~registry/kmod/master

« back to all changes in this revision

Viewing changes to libkmod/libkmod-signature.c

  • Committer: Lucas De Marchi
  • Author(s): Dimitri John Ledkov
  • Date: 2023-11-07 20:05:44 UTC
  • Revision ID: git-v1:510c8b7f7455c6613dd1706e5e41ec7b09cf6703
libkmod: remove pkcs7 obj_to_hash_algo()

Switch to using OBJ_obj2txt() to calculate and print the pkcs7
signature hash name. This eliminates the need to duplicate libcrypto
NID to name mapping, detect SM3 openssl compile-time support, and
enables using any hashes that openssl and kernel know about. For
example SHA3 are being added for v6.7 and with this patch are
automatically supported.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Link: https://lore.kernel.org/r/20231029010319.157390-1-dimitri.ledkov@canonical.com

Show diffs side-by-side

added added

removed removed

Lines of Context:
127
127
        PKCS7 *pkcs7;
128
128
        unsigned char *key_id;
129
129
        BIGNUM *sno;
 
130
        char *hash_algo;
130
131
};
131
132
 
132
133
static void pkcs7_free(void *s)
137
138
        PKCS7_free(pvt->pkcs7);
138
139
        BN_free(pvt->sno);
139
140
        free(pvt->key_id);
 
141
        free(pvt->hash_algo);
140
142
        free(pvt);
141
143
        si->private = NULL;
142
144
}
143
145
 
144
 
static int obj_to_hash_algo(const ASN1_OBJECT *o)
145
 
{
146
 
        int nid;
147
 
 
148
 
        nid = OBJ_obj2nid(o);
149
 
        switch (nid) {
150
 
        case NID_md4:
151
 
                return PKEY_HASH_MD4;
152
 
        case NID_md5:
153
 
                return PKEY_HASH_MD5;
154
 
        case NID_sha1:
155
 
                return PKEY_HASH_SHA1;
156
 
        case NID_ripemd160:
157
 
                return PKEY_HASH_RIPE_MD_160;
158
 
        case NID_sha256:
159
 
                return PKEY_HASH_SHA256;
160
 
        case NID_sha384:
161
 
                return PKEY_HASH_SHA384;
162
 
        case NID_sha512:
163
 
                return PKEY_HASH_SHA512;
164
 
        case NID_sha224:
165
 
                return PKEY_HASH_SHA224;
166
 
# ifndef OPENSSL_NO_SM3
167
 
        case NID_sm3:
168
 
                return PKEY_HASH_SM3;
169
 
# endif
170
 
        default:
171
 
                return -1;
172
 
        }
173
 
        return -1;
174
 
}
175
 
 
176
146
static const char *x509_name_to_str(X509_NAME *name)
177
147
{
178
148
        int i;
219
189
        unsigned char *key_id_str;
220
190
        struct pkcs7_private *pvt;
221
191
        const char *issuer_str;
222
 
        int hash_algo;
 
192
        char *hash_algo;
 
193
        int hash_algo_len;
223
194
 
224
195
        size -= sig_len;
225
196
        pkcs7_raw = mem + size;
278
249
 
279
250
        X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
280
251
 
281
 
        hash_algo = obj_to_hash_algo(o);
282
 
        if (hash_algo < 0)
283
 
                goto err3;
284
 
        sig_info->hash_algo = pkey_hash_algo[hash_algo];
285
 
        // hash algo has not been recognized
286
 
        if (sig_info->hash_algo == NULL)
287
 
                goto err3;
 
252
        // Use OBJ_obj2txt to calculate string length
 
253
        hash_algo_len = OBJ_obj2txt(NULL, 0, o, 0);
 
254
        if (hash_algo_len < 0)
 
255
                goto err3;
 
256
        hash_algo = malloc(hash_algo_len + 1);
 
257
        if (hash_algo == NULL)
 
258
                goto err3;
 
259
        hash_algo_len = OBJ_obj2txt(hash_algo, hash_algo_len + 1, o, 0);
 
260
        if (hash_algo_len < 0)
 
261
                goto err4;
 
262
 
 
263
        // Assign libcrypto hash algo string or number
 
264
        sig_info->hash_algo = hash_algo;
 
265
 
288
266
        sig_info->id_type = pkey_id_type[modsig->id_type];
289
267
 
290
268
        pvt = malloc(sizeof(*pvt));
291
269
        if (pvt == NULL)
292
 
                goto err3;
 
270
                goto err4;
293
271
 
294
272
        pvt->pkcs7 = pkcs7;
295
273
        pvt->key_id = key_id_str;
296
274
        pvt->sno = sno_bn;
 
275
        pvt->hash_algo = hash_algo;
297
276
        sig_info->private = pvt;
298
277
 
299
278
        sig_info->free = pkcs7_free;
300
279
 
301
280
        return true;
 
281
err4:
 
282
        free(hash_algo);
302
283
err3:
303
284
        free(key_id_str);
304
285
err2: