tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'v6.9-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:
"This fixes a regression that broke iwd as well as a divide by zero in
iaa"

* tag 'v6.9-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: iaa - Fix nr_cpus < nr_iaa case
Revert "crypto: pkcs7 - remove sha1 support"

Linus Torvalds 174fdc93 4cece764

+114 -5
+3
crypto/asymmetric_keys/mscode_parser.c
··· 75 75 76 76 oid = look_up_OID(value, vlen); 77 77 switch (oid) { 78 + case OID_sha1: 79 + ctx->digest_algo = "sha1"; 80 + break; 78 81 case OID_sha256: 79 82 ctx->digest_algo = "sha256"; 80 83 break;
+4
crypto/asymmetric_keys/pkcs7_parser.c
··· 227 227 struct pkcs7_parse_context *ctx = context; 228 228 229 229 switch (ctx->last_oid) { 230 + case OID_sha1: 231 + ctx->sinfo->sig->hash_algo = "sha1"; 232 + break; 230 233 case OID_sha256: 231 234 ctx->sinfo->sig->hash_algo = "sha256"; 232 235 break; ··· 281 278 ctx->sinfo->sig->pkey_algo = "rsa"; 282 279 ctx->sinfo->sig->encoding = "pkcs1"; 283 280 break; 281 + case OID_id_ecdsa_with_sha1: 284 282 case OID_id_ecdsa_with_sha224: 285 283 case OID_id_ecdsa_with_sha256: 286 284 case OID_id_ecdsa_with_sha384:
+2 -1
crypto/asymmetric_keys/public_key.c
··· 115 115 */ 116 116 if (!hash_algo) 117 117 return -EINVAL; 118 - if (strcmp(hash_algo, "sha224") != 0 && 118 + if (strcmp(hash_algo, "sha1") != 0 && 119 + strcmp(hash_algo, "sha224") != 0 && 119 120 strcmp(hash_algo, "sha256") != 0 && 120 121 strcmp(hash_algo, "sha384") != 0 && 121 122 strcmp(hash_algo, "sha512") != 0 &&
+1 -1
crypto/asymmetric_keys/signature.c
··· 115 115 * Sign the specified data blob using the private key specified by params->key. 116 116 * The signature is wrapped in an encoding if params->encoding is specified 117 117 * (eg. "pkcs1"). If the encoding needs to know the digest type, this can be 118 - * passed through params->hash_algo (eg. "sha512"). 118 + * passed through params->hash_algo (eg. "sha1"). 119 119 * 120 120 * Returns the length of the data placed in the signature buffer or an error. 121 121 */
+8
crypto/asymmetric_keys/x509_cert_parser.c
··· 198 198 default: 199 199 return -ENOPKG; /* Unsupported combination */ 200 200 201 + case OID_sha1WithRSAEncryption: 202 + ctx->cert->sig->hash_algo = "sha1"; 203 + goto rsa_pkcs1; 204 + 201 205 case OID_sha256WithRSAEncryption: 202 206 ctx->cert->sig->hash_algo = "sha256"; 203 207 goto rsa_pkcs1; ··· 217 213 case OID_sha224WithRSAEncryption: 218 214 ctx->cert->sig->hash_algo = "sha224"; 219 215 goto rsa_pkcs1; 216 + 217 + case OID_id_ecdsa_with_sha1: 218 + ctx->cert->sig->hash_algo = "sha1"; 219 + goto ecdsa; 220 220 221 221 case OID_id_rsassa_pkcs1_v1_5_with_sha3_256: 222 222 ctx->cert->sig->hash_algo = "sha3-256";
+80
crypto/testmgr.h
··· 653 653 static const struct akcipher_testvec ecdsa_nist_p192_tv_template[] = { 654 654 { 655 655 .key = 656 + "\x04\xf7\x46\xf8\x2f\x15\xf6\x22\x8e\xd7\x57\x4f\xcc\xe7\xbb\xc1" 657 + "\xd4\x09\x73\xcf\xea\xd0\x15\x07\x3d\xa5\x8a\x8a\x95\x43\xe4\x68" 658 + "\xea\xc6\x25\xc1\xc1\x01\x25\x4c\x7e\xc3\x3c\xa6\x04\x0a\xe7\x08" 659 + "\x98", 660 + .key_len = 49, 661 + .params = 662 + "\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48" 663 + "\xce\x3d\x03\x01\x01", 664 + .param_len = 21, 665 + .m = 666 + "\xcd\xb9\xd2\x1c\xb7\x6f\xcd\x44\xb3\xfd\x63\xea\xa3\x66\x7f\xae" 667 + "\x63\x85\xe7\x82", 668 + .m_size = 20, 669 + .algo = OID_id_ecdsa_with_sha1, 670 + .c = 671 + "\x30\x35\x02\x19\x00\xba\xe5\x93\x83\x6e\xb6\x3b\x63\xa0\x27\x91" 672 + "\xc6\xf6\x7f\xc3\x09\xad\x59\xad\x88\x27\xd6\x92\x6b\x02\x18\x10" 673 + "\x68\x01\x9d\xba\xce\x83\x08\xef\x95\x52\x7b\xa0\x0f\xe4\x18\x86" 674 + "\x80\x6f\xa5\x79\x77\xda\xd0", 675 + .c_size = 55, 676 + .public_key_vec = true, 677 + .siggen_sigver_test = true, 678 + }, { 679 + .key = 656 680 "\x04\xb6\x4b\xb1\xd1\xac\xba\x24\x8f\x65\xb2\x60\x00\x90\xbf\xbd" 657 681 "\x78\x05\x73\xe9\x79\x1d\x6f\x7c\x0b\xd2\xc3\x93\xa7\x28\xe1\x75" 658 682 "\xf7\xd5\x95\x1d\x28\x10\xc0\x75\x50\x5c\x1a\x4f\x3f\x8f\xa5\xee" ··· 779 755 780 756 static const struct akcipher_testvec ecdsa_nist_p256_tv_template[] = { 781 757 { 758 + .key = 759 + "\x04\xb9\x7b\xbb\xd7\x17\x64\xd2\x7e\xfc\x81\x5d\x87\x06\x83\x41" 760 + "\x22\xd6\x9a\xaa\x87\x17\xec\x4f\x63\x55\x2f\x94\xba\xdd\x83\xe9" 761 + "\x34\x4b\xf3\xe9\x91\x13\x50\xb6\xcb\xca\x62\x08\xe7\x3b\x09\xdc" 762 + "\xc3\x63\x4b\x2d\xb9\x73\x53\xe4\x45\xe6\x7c\xad\xe7\x6b\xb0\xe8" 763 + "\xaf", 764 + .key_len = 65, 765 + .params = 766 + "\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48" 767 + "\xce\x3d\x03\x01\x07", 768 + .param_len = 21, 769 + .m = 770 + "\xc2\x2b\x5f\x91\x78\x34\x26\x09\x42\x8d\x6f\x51\xb2\xc5\xaf\x4c" 771 + "\x0b\xde\x6a\x42", 772 + .m_size = 20, 773 + .algo = OID_id_ecdsa_with_sha1, 774 + .c = 775 + "\x30\x46\x02\x21\x00\xf9\x25\xce\x9f\x3a\xa6\x35\x81\xcf\xd4\xe7" 776 + "\xb7\xf0\x82\x56\x41\xf7\xd4\xad\x8d\x94\x5a\x69\x89\xee\xca\x6a" 777 + "\x52\x0e\x48\x4d\xcc\x02\x21\x00\xd7\xe4\xef\x52\x66\xd3\x5b\x9d" 778 + "\x8a\xfa\x54\x93\x29\xa7\x70\x86\xf1\x03\x03\xf3\x3b\xe2\x73\xf7" 779 + "\xfb\x9d\x8b\xde\xd4\x8d\x6f\xad", 780 + .c_size = 72, 781 + .public_key_vec = true, 782 + .siggen_sigver_test = true, 783 + }, { 782 784 .key = 783 785 "\x04\x8b\x6d\xc0\x33\x8e\x2d\x8b\x67\xf5\xeb\xc4\x7f\xa0\xf5\xd9" 784 786 "\x7b\x03\xa5\x78\x9a\xb5\xea\x14\xe4\x23\xd0\xaf\xd7\x0e\x2e\xa0" ··· 916 866 917 867 static const struct akcipher_testvec ecdsa_nist_p384_tv_template[] = { 918 868 { 869 + .key = /* secp384r1(sha1) */ 870 + "\x04\x89\x25\xf3\x97\x88\xcb\xb0\x78\xc5\x72\x9a\x14\x6e\x7a\xb1" 871 + "\x5a\xa5\x24\xf1\x95\x06\x9e\x28\xfb\xc4\xb9\xbe\x5a\x0d\xd9\x9f" 872 + "\xf3\xd1\x4d\x2d\x07\x99\xbd\xda\xa7\x66\xec\xbb\xea\xba\x79\x42" 873 + "\xc9\x34\x89\x6a\xe7\x0b\xc3\xf2\xfe\x32\x30\xbe\xba\xf9\xdf\x7e" 874 + "\x4b\x6a\x07\x8e\x26\x66\x3f\x1d\xec\xa2\x57\x91\x51\xdd\x17\x0e" 875 + "\x0b\x25\xd6\x80\x5c\x3b\xe6\x1a\x98\x48\x91\x45\x7a\x73\xb0\xc3" 876 + "\xf1", 877 + .key_len = 97, 878 + .params = 879 + "\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04" 880 + "\x00\x22", 881 + .param_len = 18, 882 + .m = 883 + "\x12\x55\x28\xf0\x77\xd5\xb6\x21\x71\x32\x48\xcd\x28\xa8\x25\x22" 884 + "\x3a\x69\xc1\x93", 885 + .m_size = 20, 886 + .algo = OID_id_ecdsa_with_sha1, 887 + .c = 888 + "\x30\x66\x02\x31\x00\xf5\x0f\x24\x4c\x07\x93\x6f\x21\x57\x55\x07" 889 + "\x20\x43\x30\xde\xa0\x8d\x26\x8e\xae\x63\x3f\xbc\x20\x3a\xc6\xf1" 890 + "\x32\x3c\xce\x70\x2b\x78\xf1\x4c\x26\xe6\x5b\x86\xcf\xec\x7c\x7e" 891 + "\xd0\x87\xd7\xd7\x6e\x02\x31\x00\xcd\xbb\x7e\x81\x5d\x8f\x63\xc0" 892 + "\x5f\x63\xb1\xbe\x5e\x4c\x0e\xa1\xdf\x28\x8c\x1b\xfa\xf9\x95\x88" 893 + "\x74\xa0\x0f\xbf\xaf\xc3\x36\x76\x4a\xa1\x59\xf1\x1c\xa4\x58\x26" 894 + "\x79\x12\x2a\xb7\xc5\x15\x92\xc5", 895 + .c_size = 104, 896 + .public_key_vec = true, 897 + .siggen_sigver_test = true, 898 + }, { 919 899 .key = /* secp384r1(sha224) */ 920 900 "\x04\x69\x6c\xcf\x62\xee\xd0\x0d\xe5\xb5\x2f\x70\x54\xcf\x26\xa0" 921 901 "\xd9\x98\x8d\x92\x2a\xab\x9b\x11\xcb\x48\x18\xa1\xa9\x0d\xd5\x18"
+7 -3
drivers/crypto/intel/iaa/iaa_crypto_main.c
··· 806 806 return -EINVAL; 807 807 808 808 cpus_per_iaa = (nr_nodes * nr_cpus_per_node) / nr_iaa; 809 + if (!cpus_per_iaa) 810 + cpus_per_iaa = 1; 809 811 out: 810 812 return 0; 811 813 } ··· 823 821 } 824 822 } 825 823 826 - if (nr_iaa) 824 + if (nr_iaa) { 827 825 cpus_per_iaa = (nr_nodes * nr_cpus_per_node) / nr_iaa; 828 - else 829 - cpus_per_iaa = 0; 826 + if (!cpus_per_iaa) 827 + cpus_per_iaa = 1; 828 + } else 829 + cpus_per_iaa = 1; 830 830 } 831 831 832 832 static int wq_table_add_wqs(int iaa, int cpu)
+4
include/linux/oid_registry.h
··· 17 17 * build_OID_registry.pl to generate the data for look_up_OID(). 18 18 */ 19 19 enum OID { 20 + OID_id_dsa_with_sha1, /* 1.2.840.10030.4.3 */ 20 21 OID_id_dsa, /* 1.2.840.10040.4.1 */ 21 22 OID_id_ecPublicKey, /* 1.2.840.10045.2.1 */ 22 23 OID_id_prime192v1, /* 1.2.840.10045.3.1.1 */ 23 24 OID_id_prime256v1, /* 1.2.840.10045.3.1.7 */ 25 + OID_id_ecdsa_with_sha1, /* 1.2.840.10045.4.1 */ 24 26 OID_id_ecdsa_with_sha224, /* 1.2.840.10045.4.3.1 */ 25 27 OID_id_ecdsa_with_sha256, /* 1.2.840.10045.4.3.2 */ 26 28 OID_id_ecdsa_with_sha384, /* 1.2.840.10045.4.3.3 */ ··· 30 28 31 29 /* PKCS#1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)} */ 32 30 OID_rsaEncryption, /* 1.2.840.113549.1.1.1 */ 31 + OID_sha1WithRSAEncryption, /* 1.2.840.113549.1.1.5 */ 33 32 OID_sha256WithRSAEncryption, /* 1.2.840.113549.1.1.11 */ 34 33 OID_sha384WithRSAEncryption, /* 1.2.840.113549.1.1.12 */ 35 34 OID_sha512WithRSAEncryption, /* 1.2.840.113549.1.1.13 */ ··· 67 64 OID_PKU2U, /* 1.3.5.1.5.2.7 */ 68 65 OID_Scram, /* 1.3.6.1.5.5.14 */ 69 66 OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */ 67 + OID_sha1, /* 1.3.14.3.2.26 */ 70 68 OID_id_ansip384r1, /* 1.3.132.0.34 */ 71 69 OID_sha256, /* 2.16.840.1.101.3.4.2.1 */ 72 70 OID_sha384, /* 2.16.840.1.101.3.4.2.2 */
+5
kernel/module/Kconfig
··· 236 236 possible to load a signed module containing the algorithm to check 237 237 the signature on that module. 238 238 239 + config MODULE_SIG_SHA1 240 + bool "Sign modules with SHA-1" 241 + select CRYPTO_SHA1 242 + 239 243 config MODULE_SIG_SHA256 240 244 bool "Sign modules with SHA-256" 241 245 select CRYPTO_SHA256 ··· 269 265 config MODULE_SIG_HASH 270 266 string 271 267 depends on MODULE_SIG || IMA_APPRAISE_MODSIG 268 + default "sha1" if MODULE_SIG_SHA1 272 269 default "sha256" if MODULE_SIG_SHA256 273 270 default "sha384" if MODULE_SIG_SHA384 274 271 default "sha512" if MODULE_SIG_SHA512