David, On Thu, Feb 28, 2019 at 06:18:54PM +0000, David Howells wrote: > Vitaly Chikunov <vt@xxxxxxxxxxxx> wrote: > > > + digest = kmemdup(sig->digest, sig->digest_size, GFP_KERNEL); > > + if (!digest) > > You shouldn't need to copy the digest. It's being passed in to the crypto > algorithm, not extracted out. That's how Herbert suggested to do it. Quoting FYI: | On Fri, Feb 01, 2019 at 02:26:55PM +0800, Herbert Xu wrote: | > On Fri, Jan 25, 2019 at 09:01:16PM +0300, Vitaly Chikunov wrote: | > > | > > @@ -781,36 +780,17 @@ static int tpm_key_verify_signature(const struct key *key, | > > if (!req) | > > goto error_free_tfm; | > > | > > - ret = -ENOMEM; | > > - outlen = crypto_akcipher_maxsize(tfm); | > > - output = kmalloc(outlen, GFP_KERNEL); | > > - if (!output) | > > - goto error_free_req; | > > - | > > - sg_init_one(&sig_sg, sig->s, sig->s_size); | > > - sg_init_one(&digest_sg, output, outlen); | > > - akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size, | > > - outlen); | > > + sg_init_table(&src_sg, 2); | > > + sg_set_buf(&src_sg[0], sig->s, sig->s_size); | > > + sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); | > > + akcipher_request_set_crypt(req, &src_sg, NULL, sig->s_size, | > > + sig->digest_size); | > | > It's not clear that sig->digest is guaranteed to be kmalloc memory. | > In any case, it's best not to mix unrelated changes in a single | > patch. So please keep the kmalloc on output and then copy | > sig->digest into it and put output into the SG list. > > + if (memcmp(c, outbuf_enc, c_size)) { > > Please use == 0 and != 0 with memcmp() and strcmp(). Their return values are > kind of inverted in sense if you treat them as boolean. OK. Thanks!