ipxe/mschapv2.h
@@ -8,6 +8,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdint.h>
 
diff --git a/src/net/eap_mschapv2.c b/src/net/eap_mschapv2.c
index 0be62ed593c7e5ee88a33bd28c97ddf07e8cd3a9..791fad540106848174d68bef15cd616fa691449f 100644 (file)
--- a/src/net/eap_mschapv2.c
+++ b/src/net/eap_mschapv2.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdlib.h>
 #include <string.h>
Mirror of https://github.com/ipxe/ipxe.git