aboutsummaryrefslogtreecommitdiffstats
path: root/lib/digsig.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2013-02-21 11:18:12 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2013-02-21 11:18:12 -0500
commit33673dcb372b5d8179c22127ca71deb5f3dc7016 (patch)
treed182e9dc6aa127375a92b5eb619d6cd2ddc23ce7 /lib/digsig.c
parentfe9453a1dcb5fb146f9653267e78f4a558066f6f (diff)
parent5b2660326039a32b28766cb4c1a8b1bdcfadc375 (diff)
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "This is basically a maintenance update for the TPM driver and EVM/IMA" Fix up conflicts in lib/digsig.c and security/integrity/ima/ima_main.c * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (45 commits) tpm/ibmvtpm: build only when IBM pseries is configured ima: digital signature verification using asymmetric keys ima: rename hash calculation functions ima: use new crypto_shash API instead of old crypto_hash ima: add policy support for file system uuid evm: add file system uuid to EVM hmac tpm_tis: check pnp_acpi_device return code char/tpm/tpm_i2c_stm_st33: drop temporary variable for return value char/tpm/tpm_i2c_stm_st33: remove dead assignment in tpm_st33_i2c_probe char/tpm/tpm_i2c_stm_st33: Remove __devexit attribute char/tpm/tpm_i2c_stm_st33: Don't use memcpy for one byte assignment tpm_i2c_stm_st33: removed unused variables/code TPM: Wait for TPM_ACCESS tpmRegValidSts to go high at startup tpm: Fix cancellation of TPM commands (interrupt mode) tpm: Fix cancellation of TPM commands (polling mode) tpm: Store TPM vendor ID TPM: Work around buggy TPMs that block during continue self test tpm_i2c_stm_st33: fix oops when i2c client is unavailable char/tpm: Use struct dev_pm_ops for power management TPM: STMicroelectronics ST33 I2C BUILD STUFF ...
Diffstat (limited to 'lib/digsig.c')
-rw-r--r--lib/digsig.c41
1 files changed, 14 insertions, 27 deletions
diff --git a/lib/digsig.c b/lib/digsig.c
index dc2be7ed1765..2f31e6a45f0a 100644
--- a/lib/digsig.c
+++ b/lib/digsig.c
@@ -30,11 +30,10 @@
30 30
31static struct crypto_shash *shash; 31static struct crypto_shash *shash;
32 32
33static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg, 33static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
34 unsigned long msglen, 34 unsigned long msglen,
35 unsigned long modulus_bitlen, 35 unsigned long modulus_bitlen,
36 unsigned char *out, 36 unsigned long *outlen)
37 unsigned long *outlen)
38{ 37{
39 unsigned long modulus_len, ps_len, i; 38 unsigned long modulus_len, ps_len, i;
40 39
@@ -42,11 +41,11 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
42 41
43 /* test message size */ 42 /* test message size */
44 if ((msglen > modulus_len) || (modulus_len < 11)) 43 if ((msglen > modulus_len) || (modulus_len < 11))
45 return -EINVAL; 44 return NULL;
46 45
47 /* separate encoded message */ 46 /* separate encoded message */
48 if ((msg[0] != 0x00) || (msg[1] != (unsigned char)1)) 47 if (msg[0] != 0x00 || msg[1] != 0x01)
49 return -EINVAL; 48 return NULL;
50 49
51 for (i = 2; i < modulus_len - 1; i++) 50 for (i = 2; i < modulus_len - 1; i++)
52 if (msg[i] != 0xFF) 51 if (msg[i] != 0xFF)
@@ -56,19 +55,13 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
56 if (msg[i] != 0) 55 if (msg[i] != 0)
57 /* There was no octet with hexadecimal value 0x00 56 /* There was no octet with hexadecimal value 0x00
58 to separate ps from m. */ 57 to separate ps from m. */
59 return -EINVAL; 58 return NULL;
60 59
61 ps_len = i - 2; 60 ps_len = i - 2;
62 61
63 if (*outlen < (msglen - (2 + ps_len + 1))) {
64 *outlen = msglen - (2 + ps_len + 1);
65 return -EOVERFLOW;
66 }
67
68 *outlen = (msglen - (2 + ps_len + 1)); 62 *outlen = (msglen - (2 + ps_len + 1));
69 memcpy(out, &msg[2 + ps_len + 1], *outlen);
70 63
71 return 0; 64 return msg + 2 + ps_len + 1;
72} 65}
73 66
74/* 67/*
@@ -83,7 +76,8 @@ static int digsig_verify_rsa(struct key *key,
83 unsigned long mlen, mblen; 76 unsigned long mlen, mblen;
84 unsigned nret, l; 77 unsigned nret, l;
85 int head, i; 78 int head, i;
86 unsigned char *out1 = NULL, *out2 = NULL; 79 unsigned char *out1 = NULL;
80 const char *m;
87 MPI in = NULL, res = NULL, pkey[2]; 81 MPI in = NULL, res = NULL, pkey[2];
88 uint8_t *p, *datap, *endp; 82 uint8_t *p, *datap, *endp;
89 struct user_key_payload *ukp; 83 struct user_key_payload *ukp;
@@ -120,7 +114,7 @@ static int digsig_verify_rsa(struct key *key,
120 } 114 }
121 115
122 mblen = mpi_get_nbits(pkey[0]); 116 mblen = mpi_get_nbits(pkey[0]);
123 mlen = (mblen + 7)/8; 117 mlen = DIV_ROUND_UP(mblen, 8);
124 118
125 if (mlen == 0) 119 if (mlen == 0)
126 goto err; 120 goto err;
@@ -129,10 +123,6 @@ static int digsig_verify_rsa(struct key *key,
129 if (!out1) 123 if (!out1)
130 goto err; 124 goto err;
131 125
132 out2 = kzalloc(mlen, GFP_KERNEL);
133 if (!out2)
134 goto err;
135
136 nret = siglen; 126 nret = siglen;
137 in = mpi_read_from_buffer(sig, &nret); 127 in = mpi_read_from_buffer(sig, &nret);
138 if (!in) 128 if (!in)
@@ -164,18 +154,15 @@ static int digsig_verify_rsa(struct key *key,
164 154
165 kfree(p); 155 kfree(p);
166 156
167 err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); 157 m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
168 if (err)
169 goto err;
170 158
171 if (len != hlen || memcmp(out2, h, hlen)) 159 if (!m || len != hlen || memcmp(m, h, hlen))
172 err = -EINVAL; 160 err = -EINVAL;
173 161
174err: 162err:
175 mpi_free(in); 163 mpi_free(in);
176 mpi_free(res); 164 mpi_free(res);
177 kfree(out1); 165 kfree(out1);
178 kfree(out2);
179 while (--i >= 0) 166 while (--i >= 0)
180 mpi_free(pkey[i]); 167 mpi_free(pkey[i]);
181err1: 168err1:
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-12 13:08:27 -0500