| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250712232329.818226-21-ebiggers@kernel.org>
Date: Sat, 12 Jul 2025 16:23:11 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: linux-crypto@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
Ard Biesheuvel <ardb@...nel.org>,
"Jason A . Donenfeld" <Jason@...c4.com>,
linux-arm-kernel@...ts.infradead.org,
linux-mips@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org,
linux-s390@...r.kernel.org,
sparclinux@...r.kernel.org,
x86@...nel.org,
Eric Biggers <ebiggers@...nel.org>
Subject: [PATCH 20/26] lib/digsig: Use SHA-1 library instead of crypto_shash
Use the SHA-1 library functions instead of crypto_shash. This is
simpler and faster.
Signed-off-by: Eric Biggers <ebiggers@...nel.org>
---
lib/Kconfig | 3 +--
lib/digsig.c | 46 ++++++----------------------------------------
2 files changed, 7 insertions(+), 42 deletions(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index 37db228f70a99..670c19800c26c 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -561,12 +561,11 @@ config MPILIB
which is used by IMA/EVM digital signature extension.
config SIGNATURE
tristate
depends on KEYS
- select CRYPTO
- select CRYPTO_SHA1
+ select CRYPTO_LIB_SHA1
select MPILIB
help
Digital signature verification. Currently only RSA is supported.
Implementation is done using GnuPG MPI library
diff --git a/lib/digsig.c b/lib/digsig.c
index 04b5e55ed95f5..5ddcc52f76863 100644
--- a/lib/digsig.c
+++ b/lib/digsig.c
@@ -16,19 +16,15 @@
#include <linux/err.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/key.h>
-#include <linux/crypto.h>
-#include <crypto/hash.h>
#include <crypto/sha1.h>
#include <keys/user-type.h>
#include <linux/mpi.h>
#include <linux/digsig.h>
-static struct crypto_shash *shash;
-
static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
unsigned long msglen,
unsigned long modulus_bitlen,
unsigned long *outlen)
{
@@ -197,16 +193,16 @@ static int digsig_verify_rsa(struct key *key,
*
*/
int digsig_verify(struct key *keyring, const char *sig, int siglen,
const char *data, int datalen)
{
- int err = -ENOMEM;
struct signature_hdr *sh = (struct signature_hdr *)sig;
- struct shash_desc *desc = NULL;
+ struct sha1_ctx ctx;
unsigned char hash[SHA1_DIGEST_SIZE];
struct key *key;
char name[20];
+ int err;
if (siglen < sizeof(*sh) + 2)
return -EINVAL;
if (sh->algo != PUBKEY_ALGO_RSA)
@@ -229,51 +225,21 @@ int digsig_verify(struct key *keyring, const char *sig, int siglen,
if (IS_ERR(key)) {
pr_err("key not found, id: %s\n", name);
return PTR_ERR(key);
}
- desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
- GFP_KERNEL);
- if (!desc)
- goto err;
-
- desc->tfm = shash;
-
- crypto_shash_init(desc);
- crypto_shash_update(desc, data, datalen);
- crypto_shash_update(desc, sig, sizeof(*sh));
- crypto_shash_final(desc, hash);
-
- kfree(desc);
+ sha1_init(&ctx);
+ sha1_update(&ctx, data, datalen);
+ sha1_update(&ctx, sig, sizeof(*sh));
+ sha1_final(&ctx, hash);
/* pass signature mpis address */
err = digsig_verify_rsa(key, sig + sizeof(*sh), siglen - sizeof(*sh),
hash, sizeof(hash));
-err:
key_put(key);
return err ? -EINVAL : 0;
}
EXPORT_SYMBOL_GPL(digsig_verify);
-static int __init digsig_init(void)
-{
- shash = crypto_alloc_shash("sha1", 0, 0);
- if (IS_ERR(shash)) {
- pr_err("shash allocation failed\n");
- return PTR_ERR(shash);
- }
-
- return 0;
-
-}
-
-static void __exit digsig_cleanup(void)
-{
- crypto_free_shash(shash);
-}
-
-module_init(digsig_init);
-module_exit(digsig_cleanup);
-
MODULE_LICENSE("GPL");
--
2.50.1
Powered by blists - more mailing lists