summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDmitry Kasatkin <dmitry.kasatkin@intel.com>2012-01-26 18:13:26 +0100
committerJames Morris <jmorris@namei.org>2012-02-01 14:23:39 +0100
commitb35e286a640f31d619a637332972498b51f3fd90 (patch)
tree66ea75588c31570245b7048693e15c72ce2ded34
parentlib/digsig: additional sanity checks against badly formated key payload (diff)
downloadlinux-b35e286a640f31d619a637332972498b51f3fd90.tar.xz
linux-b35e286a640f31d619a637332972498b51f3fd90.zip
lib/digsig: pkcs_1_v1_5_decode_emsa cleanup
Removed useless 'is_valid' variable in pkcs_1_v1_5_decode_emsa(), which was inhereted from original code. Client now uses return value to check for an error. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--lib/digsig.c35
1 files changed, 10 insertions, 25 deletions
diff --git a/lib/digsig.c b/lib/digsig.c
index 5d840ac64fb1..b67e82c024b3 100644
--- a/lib/digsig.c
+++ b/lib/digsig.c
@@ -34,14 +34,9 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
unsigned long msglen,
unsigned long modulus_bitlen,
unsigned char *out,
- unsigned long *outlen,
- int *is_valid)
+ unsigned long *outlen)
{
unsigned long modulus_len, ps_len, i;
- int result;
-
- /* default to invalid packet */
- *is_valid = 0;
modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
@@ -50,39 +45,30 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
return -EINVAL;
/* separate encoded message */
- if ((msg[0] != 0x00) || (msg[1] != (unsigned char)1)) {
- result = -EINVAL;
- goto bail;
- }
+ if ((msg[0] != 0x00) || (msg[1] != (unsigned char)1))
+ return -EINVAL;
for (i = 2; i < modulus_len - 1; i++)
if (msg[i] != 0xFF)
break;
/* separator check */
- if (msg[i] != 0) {
+ if (msg[i] != 0)
/* There was no octet with hexadecimal value 0x00
to separate ps from m. */
- result = -EINVAL;
- goto bail;
- }
+ return -EINVAL;
ps_len = i - 2;
if (*outlen < (msglen - (2 + ps_len + 1))) {
*outlen = msglen - (2 + ps_len + 1);
- result = -EOVERFLOW;
- goto bail;
+ return -EOVERFLOW;
}
*outlen = (msglen - (2 + ps_len + 1));
memcpy(out, &msg[2 + ps_len + 1], *outlen);
- /* valid packet */
- *is_valid = 1;
- result = 0;
-bail:
- return result;
+ return 0;
}
/*
@@ -96,7 +82,7 @@ static int digsig_verify_rsa(struct key *key,
unsigned long len;
unsigned long mlen, mblen;
unsigned nret, l;
- int valid, head, i;
+ int head, i;
unsigned char *out1 = NULL, *out2 = NULL;
MPI in = NULL, res = NULL, pkey[2];
uint8_t *p, *datap, *endp;
@@ -172,10 +158,9 @@ static int digsig_verify_rsa(struct key *key,
memset(out1, 0, head);
memcpy(out1 + head, p, l);
- err = -EINVAL;
- pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len, &valid);
+ err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len);
- if (valid && len == hlen)
+ if (!err && len == hlen)
err = memcmp(out2, h, hlen);
err: