Re: [RFC PATCH v4] akcipher: new verify API for public key algorithms

From: Herbert Xu
Date: Fri Feb 01 2019 - 01:27:27 EST

Next message: Shawn Guo: "Re: [v5 2/2] arm64: dts: lx2160a: add sata node support"
Previous message: Dmitry Vyukov: "Re: KASAN: use-after-free Read in selinux_netlbl_socket_setsockopt"
Next in thread: Vitaly Chikunov: "Re: [RFC PATCH v4] akcipher: new verify API for public key algorithms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 25, 2019 at 09:01:16PM +0300, Vitaly Chikunov wrote:
>
> @@ -781,36 +780,17 @@ static int tpm_key_verify_signature(const struct key *key,
> if (!req)
> goto error_free_tfm;
>
> - ret = -ENOMEM;
> - outlen = crypto_akcipher_maxsize(tfm);
> - output = kmalloc(outlen, GFP_KERNEL);
> - if (!output)
> - goto error_free_req;
> -
> - sg_init_one(&sig_sg, sig->s, sig->s_size);
> - sg_init_one(&digest_sg, output, outlen);
> - akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size,
> - outlen);
> + sg_init_table(&src_sg, 2);
> + sg_set_buf(&src_sg[0], sig->s, sig->s_size);
> + sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
> + akcipher_request_set_crypt(req, &src_sg, NULL, sig->s_size,
> + sig->digest_size);

It's not clear that sig->digest is guaranteed to be kmalloc memory.
In any case, it's best not to mix unrelated changes in a single
patch. So please keep the kmalloc on output and then copy
sig->digest into it and put output into the SG list.

Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Shawn Guo: "Re: [v5 2/2] arm64: dts: lx2160a: add sata node support"
Previous message: Dmitry Vyukov: "Re: KASAN: use-after-free Read in selinux_netlbl_socket_setsockopt"
Next in thread: Vitaly Chikunov: "Re: [RFC PATCH v4] akcipher: new verify API for public key algorithms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]