Skip to content

Commit 191cac3

Browse files
Eric Biggersmimizohar
Eric Biggers
authored and
mimizohar
committed
lib/digsig: Use SHA-1 library instead of crypto_shash
Now that a SHA-1 library API is available, use it instead of crypto_shash. This is simpler and faster. Signed-off-by: Eric Biggers <[email protected]> Reviewed-by: Paul Menzel <[email protected]> Signed-off-by: Mimi Zohar <[email protected]>
1 parent 1376956 commit 191cac3

File tree

2 files changed

+7
-42
lines changed

2 files changed

+7
-42
lines changed

lib/Kconfig

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -477,8 +477,7 @@ config MPILIB
477477
config SIGNATURE
478478
tristate
479479
depends on KEYS
480-
select CRYPTO
481-
select CRYPTO_SHA1
480+
select CRYPTO_LIB_SHA1
482481
select MPILIB
483482
help
484483
Digital signature verification. Currently only RSA is supported.

lib/digsig.c

Lines changed: 6 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -18,15 +18,11 @@
1818
#include <linux/module.h>
1919
#include <linux/slab.h>
2020
#include <linux/key.h>
21-
#include <linux/crypto.h>
22-
#include <crypto/hash.h>
2321
#include <crypto/sha1.h>
2422
#include <keys/user-type.h>
2523
#include <linux/mpi.h>
2624
#include <linux/digsig.h>
2725

28-
static struct crypto_shash *shash;
29-
3026
static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
3127
unsigned long msglen,
3228
unsigned long modulus_bitlen,
@@ -199,12 +195,12 @@ static int digsig_verify_rsa(struct key *key,
199195
int digsig_verify(struct key *keyring, const char *sig, int siglen,
200196
const char *data, int datalen)
201197
{
202-
int err = -ENOMEM;
203198
struct signature_hdr *sh = (struct signature_hdr *)sig;
204-
struct shash_desc *desc = NULL;
199+
struct sha1_ctx ctx;
205200
unsigned char hash[SHA1_DIGEST_SIZE];
206201
struct key *key;
207202
char name[20];
203+
int err;
208204

209205
if (siglen < sizeof(*sh) + 2)
210206
return -EINVAL;
@@ -231,49 +227,19 @@ int digsig_verify(struct key *keyring, const char *sig, int siglen,
231227
return PTR_ERR(key);
232228
}
233229

234-
desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
235-
GFP_KERNEL);
236-
if (!desc)
237-
goto err;
238-
239-
desc->tfm = shash;
240-
241-
crypto_shash_init(desc);
242-
crypto_shash_update(desc, data, datalen);
243-
crypto_shash_update(desc, sig, sizeof(*sh));
244-
crypto_shash_final(desc, hash);
245-
246-
kfree(desc);
230+
sha1_init(&ctx);
231+
sha1_update(&ctx, data, datalen);
232+
sha1_update(&ctx, sig, sizeof(*sh));
233+
sha1_final(&ctx, hash);
247234

248235
/* pass signature mpis address */
249236
err = digsig_verify_rsa(key, sig + sizeof(*sh), siglen - sizeof(*sh),
250237
hash, sizeof(hash));
251238

252-
err:
253239
key_put(key);
254240

255241
return err ? -EINVAL : 0;
256242
}
257243
EXPORT_SYMBOL_GPL(digsig_verify);
258244

259-
static int __init digsig_init(void)
260-
{
261-
shash = crypto_alloc_shash("sha1", 0, 0);
262-
if (IS_ERR(shash)) {
263-
pr_err("shash allocation failed\n");
264-
return PTR_ERR(shash);
265-
}
266-
267-
return 0;
268-
269-
}
270-
271-
static void __exit digsig_cleanup(void)
272-
{
273-
crypto_free_shash(shash);
274-
}
275-
276-
module_init(digsig_init);
277-
module_exit(digsig_cleanup);
278-
279245
MODULE_LICENSE("GPL");

0 commit comments

Comments
 (0)