Commit b3a8c8a5 authored by Denis Kenzior's avatar Denis Kenzior Committed by James Morris
Browse files

crypto: rsa-pkcs1pad: Allow hash to be optional [ver #2] 



The original pkcs1pad implementation allowed to pad/unpad raw RSA
output.  However, this has been taken out in commit:
commit c0d20d22 ("crypto: rsa-pkcs1pad - Require hash to be present")

This patch restored this ability as it is needed by the asymmetric key
implementation.

Signed-off-by: default avatarDenis Kenzior <denkenz@gmail.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Tested-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Reviewed-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarJames Morris <james.morris@microsoft.com>
parent 3c58b236

crypto/rsa-pkcs1pad.c

+41 −18
Original line number Diff line number Diff line
@@ -392,6 +392,7 @@ static int pkcs1pad_sign(struct akcipher_request *req) 
	if (!ctx->key_size)

		return -EINVAL;



	if (digest_info)

		digest_size = digest_info->size;



	if (req->src_len + digest_size > ctx->key_size - 11)
@@ -412,6 +413,7 @@ static int pkcs1pad_sign(struct akcipher_request *req) 
	memset(req_ctx->in_buf + 1, 0xff, ps_end - 1);

	req_ctx->in_buf[ps_end] = 0x00;



	if (digest_info)

		memcpy(req_ctx->in_buf + ps_end + 1, digest_info->data,

		       digest_info->size);
@@ -475,10 +477,13 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err) 
		goto done;

	pos++;



	if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size))

	if (digest_info) {

		if (crypto_memneq(out_buf + pos, digest_info->data,

				  digest_info->size))

			goto done;



		pos += digest_info->size;

	}



	err = 0;
@@ -608,11 +613,14 @@ static int pkcs1pad_create(struct crypto_template *tmpl, struct rtattr **tb) 


	hash_name = crypto_attr_alg_name(tb[2]);

	if (IS_ERR(hash_name))

		return PTR_ERR(hash_name);

		hash_name = NULL;



	if (hash_name) {

		digest_info = rsa_lookup_asn1(hash_name);

		if (!digest_info)

			return -EINVAL;

	} else

		digest_info = NULL;



	inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);

	if (!inst)
@@ -632,14 +640,29 @@ static int pkcs1pad_create(struct crypto_template *tmpl, struct rtattr **tb) 


	err = -ENAMETOOLONG;



	if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,

		     "pkcs1pad(%s,%s)", rsa_alg->base.cra_name, hash_name) >=

	    CRYPTO_MAX_ALG_NAME ||

	    snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,

		     "pkcs1pad(%s,%s)",

		     rsa_alg->base.cra_driver_name, hash_name) >=

	if (!hash_name) {

		if (snprintf(inst->alg.base.cra_name,

			     CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)",

			     rsa_alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME)

			goto out_drop_alg;



		if (snprintf(inst->alg.base.cra_driver_name,

			     CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)",

			     rsa_alg->base.cra_driver_name) >=

			     CRYPTO_MAX_ALG_NAME)

			goto out_drop_alg;

	} else {

		if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,

			     "pkcs1pad(%s,%s)", rsa_alg->base.cra_name,

			     hash_name) >= CRYPTO_MAX_ALG_NAME)

			goto out_drop_alg;



		if (snprintf(inst->alg.base.cra_driver_name,

			     CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s,%s)",

			     rsa_alg->base.cra_driver_name,

			     hash_name) >= CRYPTO_MAX_ALG_NAME)

			goto out_drop_alg;

	}



	inst->alg.base.cra_flags = rsa_alg->base.cra_flags & CRYPTO_ALG_ASYNC;

	inst->alg.base.cra_priority = rsa_alg->base.cra_priority;

CRA Git | Maintained and supported by SUSTech CRA and CCSE