diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2025-10-05 10:48:33 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2025-10-05 10:48:33 -0700 |
| commit | 678074f1a8e03598977bdeea10a4ce51c4f4a0c4 (patch) | |
| tree | 7478b8febf1729c0e1985da138c6bec8eba1f846 /lib | |
| parent | 6a74422b9710e987c7d6b85a1ade7330b1e61626 (diff) | |
| parent | 88b4cbcf6b041ae0f2fc8a34554a5b6a83a2b7cd (diff) | |
Merge tag 'integrity-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity updates from Mimi Zohar:
"Just a couple of changes: crypto code cleanup and a IMA xattr bug fix"
* tag 'integrity-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
lib/digsig: Use SHA-1 library instead of crypto_shash
integrity: Select CRYPTO from INTEGRITY_ASYMMETRIC_KEYS
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Kconfig | 3 | ||||
| -rw-r--r-- | lib/digsig.c | 46 |
2 files changed, 7 insertions, 42 deletions
diff --git a/lib/Kconfig b/lib/Kconfig index c483951b624f..e629449dd2a3 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -477,8 +477,7 @@ config MPILIB config SIGNATURE tristate depends on KEYS - select CRYPTO - select CRYPTO_SHA1 + select CRYPTO_LIB_SHA1 select MPILIB help Digital signature verification. Currently only RSA is supported. diff --git a/lib/digsig.c b/lib/digsig.c index 2b36f9cc91e9..9dd319c12c7d 100644 --- a/lib/digsig.c +++ b/lib/digsig.c @@ -18,15 +18,11 @@ #include <linux/module.h> #include <linux/slab.h> #include <linux/key.h> -#include <linux/crypto.h> -#include <crypto/hash.h> #include <crypto/sha1.h> #include <keys/user-type.h> #include <linux/mpi.h> #include <linux/digsig.h> -static struct crypto_shash *shash; - static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg, unsigned long msglen, unsigned long modulus_bitlen, @@ -198,12 +194,12 @@ err1: int digsig_verify(struct key *keyring, const char *sig, int siglen, const char *data, int datalen) { - int err = -ENOMEM; struct signature_hdr *sh = (struct signature_hdr *)sig; - struct shash_desc *desc = NULL; + struct sha1_ctx ctx; unsigned char hash[SHA1_DIGEST_SIZE]; struct key *key; char name[20]; + int err; if (siglen < sizeof(*sh) + 2) return -EINVAL; @@ -230,49 +226,19 @@ int digsig_verify(struct key *keyring, const char *sig, int siglen, return PTR_ERR(key); } - desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash), - GFP_KERNEL); - if (!desc) - goto err; - - desc->tfm = shash; - - crypto_shash_init(desc); - crypto_shash_update(desc, data, datalen); - crypto_shash_update(desc, sig, sizeof(*sh)); - crypto_shash_final(desc, hash); - - kfree(desc); + sha1_init(&ctx); + sha1_update(&ctx, data, datalen); + sha1_update(&ctx, sig, sizeof(*sh)); + sha1_final(&ctx, hash); /* pass signature mpis address */ err = digsig_verify_rsa(key, sig + sizeof(*sh), siglen - sizeof(*sh), hash, sizeof(hash)); -err: key_put(key); return err ? -EINVAL : 0; } EXPORT_SYMBOL_GPL(digsig_verify); -static int __init digsig_init(void) -{ - shash = crypto_alloc_shash("sha1", 0, 0); - if (IS_ERR(shash)) { - pr_err("shash allocation failed\n"); - return PTR_ERR(shash); - } - - return 0; - -} - -static void __exit digsig_cleanup(void) -{ - crypto_free_shash(shash); -} - -module_init(digsig_init); -module_exit(digsig_cleanup); - MODULE_LICENSE("GPL"); |