| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <300a0376-f003-4862-bb16-7e004733c9c1@web.de>
Date: Sat, 12 Oct 2024 17:08:02 +0200
From: Markus Elfring <Markus.Elfring@....de>
To: linux-crypto@...r.kernel.org, kernel-janitors@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
Peter Zijlstra <peterz@...radead.org>
Cc: LKML <linux-kernel@...r.kernel.org>
Subject: [PATCH v3 2/3] lib/digsig: Use scope-based resource management for
two MPI variables in digsig_verify_rsa()
From: Markus Elfring <elfring@...rs.sourceforge.net>
Date: Sat, 12 Oct 2024 14:21:28 +0200
The support for scope-based resource management was extended.
* Thus use the attribute “__free(mpi_free)”.
* Reduce the scopes for the local variables “nret”, “in” and “res”.
* Omit two mpi_free() calls accordingly.
* Update jump targets.
Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net>
---
V3:
Applications were added as requested (by Herbert Xu) for the proposed
programming interface extension.
lib/digsig.c | 80 ++++++++++++++++++++++++++++------------------------
1 file changed, 43 insertions(+), 37 deletions(-)
diff --git a/lib/digsig.c b/lib/digsig.c
index 04b5e55ed95f..2481120094ab 100644
--- a/lib/digsig.c
+++ b/lib/digsig.c
@@ -71,11 +71,11 @@ static int digsig_verify_rsa(struct key *key,
int err = -EINVAL;
unsigned long len;
unsigned long mlen, mblen;
- unsigned nret, l;
+ unsigned int l;
int head, i;
unsigned char *out1 = NULL;
const char *m;
- MPI in = NULL, res = NULL, pkey[2];
+ MPI pkey[2];
uint8_t *p, *datap;
const uint8_t *endp;
const struct user_key_payload *ukp;
@@ -112,7 +112,7 @@ static int digsig_verify_rsa(struct key *key,
pkey[i] = mpi_read_from_buffer(datap, &remaining);
if (IS_ERR(pkey[i])) {
err = PTR_ERR(pkey[i]);
- goto err;
+ goto free_keys;
}
datap += remaining;
}
@@ -122,57 +122,63 @@ static int digsig_verify_rsa(struct key *key,
if (mlen == 0) {
err = -EINVAL;
- goto err;
+ goto free_keys;
}
err = -ENOMEM;
out1 = kzalloc(mlen, GFP_KERNEL);
if (!out1)
- goto err;
+ goto free_keys;
- nret = siglen;
- in = mpi_read_from_buffer(sig, &nret);
- if (IS_ERR(in)) {
- err = PTR_ERR(in);
- goto err;
- }
+ {
+ unsigned int nret = siglen;
+ MPI in __free(mpi_free) = mpi_read_from_buffer(sig, &nret);
- res = mpi_alloc(mpi_get_nlimbs(in) * 2);
- if (!res)
- goto err;
+ if (IS_ERR(in)) {
+ err = PTR_ERR(in);
+ goto in_exit;
+ }
- err = mpi_powm(res, in, pkey[1], pkey[0]);
- if (err)
- goto err;
+ {
+ MPI res __free(mpi_free) = mpi_alloc(mpi_get_nlimbs(in) * 2);
- if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) {
- err = -EINVAL;
- goto err;
- }
+ if (!res)
+ goto res_exit;
- p = mpi_get_buffer(res, &l, NULL);
- if (!p) {
- err = -EINVAL;
- goto err;
- }
+ err = mpi_powm(res, in, pkey[1], pkey[0]);
+ if (err)
+ goto res_exit;
- len = mlen;
- head = len - l;
- memset(out1, 0, head);
- memcpy(out1 + head, p, l);
+ if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) {
+ err = -EINVAL;
+ goto res_exit;
+ }
- kfree(p);
+ p = mpi_get_buffer(res, &l, NULL);
+ if (!p) {
+ err = -EINVAL;
+ goto res_exit;
+ }
- m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
+ len = mlen;
+ head = len - l;
+ memset(out1, 0, head);
+ memcpy(out1 + head, p, l);
- if (!m || len != hlen || memcmp(m, h, hlen))
- err = -EINVAL;
+ kfree(p);
+
+ m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
+
+ if (!m || len != hlen || memcmp(m, h, hlen))
+ err = -EINVAL;
+res_exit:
+ }
+in_exit:
+ }
-err:
- mpi_free(in);
- mpi_free(res);
kfree(out1);
+free_keys:
while (--i >= 0)
mpi_free(pkey[i]);
err1:
--
2.46.1
Powered by blists - more mailing lists