pkcs7, x509: Rename ->digest to ->m

Rename ->digest and ->digest_len to ->m and ->m_size to represent the input
to the signature verification algorithm, reflecting that ->digest may no
longer actually *be* a digest.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
cc: Lukas Wunner <lukas@wunner.de>
cc: Ignat Korchagin <ignat@cloudflare.com>
cc: Stephan Mueller <smueller@chronox.de>
cc: Eric Biggers <ebiggers@kernel.org>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org

diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index 348966ea2175c9f470a7c87f1906f4d3747743c1..2326743310b1eeed72b6804af60db2182901c958 100644 (file)
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -593,10 +593,10 @@ static int asymmetric_key_verify_signature(struct kernel_pkey_params *params,
 {
        struct public_key_signature sig = {
                .s_size         = params->in2_len,
-               .digest_size    = params->in_len,
+               .m_size         = params->in_len,
                .encoding       = params->encoding,
                .hash_algo      = params->hash_algo,
-               .digest         = (void *)in,
+               .m              = (void *)in,
                .s              = (void *)in2,
        };
 

diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 6d6475e3a9bf2bd531b76c53ca00bdd149cd42b9..aa085ec6fb1cb4dee995c7a3d16eaaf3564749c2 100644 (file)
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -31,7 +31,7 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
        kenter(",%u,%s", sinfo->index, sinfo->sig->hash_algo);
 
        /* The digest was calculated already. */
-       if (sig->digest)
+       if (sig->m)
                return 0;
 
        if (!sinfo->sig->hash_algo)
@@ -45,11 +45,11 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
                return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm);
 
        desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
-       sig->digest_size = crypto_shash_digestsize(tfm);
+       sig->m_size = crypto_shash_digestsize(tfm);
 
        ret = -ENOMEM;
-       sig->digest = kmalloc(sig->digest_size, GFP_KERNEL);
-       if (!sig->digest)
+       sig->m = kmalloc(sig->m_size, GFP_KERNEL);
+       if (!sig->m)
                goto error_no_desc;
 
        desc = kzalloc(desc_size, GFP_KERNEL);
@@ -59,11 +59,10 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
        desc->tfm   = tfm;
 
        /* Digest the message [RFC2315 9.3] */
-       ret = crypto_shash_digest(desc, pkcs7->data, pkcs7->data_len,
-                                 sig->digest);
+       ret = crypto_shash_digest(desc, pkcs7->data, pkcs7->data_len, sig->m);
        if (ret < 0)
                goto error;
-       pr_devel("MsgDigest = [%*ph]\n", 8, sig->digest);
+       pr_devel("MsgDigest = [%*ph]\n", 8, sig->m);
 
        /* However, if there are authenticated attributes, there must be a
         * message digest attribute amongst them which corresponds to the
@@ -78,14 +77,14 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
                        goto error;
                }
 
-               if (sinfo->msgdigest_len != sig->digest_size) {
+               if (sinfo->msgdigest_len != sig->m_size) {
                        pr_warn("Sig %u: Invalid digest size (%u)\n",
                                sinfo->index, sinfo->msgdigest_len);
                        ret = -EBADMSG;
                        goto error;
                }
 
-               if (memcmp(sig->digest, sinfo->msgdigest,
+               if (memcmp(sig->m, sinfo->msgdigest,
                           sinfo->msgdigest_len) != 0) {
                        pr_warn("Sig %u: Message digest doesn't match\n",
                                sinfo->index);
@@ -98,7 +97,8 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
                 * convert the attributes from a CONT.0 into a SET before we
                 * hash it.
                 */
-               memset(sig->digest, 0, sig->digest_size);
+               memset(sig->m, 0, sig->m_size);
+
 
                ret = crypto_shash_init(desc);
                if (ret < 0)
@@ -108,10 +108,10 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
                if (ret < 0)
                        goto error;
                ret = crypto_shash_finup(desc, sinfo->authattrs,
-                                        sinfo->authattrs_len, sig->digest);
+                                        sinfo->authattrs_len, sig->m);
                if (ret < 0)
                        goto error;
-               pr_devel("AADigest = [%*ph]\n", 8, sig->digest);
+               pr_devel("AADigest = [%*ph]\n", 8, sig->m);
        }
 
 error:
@@ -138,8 +138,8 @@ int pkcs7_get_digest(struct pkcs7_message *pkcs7, const u8 **buf, u32 *len,
        if (ret)
                return ret;
 
-       *buf = sinfo->sig->digest;
-       *len = sinfo->sig->digest_size;
+       *buf = sinfo->sig->m;
+       *len = sinfo->sig->m_size;
 
        i = match_string(hash_algo_name, HASH_ALGO__LAST,
                         sinfo->sig->hash_algo);

diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index e5b177c8e842bb01469c37396890b46f9b7b1fb9..a46356e0c08b1bccdd42ca42f803be529a3996c0 100644 (file)
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -425,8 +425,7 @@ int public_key_verify_signature(const struct public_key *pkey,
        if (ret)
                goto error_free_key;
 
-       ret = crypto_sig_verify(tfm, sig->s, sig->s_size,
-                               sig->digest, sig->digest_size);
+       ret = crypto_sig_verify(tfm, sig->s, sig->s_size, sig->m, sig->m_size);
 
 error_free_key:
        kfree_sensitive(key);

diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c
index 041d04b5c953556d407bf02cd15a018639a29741..f4ec126121b317b6d056f6e92c585ae7e73f3230 100644 (file)
--- a/crypto/asymmetric_keys/signature.c
+++ b/crypto/asymmetric_keys/signature.c
@@ -28,7 +28,7 @@ void public_key_signature_free(struct public_key_signature *sig)
                for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++)
                        kfree(sig->auth_ids[i]);
                kfree(sig->s);
-               kfree(sig->digest);
+               kfree(sig->m);
                kfree(sig);
        }
 }

diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 79cc7b7a0630b7e90e491b911fcae5b3daaa5719..3854f7ae4ed06fcf860e6c5ff6c975acb0c40b3b 100644 (file)
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -63,11 +63,11 @@ int x509_get_sig_params(struct x509_certificate *cert)
        }
 
        desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
-       sig->digest_size = crypto_shash_digestsize(tfm);
+       sig->m_size = crypto_shash_digestsize(tfm);
 
        ret = -ENOMEM;
-       sig->digest = kmalloc(sig->digest_size, GFP_KERNEL);
-       if (!sig->digest)
+       sig->m = kmalloc(sig->m_size, GFP_KERNEL);
+       if (!sig->m)
                goto error;
 
        desc = kzalloc(desc_size, GFP_KERNEL);
@@ -76,9 +76,7 @@ int x509_get_sig_params(struct x509_certificate *cert)
 
        desc->tfm = tfm;
 
-       ret = crypto_shash_digest(desc, cert->tbs, cert->tbs_size,
-                                 sig->digest);
-
+       ret = crypto_shash_digest(desc, cert->tbs, cert->tbs_size, sig->m);
        if (ret < 0)
                goto error_2;
 

diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 81098e00c08fcbe301e5127ec17948b3230d3381..bd38ba4d217d28f82337e5a894324905ccd4332b 100644 (file)
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -43,9 +43,9 @@ extern void public_key_free(struct public_key *key);
 struct public_key_signature {
        struct asymmetric_key_id *auth_ids[3];
        u8 *s;                  /* Signature */
-       u8 *digest;
+       u8 *m;                  /* Message data to pass to verifier */
        u32 s_size;             /* Number of bytes in signature */
-       u32 digest_size;        /* Number of bytes in digest */
+       u32 m_size;             /* Number of bytes in ->m */
        const char *pkey_algo;
        const char *hash_algo;
        const char *encoding;

diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 457c0a396caf32419c4c5f36eb12ee65ee938c84..87be85f477d16b95fdbd6836b03aa107d12c47ee 100644 (file)
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -121,8 +121,8 @@ int asymmetric_verify(struct key *keyring, const char *sig,
                goto out;
        }
 
-       pks.digest = (u8 *)data;
-       pks.digest_size = datalen;
+       pks.m = (u8 *)data;
+       pks.m_size = datalen;
        pks.s = hdr->sig;
        pks.s_size = siglen;
        ret = verify_signature(key, &pks);