diff options
author | Mauro Carvalho Chehab <m.chehab@samsung.com> | 2014-02-03 15:32:45 -0200 |
---|---|---|
committer | Mauro Carvalho Chehab <m.chehab@samsung.com> | 2014-02-03 15:32:45 -0200 |
commit | 46932cc3784fab58cedfed099127f243e7af9102 (patch) | |
tree | 3a6fe72386b4567b1b6aa156613db607ee737263 /crypto/asymmetric_keys | |
parent | 2d913b33066b19294e6ea3e5caed196751ecf17e (diff) | |
parent | f6490f52c919d9a90918fd2f944e94e4c980b472 (diff) | |
download | linux-crypto-46932cc3784fab58cedfed099127f243e7af9102.tar.gz linux-crypto-46932cc3784fab58cedfed099127f243e7af9102.zip |
Merge tag 'v3.14-rc1' into patchwork
Linus 3.14-rc1
* tag 'v3.14-rc1': (11781 commits)
Linus 3.14-rc1
hpfs: optimize quad buffer loading
hpfs: remember free space
parisc: add flexible mmap memory layout support
parisc: Make EWOULDBLOCK be equal to EAGAIN on parisc
parisc: convert uapi/asm/stat.h to use native types only
parisc: wire up sched_setattr and sched_getattr
parisc: fix cache-flushing
parisc/sti_console: prefer Linux fonts over built-in ROM fonts
hwmon: Fix SENSORS_TMP102 dependencies to eliminate build errors
hwmon: Fix SENSORS_LM75 dependencies to eliminate build errors
tools/power turbostat: introduce -s to dump counters
tools/power turbostat: remove unused command line option
afs: proc cells and rootcell are writeable
tile: remove compat_sys_lookup_dcookie declaration to fix compile error
Revert "PCI: Remove from bus_list and release resources in pci_release_dev()"
ARM: multi_v7_defconfig: remove redundant entries and re-enable TI_EDMA
ARM: multi_v7_defconfig: add mvebu drivers
clocksource: kona: Add basic use of external clock
drivers: bus: fix CCI driver kcalloc call parameters swap
...
Diffstat (limited to '')
-rw-r--r-- | crypto/asymmetric_keys/rsa.c | 5 | ||||
-rw-r--r-- | crypto/asymmetric_keys/x509_public_key.c | 81 |
2 files changed, 4 insertions, 82 deletions
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c index 90a17f59..459cf97a 100644 --- a/crypto/asymmetric_keys/rsa.c +++ b/crypto/asymmetric_keys/rsa.c @@ -13,6 +13,7 @@ #include <linux/module.h> #include <linux/kernel.h> #include <linux/slab.h> +#include <crypto/algapi.h> #include "public_key.h" MODULE_LICENSE("GPL"); @@ -189,12 +190,12 @@ static int RSA_verify(const u8 *H, const u8 *EM, size_t k, size_t hash_size, } } - if (memcmp(asn1_template, EM + T_offset, asn1_size) != 0) { + if (crypto_memneq(asn1_template, EM + T_offset, asn1_size) != 0) { kleave(" = -EBADMSG [EM[T] ASN.1 mismatch]"); return -EBADMSG; } - if (memcmp(H, EM + T_offset + asn1_size, hash_size) != 0) { + if (crypto_memneq(H, EM + T_offset + asn1_size, hash_size) != 0) { kleave(" = -EKEYREJECTED [EM[T] hash mismatch]"); return -EKEYREJECTED; } diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index f83300b6..382ef0d2 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -18,60 +18,12 @@ #include <linux/asn1_decoder.h> #include <keys/asymmetric-subtype.h> #include <keys/asymmetric-parser.h> -#include <keys/system_keyring.h> #include <crypto/hash.h> #include "asymmetric_keys.h" #include "public_key.h" #include "x509_parser.h" /* - * Find a key in the given keyring by issuer and authority. - */ -static struct key *x509_request_asymmetric_key( - struct key *keyring, - const char *signer, size_t signer_len, - const char *authority, size_t auth_len) -{ - key_ref_t key; - char *id; - - /* Construct an identifier. */ - id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL); - if (!id) - return ERR_PTR(-ENOMEM); - - memcpy(id, signer, signer_len); - id[signer_len + 0] = ':'; - id[signer_len + 1] = ' '; - memcpy(id + signer_len + 2, authority, auth_len); - id[signer_len + 2 + auth_len] = 0; - - pr_debug("Look up: \"%s\"\n", id); - - key = keyring_search(make_key_ref(keyring, 1), - &key_type_asymmetric, id); - if (IS_ERR(key)) - pr_debug("Request for module key '%s' err %ld\n", - id, PTR_ERR(key)); - kfree(id); - - if (IS_ERR(key)) { - switch (PTR_ERR(key)) { - /* Hide some search errors */ - case -EACCES: - case -ENOTDIR: - case -EAGAIN: - return ERR_PTR(-ENOKEY); - default: - return ERR_CAST(key); - } - } - - pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key))); - return key_ref_to_ptr(key); -} - -/* * Set up the signature parameters in an X.509 certificate. This involves * digesting the signed data and extracting the signature. */ @@ -151,33 +103,6 @@ int x509_check_signature(const struct public_key *pub, EXPORT_SYMBOL_GPL(x509_check_signature); /* - * Check the new certificate against the ones in the trust keyring. If one of - * those is the signing key and validates the new certificate, then mark the - * new certificate as being trusted. - * - * Return 0 if the new certificate was successfully validated, 1 if we couldn't - * find a matching parent certificate in the trusted list and an error if there - * is a matching certificate but the signature check fails. - */ -static int x509_validate_trust(struct x509_certificate *cert, - struct key *trust_keyring) -{ - const struct public_key *pk; - struct key *key; - int ret = 1; - - key = x509_request_asymmetric_key(trust_keyring, - cert->issuer, strlen(cert->issuer), - cert->authority, - strlen(cert->authority)); - if (!IS_ERR(key)) { - pk = key->payload.data; - ret = x509_check_signature(pk, cert); - } - return ret; -} - -/* * Attempt to parse a data blob for a key as an X509 certificate. */ static int x509_key_preparse(struct key_preparsed_payload *prep) @@ -230,13 +155,9 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) /* Check the signature on the key if it appears to be self-signed */ if (!cert->authority || strcmp(cert->fingerprint, cert->authority) == 0) { - ret = x509_check_signature(cert->pub, cert); /* self-signed */ + ret = x509_check_signature(cert->pub, cert); if (ret < 0) goto error_free_cert; - } else { - ret = x509_validate_trust(cert, system_trusted_keyring); - if (!ret) - prep->trusted = 1; } /* Propose a description */ |