[SRU,Xenial,1/1] integrity: convert digsig to akcipher api

Message ID f576845f68f6e3fdc9c593cbe9a83f0b0a866df4.1512667523.git.joseph.salisbury@canonical.com
State New
Headers show
Series
  • [SRU,Xenial,1/1] integrity: convert digsig to akcipher api
Related show

Commit Message

Joseph Salisbury Dec. 7, 2017, 6:37 p.m.
From: Tadeusz Struk <tadeusz.struk@intel.com>

BugLink: http://bugs.launchpad.net/bugs/1735977

Convert asymmetric_verify to akcipher api.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David Howells <dhowells@redhat.com>
(cherry picked from commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de)
Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com>
---
 security/integrity/Kconfig             |  1 +
 security/integrity/digsig_asymmetric.c | 10 +++-------
 2 files changed, 4 insertions(+), 7 deletions(-)

Comments

Stefan Bader Jan. 23, 2018, 10:09 a.m. | #1
On 07.12.2017 19:37, Joseph Salisbury wrote:
> From: Tadeusz Struk <tadeusz.struk@intel.com>
> 
> BugLink: http://bugs.launchpad.net/bugs/1735977
> 
> Convert asymmetric_verify to akcipher api.
> 
> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
> Signed-off-by: David Howells <dhowells@redhat.com>
> (cherry picked from commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de)
> Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>

> ---
>  security/integrity/Kconfig             |  1 +
>  security/integrity/digsig_asymmetric.c | 10 +++-------
>  2 files changed, 4 insertions(+), 7 deletions(-)
> 
> diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
> index 73c457b..f0b2463 100644
> --- a/security/integrity/Kconfig
> +++ b/security/integrity/Kconfig
> @@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
>          select ASYMMETRIC_KEY_TYPE
>          select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
>          select PUBLIC_KEY_ALGO_RSA
> +        select CRYPTO_RSA
>          select X509_CERTIFICATE_PARSER
>  	help
>  	  This option enables digital signature verification using
> diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
> index 5ade2a7..2fa3bc6 100644
> --- a/security/integrity/digsig_asymmetric.c
> +++ b/security/integrity/digsig_asymmetric.c
> @@ -106,13 +106,9 @@ int asymmetric_verify(struct key *keyring, const char *sig,
>  	pks.pkey_hash_algo = hdr->hash_algo;
>  	pks.digest = (u8 *)data;
>  	pks.digest_size = datalen;
> -	pks.nr_mpi = 1;
> -	pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen);
> -
> -	if (pks.rsa.s)
> -		ret = verify_signature(key, &pks);
> -
> -	mpi_free(pks.rsa.s);
> +	pks.s = hdr->sig;
> +	pks.s_size = siglen;
> +	ret = verify_signature(key, &pks);
>  	key_put(key);
>  	pr_debug("%s() = %d\n", __func__, ret);
>  	return ret;
>
Colin Ian King Jan. 23, 2018, 2:30 p.m. | #2
On 07/12/17 18:37, Joseph Salisbury wrote:
> From: Tadeusz Struk <tadeusz.struk@intel.com>
> 
> BugLink: http://bugs.launchpad.net/bugs/1735977
> 
> Convert asymmetric_verify to akcipher api.
> 
> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
> Signed-off-by: David Howells <dhowells@redhat.com>
> (cherry picked from commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de)
> Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com>
> ---
>  security/integrity/Kconfig             |  1 +
>  security/integrity/digsig_asymmetric.c | 10 +++-------
>  2 files changed, 4 insertions(+), 7 deletions(-)
> 
> diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
> index 73c457b..f0b2463 100644
> --- a/security/integrity/Kconfig
> +++ b/security/integrity/Kconfig
> @@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
>          select ASYMMETRIC_KEY_TYPE
>          select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
>          select PUBLIC_KEY_ALGO_RSA
> +        select CRYPTO_RSA
>          select X509_CERTIFICATE_PARSER
>  	help
>  	  This option enables digital signature verification using
> diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
> index 5ade2a7..2fa3bc6 100644
> --- a/security/integrity/digsig_asymmetric.c
> +++ b/security/integrity/digsig_asymmetric.c
> @@ -106,13 +106,9 @@ int asymmetric_verify(struct key *keyring, const char *sig,
>  	pks.pkey_hash_algo = hdr->hash_algo;
>  	pks.digest = (u8 *)data;
>  	pks.digest_size = datalen;
> -	pks.nr_mpi = 1;
> -	pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen);
> -
> -	if (pks.rsa.s)
> -		ret = verify_signature(key, &pks);
> -
> -	mpi_free(pks.rsa.s);
> +	pks.s = hdr->sig;
> +	pks.s_size = siglen;
> +	ret = verify_signature(key, &pks);
>  	key_put(key);
>  	pr_debug("%s() = %d\n", __func__, ret);
>  	return ret;
> 

Clean cherry pick. Positive test results.

Acked-by: Colin Ian King <colin.king@canonical.com>

Patch

diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 73c457b..f0b2463 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -36,6 +36,7 @@  config INTEGRITY_ASYMMETRIC_KEYS
         select ASYMMETRIC_KEY_TYPE
         select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
         select PUBLIC_KEY_ALGO_RSA
+        select CRYPTO_RSA
         select X509_CERTIFICATE_PARSER
 	help
 	  This option enables digital signature verification using
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 5ade2a7..2fa3bc6 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -106,13 +106,9 @@  int asymmetric_verify(struct key *keyring, const char *sig,
 	pks.pkey_hash_algo = hdr->hash_algo;
 	pks.digest = (u8 *)data;
 	pks.digest_size = datalen;
-	pks.nr_mpi = 1;
-	pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen);
-
-	if (pks.rsa.s)
-		ret = verify_signature(key, &pks);
-
-	mpi_free(pks.rsa.s);
+	pks.s = hdr->sig;
+	pks.s_size = siglen;
+	ret = verify_signature(key, &pks);
 	key_put(key);
 	pr_debug("%s() = %d\n", __func__, ret);
 	return ret;