[PATCH v3 2/3] lib/digsig: Use scope-based resource management for two MPI variables in digsig_verify_rsa()

Markus Elfring <Markus.Elfring@xxxxxx> · Sat, 12 Oct 2024 17:08:02 +0200

From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 12 Oct 2024 14:21:28 +0200

The support for scope-based resource management was extended.

* Thus use the attribute “__free(mpi_free)”.

* Reduce the scopes for the local variables “nret”, “in” and “res”.

* Omit two mpi_free() calls accordingly.

* Update jump targets.

Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
---

V3:
Applications were added as requested (by Herbert Xu) for the proposed
programming interface extension.


 lib/digsig.c | 80 ++++++++++++++++++++++++++++------------------------
 1 file changed, 43 insertions(+), 37 deletions(-)

diff --git a/lib/digsig.c b/lib/digsig.c
index 04b5e55ed95f..2481120094ab 100644
--- a/lib/digsig.c
+++ b/lib/digsig.c
@@ -71,11 +71,11 @@ static int digsig_verify_rsa(struct key *key,
 	int err = -EINVAL;
 	unsigned long len;
 	unsigned long mlen, mblen;
-	unsigned nret, l;
+	unsigned int l;
 	int head, i;
 	unsigned char *out1 = NULL;
 	const char *m;
-	MPI in = NULL, res = NULL, pkey[2];
+	MPI pkey[2];
 	uint8_t *p, *datap;
 	const uint8_t *endp;
 	const struct user_key_payload *ukp;
@@ -112,7 +112,7 @@ static int digsig_verify_rsa(struct key *key,
 		pkey[i] = mpi_read_from_buffer(datap, &remaining);
 		if (IS_ERR(pkey[i])) {
 			err = PTR_ERR(pkey[i]);
-			goto err;
+			goto free_keys;
 		}
 		datap += remaining;
 	}
@@ -122,57 +122,63 @@ static int digsig_verify_rsa(struct key *key,

 	if (mlen == 0) {
 		err = -EINVAL;
-		goto err;
+		goto free_keys;
 	}

 	err = -ENOMEM;

 	out1 = kzalloc(mlen, GFP_KERNEL);
 	if (!out1)
-		goto err;
+		goto free_keys;

-	nret = siglen;
-	in = mpi_read_from_buffer(sig, &nret);
-	if (IS_ERR(in)) {
-		err = PTR_ERR(in);
-		goto err;
-	}
+	{
+		unsigned int nret = siglen;
+		MPI in __free(mpi_free) = mpi_read_from_buffer(sig, &nret);

-	res = mpi_alloc(mpi_get_nlimbs(in) * 2);
-	if (!res)
-		goto err;
+		if (IS_ERR(in)) {
+			err = PTR_ERR(in);
+			goto in_exit;
+		}

-	err = mpi_powm(res, in, pkey[1], pkey[0]);
-	if (err)
-		goto err;
+		{
+			MPI res __free(mpi_free) = mpi_alloc(mpi_get_nlimbs(in) * 2);

-	if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) {
-		err = -EINVAL;
-		goto err;
-	}
+			if (!res)
+				goto res_exit;

-	p = mpi_get_buffer(res, &l, NULL);
-	if (!p) {
-		err = -EINVAL;
-		goto err;
-	}
+			err = mpi_powm(res, in, pkey[1], pkey[0]);
+			if (err)
+				goto res_exit;

-	len = mlen;
-	head = len - l;
-	memset(out1, 0, head);
-	memcpy(out1 + head, p, l);
+			if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) {
+				err = -EINVAL;
+				goto res_exit;
+			}

-	kfree(p);
+			p = mpi_get_buffer(res, &l, NULL);
+			if (!p) {
+				err = -EINVAL;
+				goto res_exit;
+			}

-	m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
+			len = mlen;
+			head = len - l;
+			memset(out1, 0, head);
+			memcpy(out1 + head, p, l);

-	if (!m || len != hlen || memcmp(m, h, hlen))
-		err = -EINVAL;
+			kfree(p);
+
+			m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
+
+			if (!m || len != hlen || memcmp(m, h, hlen))
+				err = -EINVAL;
+res_exit:
+		}
+in_exit:
+	}

-err:
-	mpi_free(in);
-	mpi_free(res);
 	kfree(out1);
+free_keys:
 	while (--i >= 0)
 		mpi_free(pkey[i]);
 err1:
--
2.46.1









