Message ID | f576845f68f6e3fdc9c593cbe9a83f0b0a866df4.1512667523.git.joseph.salisbury@canonical.com |
---|---|
State | New |
Headers | show |
Series | [SRU,Xenial,1/1] integrity: convert digsig to akcipher api | expand |
On 07.12.2017 19:37, Joseph Salisbury wrote: > From: Tadeusz Struk <tadeusz.struk@intel.com> > > BugLink: http://bugs.launchpad.net/bugs/1735977 > > Convert asymmetric_verify to akcipher api. > > Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> > Acked-by: Herbert Xu <herbert@gondor.apana.org.au> > Signed-off-by: David Howells <dhowells@redhat.com> > (cherry picked from commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de) > Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- > security/integrity/Kconfig | 1 + > security/integrity/digsig_asymmetric.c | 10 +++------- > 2 files changed, 4 insertions(+), 7 deletions(-) > > diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig > index 73c457b..f0b2463 100644 > --- a/security/integrity/Kconfig > +++ b/security/integrity/Kconfig > @@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS > select ASYMMETRIC_KEY_TYPE > select ASYMMETRIC_PUBLIC_KEY_SUBTYPE > select PUBLIC_KEY_ALGO_RSA > + select CRYPTO_RSA > select X509_CERTIFICATE_PARSER > help > This option enables digital signature verification using > diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c > index 5ade2a7..2fa3bc6 100644 > --- a/security/integrity/digsig_asymmetric.c > +++ b/security/integrity/digsig_asymmetric.c > @@ -106,13 +106,9 @@ int asymmetric_verify(struct key *keyring, const char *sig, > pks.pkey_hash_algo = hdr->hash_algo; > pks.digest = (u8 *)data; > pks.digest_size = datalen; > - pks.nr_mpi = 1; > - pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen); > - > - if (pks.rsa.s) > - ret = verify_signature(key, &pks); > - > - mpi_free(pks.rsa.s); > + pks.s = hdr->sig; > + pks.s_size = siglen; > + ret = verify_signature(key, &pks); > key_put(key); > pr_debug("%s() = %d\n", __func__, ret); > return ret; >
On 07/12/17 18:37, Joseph Salisbury wrote: > From: Tadeusz Struk <tadeusz.struk@intel.com> > > BugLink: http://bugs.launchpad.net/bugs/1735977 > > Convert asymmetric_verify to akcipher api. > > Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> > Acked-by: Herbert Xu <herbert@gondor.apana.org.au> > Signed-off-by: David Howells <dhowells@redhat.com> > (cherry picked from commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de) > Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> > --- > security/integrity/Kconfig | 1 + > security/integrity/digsig_asymmetric.c | 10 +++------- > 2 files changed, 4 insertions(+), 7 deletions(-) > > diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig > index 73c457b..f0b2463 100644 > --- a/security/integrity/Kconfig > +++ b/security/integrity/Kconfig > @@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS > select ASYMMETRIC_KEY_TYPE > select ASYMMETRIC_PUBLIC_KEY_SUBTYPE > select PUBLIC_KEY_ALGO_RSA > + select CRYPTO_RSA > select X509_CERTIFICATE_PARSER > help > This option enables digital signature verification using > diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c > index 5ade2a7..2fa3bc6 100644 > --- a/security/integrity/digsig_asymmetric.c > +++ b/security/integrity/digsig_asymmetric.c > @@ -106,13 +106,9 @@ int asymmetric_verify(struct key *keyring, const char *sig, > pks.pkey_hash_algo = hdr->hash_algo; > pks.digest = (u8 *)data; > pks.digest_size = datalen; > - pks.nr_mpi = 1; > - pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen); > - > - if (pks.rsa.s) > - ret = verify_signature(key, &pks); > - > - mpi_free(pks.rsa.s); > + pks.s = hdr->sig; > + pks.s_size = siglen; > + ret = verify_signature(key, &pks); > key_put(key); > pr_debug("%s() = %d\n", __func__, ret); > return ret; > Clean cherry pick. Positive test results. Acked-by: Colin Ian King <colin.king@canonical.com>
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index 73c457b..f0b2463 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig @@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS select ASYMMETRIC_KEY_TYPE select ASYMMETRIC_PUBLIC_KEY_SUBTYPE select PUBLIC_KEY_ALGO_RSA + select CRYPTO_RSA select X509_CERTIFICATE_PARSER help This option enables digital signature verification using diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c index 5ade2a7..2fa3bc6 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -106,13 +106,9 @@ int asymmetric_verify(struct key *keyring, const char *sig, pks.pkey_hash_algo = hdr->hash_algo; pks.digest = (u8 *)data; pks.digest_size = datalen; - pks.nr_mpi = 1; - pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen); - - if (pks.rsa.s) - ret = verify_signature(key, &pks); - - mpi_free(pks.rsa.s); + pks.s = hdr->sig; + pks.s_size = siglen; + ret = verify_signature(key, &pks); key_put(key); pr_debug("%s() = %d\n", __func__, ret); return ret;