lib/digsig: pkcs_1_v1_5_decode_emsa cleanup
Removed useless 'is_valid' variable in pkcs_1_v1_5_decode_emsa(), which was inhereted from original code. Client now uses return value to check for an error. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Dmitry Kasatkin
James Morris
parent
f58a08152c
commit
b35e286a64
35
lib/digsig.c
35
lib/digsig.c
|
|
@ -34,14 +34,9 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
|
||||||
unsigned long msglen,
|
unsigned long msglen,
|
||||||
unsigned long modulus_bitlen,
|
unsigned long modulus_bitlen,
|
||||||
unsigned char *out,
|
unsigned char *out,
|
||||||
unsigned long *outlen,
|
unsigned long *outlen)
|
||||||
int *is_valid)
|
|
||||||
{
|
{
|
||||||
unsigned long modulus_len, ps_len, i;
|
unsigned long modulus_len, ps_len, i;
|
||||||
int result;
|
|
||||||
|
|
||||||
/* default to invalid packet */
|
|
||||||
*is_valid = 0;
|
|
||||||
|
|
||||||
modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
|
modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
|
||||||
|
|
||||||
|
|
@ -50,39 +45,30 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
/* separate encoded message */
|
/* separate encoded message */
|
||||||
if ((msg[0] != 0x00) || (msg[1] != (unsigned char)1)) {
|
if ((msg[0] != 0x00) || (msg[1] != (unsigned char)1))
|
||||||
result = -EINVAL;
|
return -EINVAL;
|
||||||
goto bail;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (i = 2; i < modulus_len - 1; i++)
|
for (i = 2; i < modulus_len - 1; i++)
|
||||||
if (msg[i] != 0xFF)
|
if (msg[i] != 0xFF)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
/* separator check */
|
/* separator check */
|
||||||
if (msg[i] != 0) {
|
if (msg[i] != 0)
|
||||||
/* There was no octet with hexadecimal value 0x00
|
/* There was no octet with hexadecimal value 0x00
|
||||||
to separate ps from m. */
|
to separate ps from m. */
|
||||||
result = -EINVAL;
|
return -EINVAL;
|
||||||
goto bail;
|
|
||||||
}
|
|
||||||
|
|
||||||
ps_len = i - 2;
|
ps_len = i - 2;
|
||||||
|
|
||||||
if (*outlen < (msglen - (2 + ps_len + 1))) {
|
if (*outlen < (msglen - (2 + ps_len + 1))) {
|
||||||
*outlen = msglen - (2 + ps_len + 1);
|
*outlen = msglen - (2 + ps_len + 1);
|
||||||
result = -EOVERFLOW;
|
return -EOVERFLOW;
|
||||||
goto bail;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
*outlen = (msglen - (2 + ps_len + 1));
|
*outlen = (msglen - (2 + ps_len + 1));
|
||||||
memcpy(out, &msg[2 + ps_len + 1], *outlen);
|
memcpy(out, &msg[2 + ps_len + 1], *outlen);
|
||||||
|
|
||||||
/* valid packet */
|
return 0;
|
||||||
*is_valid = 1;
|
|
||||||
result = 0;
|
|
||||||
bail:
|
|
||||||
return result;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -96,7 +82,7 @@ static int digsig_verify_rsa(struct key *key,
|
||||||
unsigned long len;
|
unsigned long len;
|
||||||
unsigned long mlen, mblen;
|
unsigned long mlen, mblen;
|
||||||
unsigned nret, l;
|
unsigned nret, l;
|
||||||
int valid, head, i;
|
int head, i;
|
||||||
unsigned char *out1 = NULL, *out2 = NULL;
|
unsigned char *out1 = NULL, *out2 = NULL;
|
||||||
MPI in = NULL, res = NULL, pkey[2];
|
MPI in = NULL, res = NULL, pkey[2];
|
||||||
uint8_t *p, *datap, *endp;
|
uint8_t *p, *datap, *endp;
|
||||||
|
|
@ -172,10 +158,9 @@ static int digsig_verify_rsa(struct key *key,
|
||||||
memset(out1, 0, head);
|
memset(out1, 0, head);
|
||||||
memcpy(out1 + head, p, l);
|
memcpy(out1 + head, p, l);
|
||||||
|
|
||||||
err = -EINVAL;
|
err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len);
|
||||||
pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len, &valid);
|
|
||||||
|
|
||||||
if (valid && len == hlen)
|
if (!err && len == hlen)
|
||||||
err = memcmp(out2, h, hlen);
|
err = memcmp(out2, h, hlen);
|
||||||
|
|
||||||
err:
|
err:
|
||||||
|
|
|
||||||
Reference in New Issue