1. 27 Oct, 2017 1 commit
  2. 31 May, 2016 2 commits
    • Nicolai Stange's avatar
      lib/digsig: digsig_verify_rsa(): return -EINVAL if modulo length is zero · c5ce7c69
      Nicolai Stange authored
      Currently, if digsig_verify_rsa() detects that the modulo's length is zero,
      i.e. mlen == 0, it returns -ENOMEM which doesn't really fit here.
      Make digsig_verify_rsa() return -EINVAL upon mlen == 0.
      Signed-off-by: default avatarNicolai Stange <nicstange@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    • Nicolai Stange's avatar
      lib/mpi: mpi_read_from_buffer(): return error code · 03cdfaad
      Nicolai Stange authored
      mpi_read_from_buffer() reads a MPI from a buffer into a newly allocated
      MPI instance. It expects the buffer's leading two bytes to contain the
      number of bits, followed by the actual payload.
      On failure, it returns NULL and updates the in/out argument ret_nread
      somewhat inconsistently:
      - If the given buffer is too short to contain the leading two bytes
        encoding the number of bits or their value is unsupported, then
        ret_nread will be cleared.
      - If the allocation of the resulting MPI instance fails, ret_nread is left
        as is.
      The only user of mpi_read_from_buffer(), digsig_verify_rsa(), simply checks
      for a return value of NULL and returns -ENOMEM if that happens.
      While this is all of cosmetic nature only, there is another error condition
      which currently isn't detectable by the caller of mpi_read_from_buffer():
      if the given buffer is too small to hold the number of bits as encoded in
      its first two bytes, the return value will be non-NULL and *ret_nread > 0.
      In preparation of communicating this condition to the caller, let
      mpi_read_from_buffer() return error values by means of the ERR_PTR()
      Make the sole caller of mpi_read_from_buffer(), digsig_verify_rsa(),
      check the return value for IS_ERR() rather than == NULL. If IS_ERR() is
      true, return the associated error value rather than the fixed -ENOMEM.
      Signed-off-by: default avatarNicolai Stange <nicstange@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
  3. 21 Oct, 2015 1 commit
    • David Howells's avatar
      KEYS: Merge the type-specific data with the payload data · 146aa8b1
      David Howells authored
      Merge the type-specific data with the payload data into one four-word chunk
      as it seems pointless to keep them separate.
      Use user_key_payload() for accessing the payloads of overloaded
      user-defined keys.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: linux-cifs@vger.kernel.org
      cc: ecryptfs@vger.kernel.org
      cc: linux-ext4@vger.kernel.org
      cc: linux-f2fs-devel@lists.sourceforge.net
      cc: linux-nfs@vger.kernel.org
      cc: ceph-devel@vger.kernel.org
      cc: linux-ima-devel@lists.sourceforge.net
  4. 04 Jun, 2014 1 commit
  5. 13 Nov, 2013 1 commit
  6. 01 Feb, 2013 2 commits
  7. 13 Sep, 2012 1 commit
  8. 01 Feb, 2012 3 commits
  9. 09 Nov, 2011 1 commit
    • Dmitry Kasatkin's avatar
      crypto: digital signature verification support · 051dbb91
      Dmitry Kasatkin authored
      This patch implements RSA digital signature verification using GnuPG library.
      The format of the signature and the public key is defined by their respective
      headers. The signature header contains version information, algorithm,
      and keyid, which was used to generate the signature.
      The key header contains version and algorythim type.
      The payload of the signature and the key are multi-precision integers.
      The signing and key management utilities evm-utils provide functionality
      to generate signatures and load keys into the kernel keyring.
      When the key is added to the kernel keyring, the keyid defines the name
      of the key.
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      Acked-by: default avatarMimi Zohar <zohar@us.ibm.com>