From: Vitaly Chikunov <vt@altlinux.org>
To: Herbert Xu <herbert@gondor.apana.org.au>,
David Howells <dhowells@redhat.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Denis Kenzior <denkenz@gmail.com>
Subject: [PATCH v9 04/10] KEYS: do not kmemdup digest in {public,tpm}_key_verify_signature
Date: Thu, 11 Apr 2019 15:51:16 +0000 [thread overview]
Message-ID: <20190411155122.13245-5-vt@altlinux.org> (raw)
In-Reply-To: <20190411155122.13245-1-vt@altlinux.org>
Treat (struct public_key_signature)'s digest same as its signature (s).
Since digest should be already in the kmalloc'd memory do not kmemdup
digest value before calling {public,tpm}_key_verify_signature.
Patch is split from the previous as suggested by Herbert Xu.
Suggested-by: David Howells <dhowells@redhat.com>
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
---
crypto/asymmetric_keys/asym_tpm.c | 10 +---------
crypto/asymmetric_keys/public_key.c | 9 +--------
2 files changed, 2 insertions(+), 17 deletions(-)
diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c
index 4e5b6fb57a94..402fc34ca044 100644
--- a/crypto/asymmetric_keys/asym_tpm.c
+++ b/crypto/asymmetric_keys/asym_tpm.c
@@ -748,7 +748,6 @@ static int tpm_key_verify_signature(const struct key *key,
char alg_name[CRYPTO_MAX_ALG_NAME];
uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
uint32_t der_pub_key_len;
- void *digest;
int ret;
pr_devel("=>%s()\n", __func__);
@@ -780,14 +779,9 @@ static int tpm_key_verify_signature(const struct key *key,
if (!req)
goto error_free_tfm;
- ret = -ENOMEM;
- digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL);
- if (!digest)
- goto error_free_req;
-
sg_init_table(src_sg, 2);
sg_set_buf(&src_sg[0], sig->s, sig->s_size);
- sg_set_buf(&src_sg[1], digest, sig->digest_size);
+ sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
sig->digest_size);
crypto_init_wait(&cwait);
@@ -796,8 +790,6 @@ static int tpm_key_verify_signature(const struct key *key,
crypto_req_done, &cwait);
ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
- kfree(digest);
-error_free_req:
akcipher_request_free(req);
error_free_tfm:
crypto_free_akcipher(tfm);
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 0c069fe8a59c..33093b7bcc47 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -229,7 +229,6 @@ int public_key_verify_signature(const struct public_key *pkey,
struct akcipher_request *req;
struct scatterlist src_sg[2];
char alg_name[CRYPTO_MAX_ALG_NAME];
- void *digest;
int ret;
pr_devel("=>%s()\n", __func__);
@@ -262,14 +261,9 @@ int public_key_verify_signature(const struct public_key *pkey,
if (ret)
goto error_free_req;
- ret = -ENOMEM;
- digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL);
- if (!digest)
- goto error_free_req;
-
sg_init_table(src_sg, 2);
sg_set_buf(&src_sg[0], sig->s, sig->s_size);
- sg_set_buf(&src_sg[1], digest, sig->digest_size);
+ sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
sig->digest_size);
crypto_init_wait(&cwait);
@@ -278,7 +272,6 @@ int public_key_verify_signature(const struct public_key *pkey,
crypto_req_done, &cwait);
ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
- kfree(digest);
error_free_req:
akcipher_request_free(req);
error_free_tfm:
--
2.11.0
WARNING: multiple messages have this Message-ID (diff)
From: Vitaly Chikunov <vt@altlinux.org>
To: Herbert Xu <herbert@gondor.apana.org.au>,
David Howells <dhowells@redhat.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Denis Kenzior <denkenz@gmail.com>
Subject: [PATCH v9 04/10] KEYS: do not kmemdup digest in {public,tpm}_key_verify_signature
Date: Thu, 11 Apr 2019 18:51:16 +0300 [thread overview]
Message-ID: <20190411155122.13245-5-vt@altlinux.org> (raw)
In-Reply-To: <20190411155122.13245-1-vt@altlinux.org>
Treat (struct public_key_signature)'s digest same as its signature (s).
Since digest should be already in the kmalloc'd memory do not kmemdup
digest value before calling {public,tpm}_key_verify_signature.
Patch is split from the previous as suggested by Herbert Xu.
Suggested-by: David Howells <dhowells@redhat.com>
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
---
crypto/asymmetric_keys/asym_tpm.c | 10 +---------
crypto/asymmetric_keys/public_key.c | 9 +--------
2 files changed, 2 insertions(+), 17 deletions(-)
diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c
index 4e5b6fb57a94..402fc34ca044 100644
--- a/crypto/asymmetric_keys/asym_tpm.c
+++ b/crypto/asymmetric_keys/asym_tpm.c
@@ -748,7 +748,6 @@ static int tpm_key_verify_signature(const struct key *key,
char alg_name[CRYPTO_MAX_ALG_NAME];
uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
uint32_t der_pub_key_len;
- void *digest;
int ret;
pr_devel("==>%s()\n", __func__);
@@ -780,14 +779,9 @@ static int tpm_key_verify_signature(const struct key *key,
if (!req)
goto error_free_tfm;
- ret = -ENOMEM;
- digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL);
- if (!digest)
- goto error_free_req;
-
sg_init_table(src_sg, 2);
sg_set_buf(&src_sg[0], sig->s, sig->s_size);
- sg_set_buf(&src_sg[1], digest, sig->digest_size);
+ sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
sig->digest_size);
crypto_init_wait(&cwait);
@@ -796,8 +790,6 @@ static int tpm_key_verify_signature(const struct key *key,
crypto_req_done, &cwait);
ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
- kfree(digest);
-error_free_req:
akcipher_request_free(req);
error_free_tfm:
crypto_free_akcipher(tfm);
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 0c069fe8a59c..33093b7bcc47 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -229,7 +229,6 @@ int public_key_verify_signature(const struct public_key *pkey,
struct akcipher_request *req;
struct scatterlist src_sg[2];
char alg_name[CRYPTO_MAX_ALG_NAME];
- void *digest;
int ret;
pr_devel("==>%s()\n", __func__);
@@ -262,14 +261,9 @@ int public_key_verify_signature(const struct public_key *pkey,
if (ret)
goto error_free_req;
- ret = -ENOMEM;
- digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL);
- if (!digest)
- goto error_free_req;
-
sg_init_table(src_sg, 2);
sg_set_buf(&src_sg[0], sig->s, sig->s_size);
- sg_set_buf(&src_sg[1], digest, sig->digest_size);
+ sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
sig->digest_size);
crypto_init_wait(&cwait);
@@ -278,7 +272,6 @@ int public_key_verify_signature(const struct public_key *pkey,
crypto_req_done, &cwait);
ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
- kfree(digest);
error_free_req:
akcipher_request_free(req);
error_free_tfm:
--
2.11.0
next prev parent reply other threads:[~2019-04-11 15:51 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-11 15:51 [PATCH v9 00/10] crypto: add EC-RDSA (GOST 34.10) algorithm Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 01/10] crypto: akcipher - default implementations for request callbacks Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 02/10] crypto: rsa - unimplement sign/verify for raw RSA backends Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 03/10] crypto: akcipher - new verify API for public key algorithms Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov [this message]
2019-04-11 15:51 ` [PATCH v9 04/10] KEYS: do not kmemdup digest in {public,tpm}_key_verify_signature Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 05/10] X.509: parse public key parameters from x509 for akcipher Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 17:18 ` Denis Kenzior
2019-04-11 17:18 ` Denis Kenzior
2019-04-11 21:08 ` Vitaly Chikunov
2019-04-12 3:28 ` Herbert Xu
2019-04-11 15:51 ` [PATCH v9 06/10] crypto: Kconfig - create Public-key cryptography section Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 07/10] crypto: ecc - make ecc into separate module Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 08/10] crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 09/10] crypto: ecrdsa - add EC-RDSA test vectors to testmgr Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 10/10] integrity: support EC-RDSA signatures for asymmetric_verify Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-18 14:25 ` [PATCH v9 00/10] crypto: add EC-RDSA (GOST 34.10) algorithm Herbert Xu
2019-04-18 14:25 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190411155122.13245-5-vt@altlinux.org \
--to=vt@altlinux.org \
--cc=denkenz@gmail.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.