From: Dmitry Kasatkin Subject: Re: [RFC v1.1 2/5] crypto: ksign - digital signature verification support Date: Wed, 17 Aug 2011 13:54:16 +0300 Message-ID: <4E4B9DD8.3060303@intel.com> References: <8abcf5f23fc65590340f51399fc2d60cf4e62f30.1313082284.git.dmitry.kasatkin@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: linux-security-module@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, zohar@linux.vnet.ibm.com To: James Morris Return-path: Received: from mga10.intel.com ([192.55.52.92]:28341 "EHLO fmsmga102.fm.intel.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752821Ab1HQKxG (ORCPT ); Wed, 17 Aug 2011 06:53:06 -0400 In-Reply-To: Sender: linux-crypto-owner@vger.kernel.org List-ID: On 16/08/11 04:00, James Morris wrote: > On Thu, 11 Aug 2011, Dmitry Kasatkin wrote: > >> +static int ksign_verify_rsa(struct key *key, >> + const char *sig, int siglen, >> + const char *h, int hlen) >> +{ >> + int err = -ENOMEM; >> + unsigned long len; >> + unsigned long mlen, mblen; >> + unsigned nret, l; >> + int valid, head, i; >> + unsigned char *out1 = NULL, *out2 = NULL; >> + MPI in = NULL, res = NULL, pkey[2]; >> + uint8_t *p, *datap, *endp; >> + struct user_key_payload *ukp; >> + struct pubkey_hdr *pkh; >> + >> + down_read(&key->sem); >> + ukp = key->payload.data; >> + pkh = (struct pubkey_hdr *)ukp->data; >> + >> + if (pkh->version != 1) >> + return -EINVAL; >> + >> + if (pkh->algo != PUBKEY_ALGO_RSA) >> + return -EINVAL; > Are you supposed to be still holding key->sem here? > Of course not. that was late addition. Should be goto as in following cases... - Dmitry