From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
linux-arm-kernel@lists.infradead.org, linux-mips@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org,
sparclinux@vger.kernel.org, x86@kernel.org,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 20/26] lib/digsig: Use SHA-1 library instead of crypto_shash
Date: Sat, 12 Jul 2025 16:23:11 -0700 [thread overview]
Message-ID: <20250712232329.818226-21-ebiggers@kernel.org> (raw)
In-Reply-To: <20250712232329.818226-1-ebiggers@kernel.org>
Use the SHA-1 library functions instead of crypto_shash. This is
simpler and faster.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
lib/Kconfig | 3 +--
lib/digsig.c | 46 ++++++----------------------------------------
2 files changed, 7 insertions(+), 42 deletions(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index 37db228f70a99..670c19800c26c 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -561,12 +561,11 @@ config MPILIB
which is used by IMA/EVM digital signature extension.
config SIGNATURE
tristate
depends on KEYS
- select CRYPTO
- select CRYPTO_SHA1
+ select CRYPTO_LIB_SHA1
select MPILIB
help
Digital signature verification. Currently only RSA is supported.
Implementation is done using GnuPG MPI library
diff --git a/lib/digsig.c b/lib/digsig.c
index 04b5e55ed95f5..5ddcc52f76863 100644
--- a/lib/digsig.c
+++ b/lib/digsig.c
@@ -16,19 +16,15 @@
#include <linux/err.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/key.h>
-#include <linux/crypto.h>
-#include <crypto/hash.h>
#include <crypto/sha1.h>
#include <keys/user-type.h>
#include <linux/mpi.h>
#include <linux/digsig.h>
-static struct crypto_shash *shash;
-
static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
unsigned long msglen,
unsigned long modulus_bitlen,
unsigned long *outlen)
{
@@ -197,16 +193,16 @@ static int digsig_verify_rsa(struct key *key,
*
*/
int digsig_verify(struct key *keyring, const char *sig, int siglen,
const char *data, int datalen)
{
- int err = -ENOMEM;
struct signature_hdr *sh = (struct signature_hdr *)sig;
- struct shash_desc *desc = NULL;
+ struct sha1_ctx ctx;
unsigned char hash[SHA1_DIGEST_SIZE];
struct key *key;
char name[20];
+ int err;
if (siglen < sizeof(*sh) + 2)
return -EINVAL;
if (sh->algo != PUBKEY_ALGO_RSA)
@@ -229,51 +225,21 @@ int digsig_verify(struct key *keyring, const char *sig, int siglen,
if (IS_ERR(key)) {
pr_err("key not found, id: %s\n", name);
return PTR_ERR(key);
}
- desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
- GFP_KERNEL);
- if (!desc)
- goto err;
-
- desc->tfm = shash;
-
- crypto_shash_init(desc);
- crypto_shash_update(desc, data, datalen);
- crypto_shash_update(desc, sig, sizeof(*sh));
- crypto_shash_final(desc, hash);
-
- kfree(desc);
+ sha1_init(&ctx);
+ sha1_update(&ctx, data, datalen);
+ sha1_update(&ctx, sig, sizeof(*sh));
+ sha1_final(&ctx, hash);
/* pass signature mpis address */
err = digsig_verify_rsa(key, sig + sizeof(*sh), siglen - sizeof(*sh),
hash, sizeof(hash));
-err:
key_put(key);
return err ? -EINVAL : 0;
}
EXPORT_SYMBOL_GPL(digsig_verify);
-static int __init digsig_init(void)
-{
- shash = crypto_alloc_shash("sha1", 0, 0);
- if (IS_ERR(shash)) {
- pr_err("shash allocation failed\n");
- return PTR_ERR(shash);
- }
-
- return 0;
-
-}
-
-static void __exit digsig_cleanup(void)
-{
- crypto_free_shash(shash);
-}
-
-module_init(digsig_init);
-module_exit(digsig_cleanup);
-
MODULE_LICENSE("GPL");
--
2.50.1
next prev parent reply other threads:[~2025-07-12 23:26 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-12 23:22 [PATCH 00/26] SHA-1 library functions Eric Biggers
2025-07-12 23:22 ` [PATCH 01/26] crypto: x86/sha1 - Rename conflicting symbol Eric Biggers
2025-07-12 23:22 ` [PATCH 02/26] lib/crypto: sha1: Rename sha1_init() to sha1_init_raw() Eric Biggers
2025-07-12 23:22 ` [PATCH 03/26] lib/crypto: sha1: Add SHA-1 library functions Eric Biggers
2025-07-13 15:05 ` Elliott, Robert (Servers)
2025-07-13 16:54 ` Eric Biggers
2025-07-12 23:22 ` [PATCH 04/26] lib/crypto: sha1: Add HMAC support Eric Biggers
2025-07-12 23:22 ` [PATCH 05/26] crypto: sha1 - Wrap library and add " Eric Biggers
2025-07-12 23:22 ` [PATCH 06/26] crypto: sha1 - Use same state format as legacy drivers Eric Biggers
2025-07-12 23:22 ` [PATCH 07/26] lib/crypto: arm/sha1: Migrate optimized code into library Eric Biggers
2025-07-12 23:22 ` [PATCH 08/26] lib/crypto: arm64/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 09/26] lib/crypto: mips/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 10/26] lib/crypto: powerpc/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 11/26] lib/crypto: s390/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 12/26] lib/crypto: sparc/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 13/26] lib/crypto: x86/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 14/26] crypto: sha1 - Remove sha1_base.h Eric Biggers
2025-07-12 23:23 ` [PATCH 15/26] lib/crypto: tests: Add KUnit tests for SHA-1 and HMAC-SHA1 Eric Biggers
2025-07-12 23:23 ` [PATCH 16/26] bpf: Use sha1() instead of sha1_transform() in bpf_prog_calc_tag() Eric Biggers
2025-07-12 23:23 ` [PATCH 17/26] sctp: Use HMAC-SHA1 and HMAC-SHA256 library functions Eric Biggers
2025-07-12 23:23 ` [PATCH 18/26] ipv6: sr: " Eric Biggers
2025-07-12 23:23 ` [PATCH 19/26] tee: Use SHA-1 library instead of crypto_shash Eric Biggers
2025-07-12 23:23 ` Eric Biggers [this message]
2025-07-12 23:23 ` [PATCH 21/26] drm/bridge: it6505: " Eric Biggers
2025-07-12 23:23 ` [PATCH 22/26] nfc: s3fwrn5: " Eric Biggers
2025-07-12 23:23 ` [PATCH 23/26] ppp: mppe: " Eric Biggers
2025-07-12 23:23 ` [PATCH 24/26] KEYS: trusted_tpm1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 25/26] ipv6: Switch to higher-level SHA-1 functions Eric Biggers
2025-07-12 23:23 ` [PATCH 26/26] lib/crypto: sha1: Remove low-level functions from API Eric Biggers
2025-07-14 5:22 ` [PATCH 00/26] SHA-1 library functions Ard Biesheuvel
2025-07-18 17:24 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250712232329.818226-21-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=sparclinux@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).