Message ID | 20190301175918.29694-6-vt@altlinux.org (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Herbert Xu |
Headers | show |
Series | crypto: add EC-RDSA (GOST 34.10) algorithm | expand |
David, Can you please Ack this patch, it changes ASYMMETRIC KEYS tree, and incorporates modifications you requested before. Thanks, On Fri, Mar 01, 2019 at 08:59:12PM +0300, Vitaly Chikunov wrote: > Treat (struct public_key_signature)'s digest same as its signature (s). > Since digest should be already in the kmalloc'd memory do not kmemdup > digest value before calling {public,tpm}_key_verify_signature. > > Patch is split from the previous as suggested by Herbert Xu. > > Suggested-by: David Howells <dhowells@redhat.com> > Cc: David Howells <dhowells@redhat.com> > Cc: keyrings@vger.kernel.org > Signed-off-by: Vitaly Chikunov <vt@altlinux.org> > --- > crypto/asymmetric_keys/asym_tpm.c | 10 +--------- > crypto/asymmetric_keys/public_key.c | 9 +-------- > 2 files changed, 2 insertions(+), 17 deletions(-) > > diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c > index 4e5b6fb57a94..402fc34ca044 100644 > --- a/crypto/asymmetric_keys/asym_tpm.c > +++ b/crypto/asymmetric_keys/asym_tpm.c > @@ -748,7 +748,6 @@ static int tpm_key_verify_signature(const struct key *key, > char alg_name[CRYPTO_MAX_ALG_NAME]; > uint8_t der_pub_key[PUB_KEY_BUF_SIZE]; > uint32_t der_pub_key_len; > - void *digest; > int ret; > > pr_devel("==>%s()\n", __func__); > @@ -780,14 +779,9 @@ static int tpm_key_verify_signature(const struct key *key, > if (!req) > goto error_free_tfm; > > - ret = -ENOMEM; > - digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL); > - if (!digest) > - goto error_free_req; > - > sg_init_table(src_sg, 2); > sg_set_buf(&src_sg[0], sig->s, sig->s_size); > - sg_set_buf(&src_sg[1], digest, sig->digest_size); > + sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); > akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size, > sig->digest_size); > crypto_init_wait(&cwait); > @@ -796,8 +790,6 @@ static int tpm_key_verify_signature(const struct key *key, > crypto_req_done, &cwait); > ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait); > > - kfree(digest); > -error_free_req: > akcipher_request_free(req); > error_free_tfm: > crypto_free_akcipher(tfm); > diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c > index 338f2b5352b1..4dcfe281b898 100644 > --- a/crypto/asymmetric_keys/public_key.c > +++ b/crypto/asymmetric_keys/public_key.c > @@ -235,7 +235,6 @@ int public_key_verify_signature(const struct public_key *pkey, > struct akcipher_request *req; > struct scatterlist src_sg[2]; > char alg_name[CRYPTO_MAX_ALG_NAME]; > - void *digest; > int ret; > > pr_devel("==>%s()\n", __func__); > @@ -268,14 +267,9 @@ int public_key_verify_signature(const struct public_key *pkey, > if (ret) > goto error_free_req; > > - ret = -ENOMEM; > - digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL); > - if (!digest) > - goto error_free_req; > - > sg_init_table(src_sg, 2); > sg_set_buf(&src_sg[0], sig->s, sig->s_size); > - sg_set_buf(&src_sg[1], digest, sig->digest_size); > + sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); > akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size, > sig->digest_size); > crypto_init_wait(&cwait); > @@ -284,7 +278,6 @@ int public_key_verify_signature(const struct public_key *pkey, > crypto_req_done, &cwait); > ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait); > > - kfree(digest); > error_free_req: > akcipher_request_free(req); > error_free_tfm: > -- > 2.11.0
diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c index 4e5b6fb57a94..402fc34ca044 100644 --- a/crypto/asymmetric_keys/asym_tpm.c +++ b/crypto/asymmetric_keys/asym_tpm.c @@ -748,7 +748,6 @@ static int tpm_key_verify_signature(const struct key *key, char alg_name[CRYPTO_MAX_ALG_NAME]; uint8_t der_pub_key[PUB_KEY_BUF_SIZE]; uint32_t der_pub_key_len; - void *digest; int ret; pr_devel("==>%s()\n", __func__); @@ -780,14 +779,9 @@ static int tpm_key_verify_signature(const struct key *key, if (!req) goto error_free_tfm; - ret = -ENOMEM; - digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL); - if (!digest) - goto error_free_req; - sg_init_table(src_sg, 2); sg_set_buf(&src_sg[0], sig->s, sig->s_size); - sg_set_buf(&src_sg[1], digest, sig->digest_size); + sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size, sig->digest_size); crypto_init_wait(&cwait); @@ -796,8 +790,6 @@ static int tpm_key_verify_signature(const struct key *key, crypto_req_done, &cwait); ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait); - kfree(digest); -error_free_req: akcipher_request_free(req); error_free_tfm: crypto_free_akcipher(tfm); diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 338f2b5352b1..4dcfe281b898 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -235,7 +235,6 @@ int public_key_verify_signature(const struct public_key *pkey, struct akcipher_request *req; struct scatterlist src_sg[2]; char alg_name[CRYPTO_MAX_ALG_NAME]; - void *digest; int ret; pr_devel("==>%s()\n", __func__); @@ -268,14 +267,9 @@ int public_key_verify_signature(const struct public_key *pkey, if (ret) goto error_free_req; - ret = -ENOMEM; - digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL); - if (!digest) - goto error_free_req; - sg_init_table(src_sg, 2); sg_set_buf(&src_sg[0], sig->s, sig->s_size); - sg_set_buf(&src_sg[1], digest, sig->digest_size); + sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size, sig->digest_size); crypto_init_wait(&cwait); @@ -284,7 +278,6 @@ int public_key_verify_signature(const struct public_key *pkey, crypto_req_done, &cwait); ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait); - kfree(digest); error_free_req: akcipher_request_free(req); error_free_tfm:
Treat (struct public_key_signature)'s digest same as its signature (s). Since digest should be already in the kmalloc'd memory do not kmemdup digest value before calling {public,tpm}_key_verify_signature. Patch is split from the previous as suggested by Herbert Xu. Suggested-by: David Howells <dhowells@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: keyrings@vger.kernel.org Signed-off-by: Vitaly Chikunov <vt@altlinux.org> --- crypto/asymmetric_keys/asym_tpm.c | 10 +--------- crypto/asymmetric_keys/public_key.c | 9 +-------- 2 files changed, 2 insertions(+), 17 deletions(-)