libkmod: remove pkcs7 obj_to_hash_algo()

Switch to using OBJ_obj2txt() to calculate and print the pkcs7 signature hash name. This eliminates the need to duplicate libcrypto NID to name mapping, detect SM3 openssl compile-time support, and enables using any hashes that openssl and kernel know about. For example SHA3 are being added for v6.7 and with this patch are automatically supported. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Link: https://lore.kernel.org/r/20231029010319.157390-1-dimitri.ledkov@canonical.com
2024-11-23 23:10:53 +07:00 · 2023-10-29 03:03:19 +02:00 · 2023-10-29 03:03:19 +02:00 · 510c8b7f74
commit 510c8b7f74
parent 3af2f475b0
2 changed files with 20 additions and 46 deletions
--- a/configure.ac
+++ b/configure.ac
@ -133,13 +133,6 @@ AC_ARG_WITH([openssl],
 AS_IF([test "x$with_openssl" != "xno"], [
 	PKG_CHECK_MODULES([libcrypto], [libcrypto >= 1.1.0], [LIBS="$LIBS $libcrypto_LIBS"])
 	AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
 	AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <openssl/ssl.h>
 		int nid = NID_sm3;]])], [
 		AC_MSG_NOTICE([openssl supports sm3])
 	], [
 		AC_MSG_NOTICE([openssl sm3 support not detected])
 		CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SM3"
 	])
 	module_signatures="PKCS7 $module_signatures"
 ], [
 	AC_MSG_NOTICE([openssl support not requested])
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@ -127,6 +127,7 @@ struct pkcs7_private {
 	PKCS7 *pkcs7;
 	unsigned char *key_id;
 	BIGNUM *sno;
 	char *hash_algo;
 };
 static void pkcs7_free(void *s)
@ -137,42 +138,11 @@ static void pkcs7_free(void *s)
 	PKCS7_free(pvt->pkcs7);
 	BN_free(pvt->sno);
 	free(pvt->key_id);
 	free(pvt->hash_algo);
 	free(pvt);
 	si->private = NULL;
 }
 static int obj_to_hash_algo(const ASN1_OBJECT *o)
 {
 	int nid;
 	nid = OBJ_obj2nid(o);
 	switch (nid) {
 	case NID_md4:
 		return PKEY_HASH_MD4;
 	case NID_md5:
 		return PKEY_HASH_MD5;
 	case NID_sha1:
 		return PKEY_HASH_SHA1;
 	case NID_ripemd160:
 		return PKEY_HASH_RIPE_MD_160;
 	case NID_sha256:
 		return PKEY_HASH_SHA256;
 	case NID_sha384:
 		return PKEY_HASH_SHA384;
 	case NID_sha512:
 		return PKEY_HASH_SHA512;
 	case NID_sha224:
 		return PKEY_HASH_SHA224;
 # ifndef OPENSSL_NO_SM3
 	case NID_sm3:
 		return PKEY_HASH_SM3;
 # endif
 	default:
 		return -1;
 	}
 	return -1;
 }
 static const char *x509_name_to_str(X509_NAME *name)
 {
 	int i;
@ -219,7 +189,8 @@ static bool fill_pkcs7(const char *mem, off_t size,
 	unsigned char *key_id_str;
 	struct pkcs7_private *pvt;
 	const char *issuer_str;
-	int hash_algo;
+	char *hash_algo;
 	int hash_algo_len;
 	size -= sig_len;
 	pkcs7_raw = mem + size;
@ -278,27 +249,37 @@ static bool fill_pkcs7(const char *mem, off_t size,
 	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
-	hash_algo = obj_to_hash_algo(o);
+	// Use OBJ_obj2txt to calculate string length
-	if (hash_algo < 0)
+	hash_algo_len = OBJ_obj2txt(NULL, 0, o, 0);
 	if (hash_algo_len < 0)
 		goto err3;
-	sig_info->hash_algo = pkey_hash_algo[hash_algo];
+	hash_algo = malloc(hash_algo_len + 1);
-	// hash algo has not been recognized
+	if (hash_algo == NULL)
 	if (sig_info->hash_algo == NULL)
 		goto err3;
 	hash_algo_len = OBJ_obj2txt(hash_algo, hash_algo_len + 1, o, 0);
 	if (hash_algo_len < 0)
 		goto err4;
 	// Assign libcrypto hash algo string or number
 	sig_info->hash_algo = hash_algo;
 	sig_info->id_type = pkey_id_type[modsig->id_type];
 	pvt = malloc(sizeof(*pvt));
 	if (pvt == NULL)
-		goto err3;
+		goto err4;
 	pvt->pkcs7 = pkcs7;
 	pvt->key_id = key_id_str;
 	pvt->sno = sno_bn;
 	pvt->hash_algo = hash_algo;
 	sig_info->private = pvt;
 	sig_info->free = pkcs7_free;
 	return true;
 err4:
 	free(hash_algo);
 err3:
 	free(key_id_str);
 err2: