user/sven/linux.git/lib/digsig.c, branch v3.10.67Linux Kernel
https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.10.672013-02-21T16:18:12ZMerge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security2013-02-21T16:18:12ZLinus Torvaldstorvalds@linux-foundation.org2013-02-21T16:18:12Zurn:sha1:33673dcb372b5d8179c22127ca71deb5f3dc7016
Pull security subsystem updates from James Morris:
"This is basically a maintenance update for the TPM driver and EVM/IMA"
Fix up conflicts in lib/digsig.c and security/integrity/ima/ima_main.c
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (45 commits)
tpm/ibmvtpm: build only when IBM pseries is configured
ima: digital signature verification using asymmetric keys
ima: rename hash calculation functions
ima: use new crypto_shash API instead of old crypto_hash
ima: add policy support for file system uuid
evm: add file system uuid to EVM hmac
tpm_tis: check pnp_acpi_device return code
char/tpm/tpm_i2c_stm_st33: drop temporary variable for return value
char/tpm/tpm_i2c_stm_st33: remove dead assignment in tpm_st33_i2c_probe
char/tpm/tpm_i2c_stm_st33: Remove __devexit attribute
char/tpm/tpm_i2c_stm_st33: Don't use memcpy for one byte assignment
tpm_i2c_stm_st33: removed unused variables/code
TPM: Wait for TPM_ACCESS tpmRegValidSts to go high at startup
tpm: Fix cancellation of TPM commands (interrupt mode)
tpm: Fix cancellation of TPM commands (polling mode)
tpm: Store TPM vendor ID
TPM: Work around buggy TPMs that block during continue self test
tpm_i2c_stm_st33: fix oops when i2c client is unavailable
char/tpm: Use struct dev_pm_ops for power management
TPM: STMicroelectronics ST33 I2C BUILD STUFF
...
digsig: remove unnecessary memory allocation and copying2013-02-01T05:28:24ZDmitry Kasatkindmitry.kasatkin@intel.com2013-01-30T09:30:05Zurn:sha1:26d438457ed1b99b6cb26d8f694e8d3de336f9d8
In existing use case, copying of the decoded data is unnecessary in
pkcs_1_v1_5_decode_emsa. It is just enough to get pointer to the message.
Removing copying and extra buffer allocation.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
digsig: Fix memory leakage in digsig_verify_rsa()2013-02-01T04:59:33ZYOSHIFUJI Hideakiyoshfuji@linux-ipv6.org2013-01-25T14:54:20Zurn:sha1:7810cc1e7721220f1ed2a23ca95113d6434f6dcd
digsig_verify_rsa() does not free kmalloc'ed buffer returned by
mpi_get_buffer().
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
digsig: add hash size comparision on signature verification2012-09-13T01:13:02ZDmitry Kasatkindmitry.kasatkin@intel.com2012-09-12T10:26:55Zurn:sha1:bc01637a80f5b670bd70a0279d3f93fa8de1c96d
When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do
not match, hash comparision is not done and digsig_verify_rsa() returns
no error. This is a bug and this patch fixes it.
The bug was introduced in v3.3 by commit b35e286a640f ("lib/digsig:
pkcs_1_v1_5_decode_emsa cleanup").
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lib/digsig: checks for NULL return value2012-02-01T13:24:04ZDmitry Kasatkindmitry.kasatkin@intel.com2012-01-26T17:13:24Zurn:sha1:86f8bedc9e1a8ddb4f1d9ff1f0c1229cc0797d6d
mpi_read_from_buffer() return value must not be NULL.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
lib/digsig: pkcs_1_v1_5_decode_emsa cleanup2012-02-01T13:23:39ZDmitry Kasatkindmitry.kasatkin@intel.com2012-01-26T17:13:26Zurn:sha1:b35e286a640f31d619a637332972498b51f3fd90
Removed useless 'is_valid' variable in pkcs_1_v1_5_decode_emsa(),
which was inhereted from original code. Client now uses return value
to check for an error.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
lib/digsig: additional sanity checks against badly formated key payload2012-02-01T13:23:38ZDmitry Kasatkindmitry.kasatkin@intel.com2012-01-26T17:13:25Zurn:sha1:f58a08152ce4198a2a1da162b97ecf8264c24866
Added sanity checks for possible wrongly formatted key payload data:
- minimum key payload size
- zero modulus length
- corrected upper key payload boundary.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
crypto: digital signature verification support2011-11-09T10:10:37ZDmitry Kasatkindmitry.kasatkin@intel.com2011-10-14T12:25:16Zurn:sha1:051dbb918c7fb7da8e64a2cd0d804ba73399709f
This patch implements RSA digital signature verification using GnuPG library.
The format of the signature and the public key is defined by their respective
headers. The signature header contains version information, algorithm,
and keyid, which was used to generate the signature.
The key header contains version and algorythim type.
The payload of the signature and the key are multi-precision integers.
The signing and key management utilities evm-utils provide functionality
to generate signatures and load keys into the kernel keyring.
When the key is added to the kernel keyring, the keyid defines the name
of the key.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>