From: Lukas Wunner <lukas@wunner.de>
To: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Stefan Berger <stefanb@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
Vitaly Chikunov <vt@altlinux.org>,
Tadeusz Struk <tstruk@gigaio.com>,
Andrew Zaborowski <andrew.zaborowski@intel.com>,
Saulo Alessandre <saulo.alessandre@tse.jus.br>,
linux-crypto@vger.kernel.org, keyrings@vger.kernel.org
Subject: Re: [PATCH 4/5] crypto: ecdsa - Move X9.62 signature decoding into template
Date: Sat, 3 Aug 2024 12:13:54 +0200 [thread overview]
Message-ID: <Zq4C4ujIZWFnjxJ5@wunner.de> (raw)
In-Reply-To: <20240801175813.000058ad@Huawei.com>
On Thu, Aug 01, 2024 at 05:58:13PM +0100, Jonathan Cameron wrote:
> On Mon, 29 Jul 2024 15:50:00 +0200 Lukas Wunner <lukas@wunner.de> wrote:
> > +static int ecdsa_get_signature_rs(u64 *dest, size_t hdrlen, unsigned char tag,
> > + const void *value, size_t vlen,
> > + unsigned int ndigits)
> > +{
> > + size_t bufsize = ndigits * sizeof(u64);
> > + const char *d = value;
> > +
> > + if (!value || !vlen || vlen > bufsize + 1)
>
> Assuming previous musing correct middle test isn't needed.
> Maybe want to keep it though. Up to you.
The kernel wouldn't crash in the !vlen case because
ecc_digits_from_bytes() can cope with a zero length argument.
However an integer ASN.1 tag with zero length would be illegal I think.
The integer R or S could be very short, but ought to be at least 1 byte
long. asn1_decoder.c does not seem to error out on zero length,
I assume that would be legal at least for *some* tags.
So it does seem prudent to keep the !vlen check.
> > + err = -EINVAL;
> > + if (strncmp(ecdsa_alg->base.cra_name, "ecdsa", 5) != 0)
> > + goto err_free_inst;
> > +
>
> if (cmp(ecdsa_alg->base.cra_name, "ecdsa", 5) != 0) {
> err = -EINVAL;
> goto err_free_inst;
> }
>
> Seems more readable to me.
I'm aware that it looks unusual but in the crypto subsystem
it appears to be a fairly common pattern, so I followed it
to blend in:
First set the return variable to an error code,
then check for an error condition followed by goto.
See e.g.:
__crypto_register_alg() in crypto/algapi.c
software_key_eds_op() in crypto/asymmetric_keys/public_key.c
x509_get_sig_params() in crypto/asymmetric_keys/x509_public_key.c
x509_check_for_self_signed() in crypto/asymmetric_keys/x509_public_key.c
> > + err = akcipher_register_instance(tmpl, inst);
> > + if (err) {
> > +err_free_inst:
> > + ecdsa_x962_free(inst);
> > + }
> > + return err;
>
> I'd rather see a separate error path even if it's a little more code.
>
> if (err)
> goto err_free_inst;
>
> return 0;
>
> err_free_inst:
> ecdsa_x862_free(inst)
> return err;
> > +}
It seems all the existing crypto_templates uniformly follow that
pattern of jumping to an "err_free_inst" label in the
*_register_instance() error path:
$ git grep -C 4 "err_free_inst:" -- crypto/
It seemed unwise to go against the current, so I followed the
existing pattern. Upstream diplomacy. ;)
Thanks,
Lukas
next prev parent reply other threads:[~2024-08-03 10:13 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-29 13:46 [PATCH 0/5] Templatize ecdsa signature decoding Lukas Wunner
2024-07-29 13:47 ` [PATCH 1/5] ASN.1: Add missing include <linux/types.h> Lukas Wunner
2024-07-30 13:50 ` Stefan Berger
2024-08-01 14:42 ` Jonathan Cameron
2024-07-29 13:48 ` [PATCH 2/5] crypto: akcipher - Drop usage of sglists for verify op Lukas Wunner
2024-08-01 16:02 ` Jonathan Cameron
2024-08-02 21:40 ` Lukas Wunner
2024-08-06 5:55 ` Herbert Xu
2024-08-06 8:32 ` Lukas Wunner
2024-08-06 8:58 ` Herbert Xu
2024-08-22 12:25 ` Lukas Wunner
2024-09-06 6:59 ` Herbert Xu
2024-07-29 13:49 ` [PATCH 3/5] crypto: ecdsa - Avoid signed integer overflow on signature decoding Lukas Wunner
2024-07-30 13:50 ` Stefan Berger
2024-08-01 16:12 ` Jonathan Cameron
2024-07-29 13:50 ` [PATCH 4/5] crypto: ecdsa - Move X9.62 signature decoding into template Lukas Wunner
2024-08-01 16:58 ` Jonathan Cameron
2024-08-03 10:13 ` Lukas Wunner [this message]
2024-07-29 13:51 ` [PATCH 5/5] crypto: ecdsa - Support P1363 signature decoding Lukas Wunner
2024-08-01 17:06 ` Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zq4C4ujIZWFnjxJ5@wunner.de \
--to=lukas@wunner.de \
--cc=Jonathan.Cameron@huawei.com \
--cc=andrew.zaborowski@intel.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=saulo.alessandre@tse.jus.br \
--cc=stefanb@linux.ibm.com \
--cc=tstruk@gigaio.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).