From patchwork Sat May 6 12:59:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gilad Ben-Yossef X-Patchwork-Id: 98756 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp564671qge; Sat, 6 May 2017 06:01:26 -0700 (PDT) X-Received: by 10.84.202.12 with SMTP id w12mr71615899pld.55.1494075686011; Sat, 06 May 2017 06:01:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494075686; cv=none; d=google.com; s=arc-20160816; b=qVVWnZ2nvRil36YQyH1pQZsZehAt6FNuuMiroTDiVeLVpLIW58kQ6yaL5Sv7HWpLF0 8pbqEp/Na3h8ctQ6SLSgAut7P8LO4guKSgHCKV27UeUbppoST+gUzjXGKkv6Z7TKae9S oFaqVkgG5ndyWOo4WfglWzfECb7AaPSwFV/O0jhQj6DjV9yAX2oCaN8YHg1o3MUIwwjp plUY2gmd/apeFLCwcU68In4fIHdOop3joUJu/YjV5OIobly5UxzlfgnOTzPWWw9LU/cM lJDx3ehUMbhQRIhDGV3uhjq+Fgo2UyCVuRohXktydR6BUwSugeS113bZEyJY+ohi5Evw EWPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=bTfka0Wnl8olDQLdCAw5X83RatYfsWKO8KZA9NmWnhc=; b=xU0OCeK6qmZjSkYglRFacV9+9Jb+oHp7WZB3LuQ6HLs1Wnc1NbAY9EEdyi+ZgLYRlo NaFvmcTRpOuLT31p5dm3q6NYvmbrFo2n9g4qMKb24wGsC0SC6f3Hs73AKZAZFO4Pk0aV EOoKaU/c8GtRSyQbI0Pto5SKgcnnBy22Q8a9yY9GNwNaSm8SPaPNKZe+ZNWvJKvNaK/2 MTpGQWYGE450YHR3FfxUB/RziP4/hFvHOzXC5xW6OHEsEgfsafsqyMoJwPD/MIU2cSXz 2Ta3QDNBKR/l2TBWEArlRCOq+AsvkAAn6Q7Pmdm8Oy3AYnCnrThED07R5BHyG35BAyvq 1Vtw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o69si8163261pfj.161.2017.05.06.06.01.25; Sat, 06 May 2017 06:01:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753897AbdEFNAz (ORCPT + 1 other); Sat, 6 May 2017 09:00:55 -0400 Received: from foss.arm.com ([217.140.101.70]:59110 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753494AbdEFNAd (ORCPT ); Sat, 6 May 2017 09:00:33 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0B8871516; Sat, 6 May 2017 06:00:33 -0700 (PDT) Received: from localhost.localdomain (usa-sjc-mx-foss1.foss.arm.com [217.140.101.70]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8C1773F41F; Sat, 6 May 2017 06:00:26 -0700 (PDT) From: Gilad Ben-Yossef To: Herbert Xu , "David S. Miller" , Jonathan Corbet , David Howells , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com, Shaohua Li , Steve French , "Theodore Y. Ts'o" , Jaegeuk Kim , Mimi Zohar , Dmitry Kasatkin , James Morris , "Serge E. Hallyn" Cc: Ofir Drang , Gilad Ben-Yossef , linux-crypto@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org, linux-raid@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, linux-fsdevel@vger.kernel.org, linux-ima-devel@lists.sourceforge.net, linux-ima-user@lists.sourceforge.net, linux-security-module@vger.kernel.org Subject: [RFC 02/10] crypto: move pub key to generic async completion Date: Sat, 6 May 2017 15:59:51 +0300 Message-Id: <1494075602-5061-3-git-send-email-gilad@benyossef.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1494075602-5061-1-git-send-email-gilad@benyossef.com> References: <1494075602-5061-1-git-send-email-gilad@benyossef.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org public_key_verify_signature() is starting an async crypto op and waiting for it to complete. Move it over to generic code doing the same. This also fixes a bug in which the code was passing the CRYPTO_TFM_REQ_MAY_BACKLOG flag to akcipher_request_set_callback() but was not correctly testing for -EBUSY return code thus leading to a possible use-after-free if the crypto backlog queue was ever used. Signed-off-by: Gilad Ben-Yossef --- crypto/asymmetric_keys/public_key.c | 28 ++++------------------------ 1 file changed, 4 insertions(+), 24 deletions(-) -- 2.1.4 diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index d3a989e..d916235 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -57,29 +57,13 @@ static void public_key_destroy(void *payload0, void *payload3) public_key_signature_free(payload3); } -struct public_key_completion { - struct completion completion; - int err; -}; - -static void public_key_verify_done(struct crypto_async_request *req, int err) -{ - struct public_key_completion *compl = req->data; - - if (err == -EINPROGRESS) - return; - - compl->err = err; - complete(&compl->completion); -} - /* * Verify a signature using a public key. */ int public_key_verify_signature(const struct public_key *pkey, const struct public_key_signature *sig) { - struct public_key_completion compl; + struct crypto_wait cwait; struct crypto_akcipher *tfm; struct akcipher_request *req; struct scatterlist sig_sg, digest_sg; @@ -131,20 +115,16 @@ int public_key_verify_signature(const struct public_key *pkey, sg_init_one(&digest_sg, output, outlen); akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size, outlen); - init_completion(&compl.completion); + crypto_init_wait(&cwait); akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, - public_key_verify_done, &compl); + crypto_req_done, &cwait); /* Perform the verification calculation. This doesn't actually do the * verification, but rather calculates the hash expected by the * signature and returns that to us. */ - ret = crypto_akcipher_verify(req); - if (ret == -EINPROGRESS) { - wait_for_completion(&compl.completion); - ret = compl.err; - } + ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait); if (ret < 0) goto out_free_output;