提交 26d43845 编写于 作者: D Dmitry Kasatkin 提交者: James Morris

digsig: remove unnecessary memory allocation and copying

In existing use case, copying of the decoded data is unnecessary in
pkcs_1_v1_5_decode_emsa. It is just enough to get pointer to the message.
Removing copying and extra buffer allocation.
Signed-off-by: NDmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: NJames Morris <james.l.morris@oracle.com>
上级 5a73fcfa
...@@ -30,11 +30,10 @@ ...@@ -30,11 +30,10 @@
static struct crypto_shash *shash; static struct crypto_shash *shash;
static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg, static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
unsigned long msglen, unsigned long msglen,
unsigned long modulus_bitlen, unsigned long modulus_bitlen,
unsigned char *out, unsigned long *outlen)
unsigned long *outlen)
{ {
unsigned long modulus_len, ps_len, i; unsigned long modulus_len, ps_len, i;
...@@ -42,11 +41,11 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg, ...@@ -42,11 +41,11 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
/* test message size */ /* test message size */
if ((msglen > modulus_len) || (modulus_len < 11)) if ((msglen > modulus_len) || (modulus_len < 11))
return -EINVAL; return NULL;
/* separate encoded message */ /* separate encoded message */
if ((msg[0] != 0x00) || (msg[1] != (unsigned char)1)) if (msg[0] != 0x00 || msg[1] != 0x01)
return -EINVAL; return NULL;
for (i = 2; i < modulus_len - 1; i++) for (i = 2; i < modulus_len - 1; i++)
if (msg[i] != 0xFF) if (msg[i] != 0xFF)
...@@ -56,19 +55,13 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg, ...@@ -56,19 +55,13 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
if (msg[i] != 0) if (msg[i] != 0)
/* There was no octet with hexadecimal value 0x00 /* There was no octet with hexadecimal value 0x00
to separate ps from m. */ to separate ps from m. */
return -EINVAL; return NULL;
ps_len = i - 2; ps_len = i - 2;
if (*outlen < (msglen - (2 + ps_len + 1))) {
*outlen = msglen - (2 + ps_len + 1);
return -EOVERFLOW;
}
*outlen = (msglen - (2 + ps_len + 1)); *outlen = (msglen - (2 + ps_len + 1));
memcpy(out, &msg[2 + ps_len + 1], *outlen);
return 0; return msg + 2 + ps_len + 1;
} }
/* /*
...@@ -83,7 +76,8 @@ static int digsig_verify_rsa(struct key *key, ...@@ -83,7 +76,8 @@ static int digsig_verify_rsa(struct key *key,
unsigned long mlen, mblen; unsigned long mlen, mblen;
unsigned nret, l; unsigned nret, l;
int head, i; int head, i;
unsigned char *out1 = NULL, *out2 = NULL; unsigned char *out1 = NULL;
const char *m;
MPI in = NULL, res = NULL, pkey[2]; MPI in = NULL, res = NULL, pkey[2];
uint8_t *p, *datap, *endp; uint8_t *p, *datap, *endp;
struct user_key_payload *ukp; struct user_key_payload *ukp;
...@@ -120,7 +114,7 @@ static int digsig_verify_rsa(struct key *key, ...@@ -120,7 +114,7 @@ static int digsig_verify_rsa(struct key *key,
} }
mblen = mpi_get_nbits(pkey[0]); mblen = mpi_get_nbits(pkey[0]);
mlen = (mblen + 7)/8; mlen = DIV_ROUND_UP(mblen, 8);
if (mlen == 0) if (mlen == 0)
goto err; goto err;
...@@ -129,10 +123,6 @@ static int digsig_verify_rsa(struct key *key, ...@@ -129,10 +123,6 @@ static int digsig_verify_rsa(struct key *key,
if (!out1) if (!out1)
goto err; goto err;
out2 = kzalloc(mlen, GFP_KERNEL);
if (!out2)
goto err;
nret = siglen; nret = siglen;
in = mpi_read_from_buffer(sig, &nret); in = mpi_read_from_buffer(sig, &nret);
if (!in) if (!in)
...@@ -162,18 +152,15 @@ static int digsig_verify_rsa(struct key *key, ...@@ -162,18 +152,15 @@ static int digsig_verify_rsa(struct key *key,
memset(out1, 0, head); memset(out1, 0, head);
memcpy(out1 + head, p, l); memcpy(out1 + head, p, l);
err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
if (err)
goto err;
if (len != hlen || memcmp(out2, h, hlen)) if (!m || len != hlen || memcmp(m, h, hlen))
err = -EINVAL; err = -EINVAL;
err: err:
mpi_free(in); mpi_free(in);
mpi_free(res); mpi_free(res);
kfree(out1); kfree(out1);
kfree(out2);
while (--i >= 0) while (--i >= 0)
mpi_free(pkey[i]); mpi_free(pkey[i]);
err1: err1:
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册