Re: [PATCH v2 1/2] crypto: KEYS: convert public key to the akcipher api
On Tue, Dec 22, 2015 at 06:23:59AM -0800, Tadeusz Struk wrote: > > What about the first two. This one is completely unrelated. > It only supposed to fix some random configuration issue > reported by a build robot, which isn't really important now. > The other two convert the module verifier to the new API. No this compile breakage was introduced by your first two patches because you changed crypto/public_key.h which is used by entities outside of your patch. So fix your first two patches by not breaking existing users of it. Cheers, -- Email: Herbert XuHome Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 1/2] crypto: KEYS: convert public key to the akcipher api
On 12/22/2015 06:33 PM, Herbert Xu wrote: >> What about the first two. This one is completely unrelated. >> > It only supposed to fix some random configuration issue >> > reported by a build robot, which isn't really important now. >> > The other two convert the module verifier to the new API. > No this compile breakage was introduced by your first two patches > because you changed crypto/public_key.h which is used by entities > outside of your patch. > > So fix your first two patches by not breaking existing users > of it. Ok I can see the problem now. I just don't should not include the asymmetric-type.h in the public_key.h and it fixes it. Will send v3 soon. Thanks, -- TS -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 1/2] crypto: KEYS: convert public key to the akcipher api
On Mon, Dec 21, 2015 at 12:59:59PM -0800, Tadeusz Struk wrote: > > The previous patch was broken, re-sending again, sorry. > > I think there is something missing in this configuration. > cat .config | grep KEXEC_BZIMAGE_VERIFY_SIG gives nothing. > Anyways, this patch should fix it. No this is unacceptable. Please fix it properly by making the header file self-contained, e.g., by using a forward declaration. Cheers, -- Email: Herbert XuHome Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 1/2] crypto: KEYS: convert public key to the akcipher api
Hi Herbert On 12/22/2015 04:09 AM, Herbert Xu wrote: > On Mon, Dec 21, 2015 at 12:59:59PM -0800, Tadeusz Struk wrote: >> >> The previous patch was broken, re-sending again, sorry. >> >> I think there is something missing in this configuration. >> cat .config | grep KEXEC_BZIMAGE_VERIFY_SIG gives nothing. >> Anyways, this patch should fix it. > > No this is unacceptable. Please fix it properly by making the > header file self-contained, e.g., by using a forward declaration. What about the first two. This one is completely unrelated. It only supposed to fix some random configuration issue reported by a build robot, which isn't really important now. The other two convert the module verifier to the new API. Thanks, -- TS -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 1/2] crypto: KEYS: convert public key to the akcipher api
Hi, On 12/19/2015 03:49 PM, kbuild test robot wrote: > Hi Tadeusz, > > [auto build test ERROR on crypto/master] > [also build test ERROR on v4.4-rc5 next-20151218] > > url: > https://github.com/0day-ci/linux/commits/Tadeusz-Struk/crypto-KEYS-convert-public-key-to-akcipher-api/20151213-103429 > base: > https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git master > config: x86_64-randconfig-s4-12200710 (attached as .config) > reproduce: > # save the attached .config to linux build tree > make ARCH=x86_64 > > All errors (new ones prefixed by >>): > >In file included from include/crypto/public_key.h:17:0, > from include/linux/verify_pefile.h:15, > from arch/x86/kernel/kexec-bzimage64.c:22: >include/keys/asymmetric-type.h: In function 'asymmetric_key_ids': >>> include/keys/asymmetric-type.h:74:12: error: dereferencing pointer to >>> incomplete type 'const struct key' > return key->payload.data[asym_key_ids]; >^ > > vim +74 include/keys/asymmetric-type.h > > 7901c1a8 David Howells 2014-09-16 68 > size_t len_1, > 7901c1a8 David Howells 2014-09-16 69 > const void *val_2, > 7901c1a8 David Howells 2014-09-16 70 > size_t len_2); > 146aa8b1 David Howells 2015-10-21 71 static inline > 146aa8b1 David Howells 2015-10-21 72 const struct asymmetric_key_ids > *asymmetric_key_ids(const struct key *key) > 146aa8b1 David Howells 2015-10-21 73 { > 146aa8b1 David Howells 2015-10-21 @74 return > key->payload.data[asym_key_ids]; > 146aa8b1 David Howells 2015-10-21 75 } > 7901c1a8 David Howells 2014-09-16 76 > 7901c1a8 David Howells 2014-09-16 77 /* > > :: The code at line 74 was first introduced by commit > :: 146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc KEYS: Merge the type-specific > data with the payload data > > :: TO: David Howells> :: CC: David Howells > The previous patch was broken, re-sending again, sorry. I think there is something missing in this configuration. cat .config | grep KEXEC_BZIMAGE_VERIFY_SIG gives nothing. Anyways, this patch should fix it. ---8<--- From: Tadeusz Struk Fix auto build test ERROR on crypto/master Reported-by: Signed-off-by: Tadeusz Struk diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index 0f8a6bb..23aa625 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -19,9 +19,10 @@ #include #include #include +#ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG #include #include - +#endif #include #include #include -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 1/2] crypto: KEYS: convert public key to the akcipher api
On 12/19/2015 03:49 PM, kbuild test robot wrote: > Hi Tadeusz, > > [auto build test ERROR on crypto/master] > [also build test ERROR on v4.4-rc5 next-20151218] > > url: > https://github.com/0day-ci/linux/commits/Tadeusz-Struk/crypto-KEYS-convert-public-key-to-akcipher-api/20151213-103429 > base: > https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git master > config: x86_64-randconfig-s4-12200710 (attached as .config) > reproduce: > # save the attached .config to linux build tree > make ARCH=x86_64 > > All errors (new ones prefixed by >>): > >In file included from include/crypto/public_key.h:17:0, > from include/linux/verify_pefile.h:15, > from arch/x86/kernel/kexec-bzimage64.c:22: >include/keys/asymmetric-type.h: In function 'asymmetric_key_ids': >>> >> include/keys/asymmetric-type.h:74:12: error: dereferencing pointer to >>> >> incomplete type 'const struct key' > return key->payload.data[asym_key_ids]; >^ > > vim +74 include/keys/asymmetric-type.h > > 7901c1a8 David Howells 2014-09-16 68 > size_t len_1, > 7901c1a8 David Howells 2014-09-16 69 > const void *val_2, > 7901c1a8 David Howells 2014-09-16 70 > size_t len_2); > 146aa8b1 David Howells 2015-10-21 71 static inline > 146aa8b1 David Howells 2015-10-21 72 const struct asymmetric_key_ids > *asymmetric_key_ids(const struct key *key) > 146aa8b1 David Howells 2015-10-21 73 { > 146aa8b1 David Howells 2015-10-21 @74 return > key->payload.data[asym_key_ids]; > 146aa8b1 David Howells 2015-10-21 75 } > 7901c1a8 David Howells 2014-09-16 76 > 7901c1a8 David Howells 2014-09-16 77 /* > > :: The code at line 74 was first introduced by commit > :: 146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc KEYS: Merge the type-specific > data with the payload data > > :: TO: David Howells> :: CC: David Howells I think there is something missing in this configuration. cat .config | grep KEXEC_BZIMAGE_VERIFY_SIG gives nothing. Anyways, this patch should fix it. ---8<--- From: Tadeusz Struk Fix auto build test ERROR on crypto/master Reported-by: Signed-off-by: Tadeusz Struk diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index 0f8a6bb..23aa625 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -19,9 +19,10 @@ #include #include #include +#ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG #include #include - +#endif #include #include #include -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 1/2] crypto: KEYS: convert public key to the akcipher api
Hi Tadeusz, [auto build test ERROR on crypto/master] [also build test ERROR on v4.4-rc5 next-20151218] url: https://github.com/0day-ci/linux/commits/Tadeusz-Struk/crypto-KEYS-convert-public-key-to-akcipher-api/20151213-103429 base: https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git master config: x86_64-randconfig-s4-12200710 (attached as .config) reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): In file included from include/crypto/public_key.h:17:0, from include/linux/verify_pefile.h:15, from arch/x86/kernel/kexec-bzimage64.c:22: include/keys/asymmetric-type.h: In function 'asymmetric_key_ids': >> include/keys/asymmetric-type.h:74:12: error: dereferencing pointer to >> incomplete type 'const struct key' return key->payload.data[asym_key_ids]; ^ vim +74 include/keys/asymmetric-type.h 7901c1a8 David Howells 2014-09-16 68 size_t len_1, 7901c1a8 David Howells 2014-09-16 69 const void *val_2, 7901c1a8 David Howells 2014-09-16 70 size_t len_2); 146aa8b1 David Howells 2015-10-21 71 static inline 146aa8b1 David Howells 2015-10-21 72 const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key) 146aa8b1 David Howells 2015-10-21 73 { 146aa8b1 David Howells 2015-10-21 @74 return key->payload.data[asym_key_ids]; 146aa8b1 David Howells 2015-10-21 75 } 7901c1a8 David Howells 2014-09-16 76 7901c1a8 David Howells 2014-09-16 77 /* :: The code at line 74 was first introduced by commit :: 146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc KEYS: Merge the type-specific data with the payload data :: TO: David Howells:: CC: David Howells --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: Binary data
[PATCH v2 1/2] crypto: KEYS: convert public key to the akcipher api
This patch converts the module verification code to the new akcipher API. Signed-off-by: Tadeusz Struk--- crypto/asymmetric_keys/Kconfig|2 crypto/asymmetric_keys/Makefile |7 - crypto/asymmetric_keys/pkcs7_parser.c | 12 +- crypto/asymmetric_keys/pkcs7_trust.c |2 crypto/asymmetric_keys/pkcs7_verify.c |2 crypto/asymmetric_keys/public_key.c | 64 +++-- crypto/asymmetric_keys/public_key.h | 36 - crypto/asymmetric_keys/rsa.c | 213 +++-- crypto/asymmetric_keys/x509_cert_parser.c | 37 + crypto/asymmetric_keys/x509_public_key.c | 17 +- crypto/asymmetric_keys/x509_rsakey.asn1 |4 - include/crypto/public_key.h | 49 ++- 12 files changed, 136 insertions(+), 309 deletions(-) delete mode 100644 crypto/asymmetric_keys/public_key.h delete mode 100644 crypto/asymmetric_keys/x509_rsakey.asn1 diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig index 4870f28..905d745 100644 --- a/crypto/asymmetric_keys/Kconfig +++ b/crypto/asymmetric_keys/Kconfig @@ -22,7 +22,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE config PUBLIC_KEY_ALGO_RSA tristate "RSA public-key algorithm" - select MPILIB + select CRYPTO_RSA help This option enables support for the RSA algorithm (PKCS#1, RFC3447). diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index cd1406f..b78a194 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile @@ -16,21 +16,18 @@ obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o x509_key_parser-y := \ x509-asn1.o \ x509_akid-asn1.o \ - x509_rsakey-asn1.o \ x509_cert_parser.o \ x509_public_key.o $(obj)/x509_cert_parser.o: \ $(obj)/x509-asn1.h \ - $(obj)/x509_akid-asn1.h \ - $(obj)/x509_rsakey-asn1.h + $(obj)/x509_akid-asn1.h + $(obj)/x509-asn1.o: $(obj)/x509-asn1.c $(obj)/x509-asn1.h $(obj)/x509_akid-asn1.o: $(obj)/x509_akid-asn1.c $(obj)/x509_akid-asn1.h -$(obj)/x509_rsakey-asn1.o: $(obj)/x509_rsakey-asn1.c $(obj)/x509_rsakey-asn1.h clean-files+= x509-asn1.c x509-asn1.h clean-files+= x509_akid-asn1.c x509_akid-asn1.h -clean-files+= x509_rsakey-asn1.c x509_rsakey-asn1.h # # PKCS#7 message handling diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index 758acab..12912c1 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -15,7 +15,7 @@ #include #include #include -#include "public_key.h" +#include #include "pkcs7_parser.h" #include "pkcs7-asn1.h" @@ -44,7 +44,7 @@ struct pkcs7_parse_context { static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo) { if (sinfo) { - mpi_free(sinfo->sig.mpi[0]); + kfree(sinfo->sig.s); kfree(sinfo->sig.digest); kfree(sinfo->signing_cert_id); kfree(sinfo); @@ -616,16 +616,14 @@ int pkcs7_sig_note_signature(void *context, size_t hdrlen, const void *value, size_t vlen) { struct pkcs7_parse_context *ctx = context; - MPI mpi; BUG_ON(ctx->sinfo->sig.pkey_algo != PKEY_ALGO_RSA); - mpi = mpi_read_raw_data(value, vlen); - if (!mpi) + ctx->sinfo->sig.s = kmemdup(value, vlen, GFP_KERNEL); + if (!ctx->sinfo->sig.s) return -ENOMEM; - ctx->sinfo->sig.mpi[0] = mpi; - ctx->sinfo->sig.nr_mpi = 1; + ctx->sinfo->sig.s_size = vlen; return 0; } diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c index 90d6d47..3bbdcc7 100644 --- a/crypto/asymmetric_keys/pkcs7_trust.c +++ b/crypto/asymmetric_keys/pkcs7_trust.c @@ -17,7 +17,7 @@ #include #include #include -#include "public_key.h" +#include #include "pkcs7_parser.h" /** diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c index 325575c..f5db137 100644 --- a/crypto/asymmetric_keys/pkcs7_verify.c +++ b/crypto/asymmetric_keys/pkcs7_verify.c @@ -16,7 +16,7 @@ #include #include #include -#include "public_key.h" +#include #include "pkcs7_parser.h" /* diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 6db4c01..b383629 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -18,24 +18,16 @@ #include #include #include -#include "public_key.h" +#include MODULE_LICENSE("GPL"); const char *const pkey_algo_name[PKEY_ALGO__LAST] = { - [PKEY_ALGO_DSA] = "DSA", - [PKEY_ALGO_RSA] = "RSA", + [PKEY_ALGO_DSA] = "dsa", + [PKEY_ALGO_RSA] = "rsa", }; EXPORT_SYMBOL_GPL(pkey_algo_name); -const struct public_key_algorithm