From: Vitaly Chikunov <vt@altlinux.org>
To: David Howells <dhowells@redhat.com>, keyrings@vger.kernel.org
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
linux-integrity@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v7 05/11] KEYS: do not kmemdup digest in {public,tpm}_key_verify_signature
Date: Fri, 22 Mar 2019 22:49:25 +0300 [thread overview]
Message-ID: <20190322194925.w3i2esq6u2zaff2q@altlinux.org> (raw)
In-Reply-To: <20190301175918.29694-6-vt@altlinux.org>
David,
Can you please Ack this patch, it changes ASYMMETRIC KEYS tree, and
incorporates modifications you requested before.
Thanks,
On Fri, Mar 01, 2019 at 08:59:12PM +0300, Vitaly Chikunov wrote:
> Treat (struct public_key_signature)'s digest same as its signature (s).
> Since digest should be already in the kmalloc'd memory do not kmemdup
> digest value before calling {public,tpm}_key_verify_signature.
>
> Patch is split from the previous as suggested by Herbert Xu.
>
> Suggested-by: David Howells <dhowells@redhat.com>
> Cc: David Howells <dhowells@redhat.com>
> Cc: keyrings@vger.kernel.org
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> ---
> crypto/asymmetric_keys/asym_tpm.c | 10 +---------
> crypto/asymmetric_keys/public_key.c | 9 +--------
> 2 files changed, 2 insertions(+), 17 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c
> index 4e5b6fb57a94..402fc34ca044 100644
> --- a/crypto/asymmetric_keys/asym_tpm.c
> +++ b/crypto/asymmetric_keys/asym_tpm.c
> @@ -748,7 +748,6 @@ static int tpm_key_verify_signature(const struct key *key,
> char alg_name[CRYPTO_MAX_ALG_NAME];
> uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
> uint32_t der_pub_key_len;
> - void *digest;
> int ret;
>
> pr_devel("==>%s()\n", __func__);
> @@ -780,14 +779,9 @@ static int tpm_key_verify_signature(const struct key *key,
> if (!req)
> goto error_free_tfm;
>
> - ret = -ENOMEM;
> - digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL);
> - if (!digest)
> - goto error_free_req;
> -
> sg_init_table(src_sg, 2);
> sg_set_buf(&src_sg[0], sig->s, sig->s_size);
> - sg_set_buf(&src_sg[1], digest, sig->digest_size);
> + sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
> akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
> sig->digest_size);
> crypto_init_wait(&cwait);
> @@ -796,8 +790,6 @@ static int tpm_key_verify_signature(const struct key *key,
> crypto_req_done, &cwait);
> ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
>
> - kfree(digest);
> -error_free_req:
> akcipher_request_free(req);
> error_free_tfm:
> crypto_free_akcipher(tfm);
> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
> index 338f2b5352b1..4dcfe281b898 100644
> --- a/crypto/asymmetric_keys/public_key.c
> +++ b/crypto/asymmetric_keys/public_key.c
> @@ -235,7 +235,6 @@ int public_key_verify_signature(const struct public_key *pkey,
> struct akcipher_request *req;
> struct scatterlist src_sg[2];
> char alg_name[CRYPTO_MAX_ALG_NAME];
> - void *digest;
> int ret;
>
> pr_devel("==>%s()\n", __func__);
> @@ -268,14 +267,9 @@ int public_key_verify_signature(const struct public_key *pkey,
> if (ret)
> goto error_free_req;
>
> - ret = -ENOMEM;
> - digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL);
> - if (!digest)
> - goto error_free_req;
> -
> sg_init_table(src_sg, 2);
> sg_set_buf(&src_sg[0], sig->s, sig->s_size);
> - sg_set_buf(&src_sg[1], digest, sig->digest_size);
> + sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
> akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
> sig->digest_size);
> crypto_init_wait(&cwait);
> @@ -284,7 +278,6 @@ int public_key_verify_signature(const struct public_key *pkey,
> crypto_req_done, &cwait);
> ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
>
> - kfree(digest);
> error_free_req:
> akcipher_request_free(req);
> error_free_tfm:
> --
> 2.11.0
WARNING: multiple messages have this Message-ID (diff)
From: Vitaly Chikunov <vt@altlinux.org>
To: David Howells <dhowells@redhat.com>, keyrings@vger.kernel.org
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
linux-integrity@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v7 05/11] KEYS: do not kmemdup digest in {public,tpm}_key_verify_signature
Date: Fri, 22 Mar 2019 19:49:25 +0000 [thread overview]
Message-ID: <20190322194925.w3i2esq6u2zaff2q@altlinux.org> (raw)
In-Reply-To: <20190301175918.29694-6-vt@altlinux.org>
David,
Can you please Ack this patch, it changes ASYMMETRIC KEYS tree, and
incorporates modifications you requested before.
Thanks,
On Fri, Mar 01, 2019 at 08:59:12PM +0300, Vitaly Chikunov wrote:
> Treat (struct public_key_signature)'s digest same as its signature (s).
> Since digest should be already in the kmalloc'd memory do not kmemdup
> digest value before calling {public,tpm}_key_verify_signature.
>
> Patch is split from the previous as suggested by Herbert Xu.
>
> Suggested-by: David Howells <dhowells@redhat.com>
> Cc: David Howells <dhowells@redhat.com>
> Cc: keyrings@vger.kernel.org
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> ---
> crypto/asymmetric_keys/asym_tpm.c | 10 +---------
> crypto/asymmetric_keys/public_key.c | 9 +--------
> 2 files changed, 2 insertions(+), 17 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c
> index 4e5b6fb57a94..402fc34ca044 100644
> --- a/crypto/asymmetric_keys/asym_tpm.c
> +++ b/crypto/asymmetric_keys/asym_tpm.c
> @@ -748,7 +748,6 @@ static int tpm_key_verify_signature(const struct key *key,
> char alg_name[CRYPTO_MAX_ALG_NAME];
> uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
> uint32_t der_pub_key_len;
> - void *digest;
> int ret;
>
> pr_devel("=>%s()\n", __func__);
> @@ -780,14 +779,9 @@ static int tpm_key_verify_signature(const struct key *key,
> if (!req)
> goto error_free_tfm;
>
> - ret = -ENOMEM;
> - digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL);
> - if (!digest)
> - goto error_free_req;
> -
> sg_init_table(src_sg, 2);
> sg_set_buf(&src_sg[0], sig->s, sig->s_size);
> - sg_set_buf(&src_sg[1], digest, sig->digest_size);
> + sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
> akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
> sig->digest_size);
> crypto_init_wait(&cwait);
> @@ -796,8 +790,6 @@ static int tpm_key_verify_signature(const struct key *key,
> crypto_req_done, &cwait);
> ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
>
> - kfree(digest);
> -error_free_req:
> akcipher_request_free(req);
> error_free_tfm:
> crypto_free_akcipher(tfm);
> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
> index 338f2b5352b1..4dcfe281b898 100644
> --- a/crypto/asymmetric_keys/public_key.c
> +++ b/crypto/asymmetric_keys/public_key.c
> @@ -235,7 +235,6 @@ int public_key_verify_signature(const struct public_key *pkey,
> struct akcipher_request *req;
> struct scatterlist src_sg[2];
> char alg_name[CRYPTO_MAX_ALG_NAME];
> - void *digest;
> int ret;
>
> pr_devel("=>%s()\n", __func__);
> @@ -268,14 +267,9 @@ int public_key_verify_signature(const struct public_key *pkey,
> if (ret)
> goto error_free_req;
>
> - ret = -ENOMEM;
> - digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL);
> - if (!digest)
> - goto error_free_req;
> -
> sg_init_table(src_sg, 2);
> sg_set_buf(&src_sg[0], sig->s, sig->s_size);
> - sg_set_buf(&src_sg[1], digest, sig->digest_size);
> + sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
> akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
> sig->digest_size);
> crypto_init_wait(&cwait);
> @@ -284,7 +278,6 @@ int public_key_verify_signature(const struct public_key *pkey,
> crypto_req_done, &cwait);
> ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
>
> - kfree(digest);
> error_free_req:
> akcipher_request_free(req);
> error_free_tfm:
> --
> 2.11.0
next prev parent reply other threads:[~2019-03-22 19:49 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-01 17:59 [PATCH v7 00/11] crypto: add EC-RDSA (GOST 34.10) algorithm Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-01 17:59 ` [PATCH v7 01/11] KEYS: report to keyctl only actually supported key ops Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-01 17:59 ` [PATCH v7 02/11] crypto: akcipher - check the presence of callback before the call Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-21 11:19 ` Herbert Xu
2019-03-21 11:19 ` Herbert Xu
2019-03-21 11:42 ` Vitaly Chikunov
2019-03-21 11:42 ` Vitaly Chikunov
2019-03-21 12:11 ` Herbert Xu
2019-03-21 12:11 ` Herbert Xu
2019-03-01 17:59 ` [PATCH v7 03/11] crypto: rsa - unimplement sign/verify for raw RSA backends Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-22 19:21 ` Vitaly Chikunov
2019-03-22 20:27 ` Gary R Hook
2019-03-22 22:41 ` Horia Geanta
2019-03-22 22:41 ` Horia Geanta
2019-03-01 17:59 ` [PATCH v7 04/11] crypto: akcipher - new verify API for public key algorithms Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-01 17:59 ` [PATCH v7 05/11] KEYS: do not kmemdup digest in {public,tpm}_key_verify_signature Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-22 19:49 ` Vitaly Chikunov [this message]
2019-03-22 19:49 ` Vitaly Chikunov
2019-03-01 17:59 ` [PATCH v7 06/11] X.509: parse public key parameters from x509 for akcipher Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-22 19:42 ` Vitaly Chikunov
2019-03-22 19:42 ` Vitaly Chikunov
2019-03-01 17:59 ` [PATCH v7 07/11] crypto: Kconfig - create Public-key cryptography section Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-01 17:59 ` [PATCH v7 08/11] crypto: ecc - make ecc into separate module Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-01 17:59 ` [PATCH v7 09/11] crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-01 17:59 ` [PATCH v7 10/11] crypto: ecrdsa - add EC-RDSA test vectors to testmgr Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-01 17:59 ` [PATCH v7 11/11] integrity: support EC-RDSA signatures for asymmetric_verify Vitaly Chikunov
2019-03-01 17:59 ` Vitaly Chikunov
2019-03-22 19:15 ` Vitaly Chikunov
2019-03-22 19:15 ` Vitaly Chikunov
2019-03-22 12:39 ` [PATCH v7 00/11] crypto: add EC-RDSA (GOST 34.10) algorithm Herbert Xu
2019-03-22 12:39 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190322194925.w3i2esq6u2zaff2q@altlinux.org \
--to=vt@altlinux.org \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.