linux-2.6

dect

Archived

Author	SHA1	Message	Date
YOSHIFUJI Hideaki	7810cc1e77	digsig: Fix memory leakage in digsig_verify_rsa() digsig_verify_rsa() does not free kmalloc'ed buffer returned by mpi_get_buffer(). Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Cc: stable@vger.kernel.org Signed-off-by: James Morris <james.l.morris@oracle.com>	2013-02-01 15:59:33 +11:00
Dmitry Kasatkin	bc01637a80	digsig: add hash size comparision on signature verification When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do not match, hash comparision is not done and digsig_verify_rsa() returns no error. This is a bug and this patch fixes it. The bug was introduced in v3.3 by commit `b35e286a64` ("lib/digsig: pkcs_1_v1_5_decode_emsa cleanup"). Cc: stable@vger.kernel.org Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2012-09-13 09:13:02 +08:00
Dmitry Kasatkin	86f8bedc9e	lib/digsig: checks for NULL return value mpi_read_from_buffer() return value must not be NULL. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>	2012-02-02 00:24:04 +11:00
Dmitry Kasatkin	b35e286a64	lib/digsig: pkcs_1_v1_5_decode_emsa cleanup Removed useless 'is_valid' variable in pkcs_1_v1_5_decode_emsa(), which was inhereted from original code. Client now uses return value to check for an error. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>	2012-02-02 00:23:39 +11:00
Dmitry Kasatkin	f58a08152c	lib/digsig: additional sanity checks against badly formated key payload Added sanity checks for possible wrongly formatted key payload data: - minimum key payload size - zero modulus length - corrected upper key payload boundary. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>	2012-02-02 00:23:38 +11:00
Dmitry Kasatkin	051dbb918c	crypto: digital signature verification support This patch implements RSA digital signature verification using GnuPG library. The format of the signature and the public key is defined by their respective headers. The signature header contains version information, algorithm, and keyid, which was used to generate the signature. The key header contains version and algorythim type. The payload of the signature and the key are multi-precision integers. The signing and key management utilities evm-utils provide functionality to generate signatures and load keys into the kernel keyring. When the key is added to the kernel keyring, the keyid defines the name of the key. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Acked-by: Mimi Zohar <zohar@us.ibm.com>	2011-11-09 12:10:37 +02:00

6 Commits