Eric Biggers writes:
> On Fri, Oct 02, 2020 at 02:38:36PM +0200, Torsten Duwe wrote:
>>
>> Would some maintainer please comment on potential problems or
>> shortcomings?
>>
>
> Well, very people are experts in the Linux RNG *and* have time to review large
> patchsets, especially when three peopl
' to the function prologue in order to
adhere to C99 rules. Likewise, move the declaration of 's' into the
body loop, the only scope it's referenced from.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 69 ---
1 file changed, 32
ract_entropy() as well as from account() called therefrom.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 17 ++---
1 file changed, 6 insertions(+), 11 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 14c39608cc17..35e381be20fe 100644
--- a/drive
n + store with the ->lock being
held.
- Make account() grab the ->lock and drop the cmpxchg-retry loop in favor
of a plain assignent.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 44 +--
1 file changed, 30 insertions(+), 14 deletions(
ed.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 243 +-
1 file changed, 124 insertions(+), 119 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 680ccc82a436..55e784a5a2ec 100644
--- a/drivers/char/random.c
+++
that queue with automatic storage duration
in add_interrupt_randomness().
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 55e784a5a2ec..37746df53acf 100644
--- a
ndomness before
reseeding, but a (single) numa crng chained to the primary_crng may
produce as much as 8PB before the latter must eventually get reseeded
from the input_pool. But AFAICT, a SP800-90A conforming implementation
would still have to provide provisions for a blocking extract_crng().
ropy_shift, and make it set ->warmup to
the larger of 1024 and 4 * 128 / (2^-event_entropy_shift). Adjust all
call sites accordingly.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 23 +++
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/drive
so far.
Implement the APT logic and wrap it in a new function, health_test_apt().
Invoke it from health_test_process().
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 56 +--
1 file changed, 54 insertions(+), 2 deletions(-)
diff --git a/dr
e specification of "reseed_interval" in NIST SP800-90A.
Thus, it's better to keep the startup health test restart logic consistent
for now.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/char/rando
with fips_enabled though and there's
simply no way to avoid it without violating the specs.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 25 +++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
ind
t() in order to maintain a steady flow of correctly
calculated deltas across health test resets.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index cb6441
gets initialized once before
its first usage.
Make add_interrupt_randomness call fast_pool_init_accounting() earlier:
health test functionality will get invoked before the latter's old location
and it must have been initialized by that time.
Signed-off-by: Nicolai Stange
---
drivers/char/ran
rom.
Make the latter to not dispatch any entropy to the global entropy balance
if fips_enabled is on.
[1] https://lkml.kernel.org/r/5695397.lov4wx5...@positron.chronox.de
Suggested-by: Stephan Müller
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 24 ++--
1 file c
the failure thresholds to the now slightly smaller n2 values.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 58 +--
1 file changed, 50 insertions(+), 8 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 131302cbc495
lt can then be
obtained by "shrinking" this intermediate representation back into an u8.
In total, the candidate extraction can be achieved within a sequence of
seven binops and six shifts.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 71 ---
However, in this particular case of try_to_generate_entropy(),
jitter is desired and invoking queue_entropy() with its buffer locking etc.
from the timer callback could potentially contribute to that.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 42 +
e ->lock could eventually be obtained.
As actual health tests returning anything but health_none haven't been
implemented yet, there is no behavioural change at this point.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 78 +--
1 file chan
All former call sites of __credit_entropy_bits_fast() have been converted
to the new __dispatch_queued_entropy_fast() API. Drop the now unused
__credit_entropy_bits_fast().
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 14 --
1 file changed, 14 deletions(-)
diff --git a
RCT are ignored, because
- as said, the statistical power is weak and a positive outcome wouldn't
tell anything and
- it's not desirable to make the caller, i.e. add_interrupt_randomness(),
to further queue any entropy once the concurrently running APT has
signaled a successful completio
reimplemented on top of the
new API before.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index b91d1fc08ac5..e8c86abde901 100644
--- a/drivers/char/random.c
+++ b/drivers
one
single bit. Remember that fast_pool_entropy() calculates the amount of
entropy contained in a fast_pool, based on the total number of events mixed
into it and the estimated entropy per event.
[1] https://lkml.kernel.org/r/5695397.lov4wx5...@positron.chronox.de
Suggested-by: Stephan Müller
reimplemented on top of the
new API before.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 28
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index e8c86abde901..bd3774c6be4b 100644
--- a
->good_tests is > 4 and the entropy
had previously been lowered.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 25 +++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index bb79dcb96882..24c09ba9d
All former call sites of credit_entropy_bits() and
credit_entropy_bits_safe() respectively have been converted to the new
dispatch_queued_entropy() API. Drop the now unused functions.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 29 +
1 file changed, 1
e().
Note that random_get_entropy() data doesn't get any entropy credit and
thus, this issue is not to be considered a bug, but more of an
inconsistency.
Fixes: d55535232c3d ("random: move rand_initialize() earlier")
Signed-off-by: Nicolai Stange
---
init/main.c | 2 +-
1 file c
it
will be wired up in an upcoming commit.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 52 +++
1 file changed, 52 insertions(+)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index a985ceb22c7c..ac36c56dd135 100644
--- a/drivers/
le_ctr_resolution() compare 16 successive
random_get_entropy() values and disable have_highres_cycle_ctr in case
the same value has been read two times in a row. As have_highres_cycle_ctr
will be only accessed if fips_enabled is true, make it return early in
case it's not set.
Signed-off-by: Nicolai
.
As a side effect, the pool entropy watermark as tracked over the duration
of the write_pool() operation is now taken correctly taken into account
when calulating the amount of new entropy to dispatch to the pool based on
the latter's fill level.
Signed-off-by: Nicolai Stange
---
drivers
e that
- There are mechanisms in place to limit the effect in magnitude and
time.
- The watermark can never exceed the total amount of entropy collected
so far. So entropy collection at boot time would have to be terribly
efficient in order for this to matter.
- As seeding the primary_
taken correctly taken into account
when calulating the amount of new entropy to dispatch to the pool based on
the latter's fill level.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/char/random.c b/drivers
ing rid of that arch_get_random_long() call currently
found in add_interrupt_randomness(), move those arch_get_random_long()
calls in crng_reseed() into a separate loop and outside of the crng->lock.
There is no functional change.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c |
urn true on x86 if the CPU has
RDSEED support.
Yes, I know, one change per patch, but this is part of a RFC series.
Signed-off-by: Nicolai Stange
---
arch/arm64/include/asm/archrandom.h | 10 +-
arch/powerpc/include/asm/archrandom.h | 5 +
arch/s390/include/asm/archrandom.h|
ral RNG.
Make crng_reseed() bail out in FIPS mode if the input_pool provides
insufficient entropy and any of the arch_get_random_seed_long()
invocations fails: there's no statement regarding SP900-90B compliance of
arch_get_random_long() and so it can't be used as a backup.
Signed-off-b
("x86: Remove arch_has_random, arch_has_random_seed")
Signed-off-by: Nicolai Stange
---
arch/arm64/include/asm/archrandom.h | 25 ++---
arch/powerpc/include/asm/archrandom.h | 12 +++-
arch/s390/include/asm/archrandom.h| 14 --
ar
entropy() and __dispatch_queued_entropy_fast().
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 18 +++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 1945249597e0..424de1565927 100644
--- a/drivers/char/random.c
+++ b
tes obtained from the input_pool.
Thus, in case failing arch_get_random_long()s in combination with
arch_randomness_required set became a problem in the future, it would be
better to improve the error path and simply return the unused entropy
extracted from t
fter
initialization.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index c4b7bdbd460e..14c39608cc17 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.
Since commit 90ea1c6436d2 ("random: remove the blocking pool") the local
has_initialized in credit_entropy_bits() won't get set anymore and
the corresponding if-clause became dead code. Remove it as well as the
has_initialized variable itself from credit_entropy_bits().
Signed-
_bits() tp reset entropy_count to the original value
rather than zero on overflow.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 35e381be20fe..6adac462aa0d 100644
pool_entropy_delta()'s nbits argument with nfrac, which used to be
a local variable and is expected to be given in units of 2^-ENTROPY_SHIFT.
Adapt the single caller, credit_entropy_bits(), accordingly.
Signed-off-by: Nicolai Stange
---
drivers/char/random.c | 19 ++-
1
seed the primary_crng.
Note that unlike it's the case with credit_entropy_bits(), the reseeding
won't be possible from within __credit_entropy_bits_fast() anymore once it
actually gets invoked with the pool lock being held in the future.
There is no functional ch
is set to true, the calculation
will be terminated after the first iteration, effectively capping the input
nbits to one half of the pool size.
There is no functional change; callers with 'fast' set to true will be
introduced in a future patch.
Signed-off-by: Nicolai Stange
---
driver
Herbert Xu writes:
> On Wed, Jul 27, 2016 at 11:05:05PM +0200, Nicolai Stange wrote:
>>
>> with linux-next-20160726, I get this:
>>
>> BUG: sleeping function called from invalid context at
>> /mnt/scratch/nic/linux-next/mm/slab.h:388
>
> Does this p
Hi,
with linux-next-20160726, I get this:
BUG: sleeping function called from invalid context at
/mnt/scratch/nic/linux-next/mm/slab.h:388
in_atomic(): 1, irqs_disabled(): 0, pid: 369, name: systemd-udevd
no locks held by systemd-udevd/369.
CPU: 2 PID: 369 Comm: systemd-udevd Not tainted 4.7.
Herbert Xu writes:
> On Thu, May 26, 2016 at 11:19:50PM +0200, Nicolai Stange wrote:
>> mpi_read_from_buffer() and mpi_read_raw_data() do almost the same and share a
>> fair amount of common code.
>>
>> This patchset attempts to rewrite mpi_read_from_buffer() in orde
Currently, if digsig_verify_rsa() detects that the modulo's length is zero,
i.e. mlen == 0, it returns -ENOMEM which doesn't really fit here.
Make digsig_verify_rsa() return -EINVAL upon mlen == 0.
Signed-off-by: Nicolai Stange
---
lib/digsig.c | 8 +---
1 file changed, 5 insert
_rsa(),
check the return value for IS_ERR() rather than == NULL. If IS_ERR() is
true, return the associated error value rather than the fixed -ENOMEM.
Signed-off-by: Nicolai Stange
---
lib/digsig.c | 12
lib/mpi/mpicoder.c | 6 +++---
2 files changed, 11 insertions(+), 7 delet
by a call to
mpi_read_raw_data().
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 24 +++-
1 file changed, 3 insertions(+), 21 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index 2f4d039..e8a5742 100644
--- a/lib/mpi/mpicoder.c
+++ b/lib/mpi
eturn -EINVAL.
Get rid of the 'nread' variable: with the new semantics, the total number
of bytes read from the input buffer is known in advance.
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 18 --
1 file changed, 8 insertions(+), 10 deletions(-)
diff
:
- Use pr_info() rather than printk() with no loglevel.
- Use the format specifiers '%u' in place if '%d'.
- Do not print the redundant 'nread' but the more helpful 'nbytes' value.
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 4 ++--
1 file changed
s solely used by the IMA/EVM infrastructure.
In my current setup, I don't have any IMA/EVM stuff in place and thus,
I can't do any runtime tests without putting *much* effort into it.
I would really appreciate if someone with a working IMA/EVM setup could do some
brief testing...
Nicolai
is by subtracting
count_leading_zeros(...) - (BITS_PER_LONG - 8)
from nbits only.
Fixes: e1045992949 ("MPILIB: Provide a function to read raw data into an
MPI")
Signed-off-by: Nicolai Stange
---
Applicable to linux-next-20150525.
lib/mpi/mpicoder.c | 2 +-
1
In mpi_read_raw_data(), unsigned nbits is calculated as follows:
nbits = nbytes * 8;
and redundantly cleared later on if nbytes == 0:
if (nbytes > 0)
...
else
nbits = 0;
Purge this redundant clearing for the sake of clarity.
Signed-off-by: Nicolai Stange
---
Applicable to li
mpi_set_buffer() has no in-tree users and similar functionality is provided
by mpi_read_raw_data().
Remove mpi_set_buffer().
Signed-off-by: Nicolai Stange
---
Applicable to linux-next-20150525.
allmodconfig build on x86_64 succeeded.
include/linux/mpi.h | 1 -
lib/mpi/mpicoder.c | 76
Herbert Xu writes:
> On Tue, Mar 22, 2016 at 01:12:34PM +0100, Nicolai Stange wrote:
>> Former v2 can be found here:
>>
>>
>> http://lkml.kernel.org/g/1458566775-5239-1-git-send-email-nicsta...@gmail.com
>>
>>
>> This v3 series incorporates
Herbert Xu writes:
> On Sun, Mar 20, 2016 at 11:23:46PM +0100, Nicolai Stange wrote:
>> Despite what the DocBook comment to pkcs7_validate_trust() says, the
>> *_trusted argument is never set to false.
>>
>> pkcs7_validate_trust() only positively sets *_trusted upo
ly < BYTES_PER_MPI_LIMB ones, reading some extra bytes from
beyond the last SGE's buffer and discarding them afterwards.
Fix this issue by purging the extension of len beyond the last input SGE's
buffer length.
Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nico
shift offset to x' bounds and let x run from zero to
sg->length - 1.
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 9 +++--
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index 24a0155..a9f1097 100644
--- a/lib/mp
G - 8 too many.
Fix this by subtracting
count_leading_zeros(...) - (BITS_PER_LONG - 8)
from nbits only.
Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/m
Currently, the endian conversion from CPU order to BE is open coded in
mpi_write_sgl().
Replace this by the centrally provided cpu_to_be*() macros.
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 27 +++
1 file changed, 11 insertions(+), 16 deletions(-)
diff
trivial way and that the len
argument is shadowed by a local len variable in several loops, this is just
confusing.
Rename the len argument to nbytes and get rid of the nbytes local variable.
Do the nbytes calculation in place.
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 8
1
be21d8f89d ("lib/mpi: only require buffers as big as needed for
the integer")
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 13 +++--
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index a999ee1..
In mpi_read_raw_from_sgl(), unsigned nbits is calculated as follows:
nbits = nbytes * 8;
and redundantly cleared later on if nbytes == 0:
if (nbytes > 0)
...
else
nbits = 0;
Purge this redundant clearing for the sake of clarity.
Signed-off-by: Nicolai Stange
---
lib/
, equal in number to the
extra bytes in nbytes, are left uninitialized.
Fix this by adjusting nbytes for each completely zero leading scatterlist
entry.
Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 8 ++--
1 file changed
Currently, the endian conversion from CPU order to BE is open coded in
mpi_read_buffer().
Replace this by the centrally provided cpu_to_be*() macros.
Copy from the temporary storage on stack to the destination buffer
by means of memcpy().
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c
Currently, if the number of leading zeros is greater than fits into a
complete limb, mpi_read_buffer() skips them by iterating over them
limb-wise.
Instead of skipping the high order zero limbs within the loop as shown
above, adjust the copying loop's bounds.
Signed-off-by: Nicolai S
g the source memory, i.e. alimb2.
Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index 78ec4e1..b05d390 10064
Within the copying loop in mpi_write_sgl(), we have
if (lzeros) {
...
p -= lzeros;
y = lzeros;
}
p = p - (sizeof(alimb) - y);
If lzeros == 0, then y == 0, too. Thus, lzeros gets subtracted and added
back again to p.
Purge this redundancy.
Signed-off-by: Nicolai Stange
Within the copying loop in mpi_write_sgl(), we have
if (lzeros > 0) {
...
lzeros -= sizeof(alimb);
}
However, at this point, lzeros < sizeof(alimb) holds. Make this fact
explicit by rewriting the above to
if (lzeros) {
...
lzeros = 0;
}
Signed-off-by: Nicolai
the copying loop's bounds.
Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 21 +
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index eb15e7d..6bb52be 10
1-8/14]
former [1-8/8], unchanged.
- [9-14/14]
Added in v2. Fixes to mpi_read_raw_from_sgl().
Nicolai Stange (14):
lib/mpi: mpi_write_sgl(): fix skipping of leading zero limbs
lib/mpi: mpi_write_sgl(): fix style issue with lzero decrement
lib/mpi: mpi_write_sgl(): purge redundant
Hi Tadeusz,
thank you very much for your quick reply!
Tadeusz Struk writes:
> On 03/21/2016 06:26 AM, Nicolai Stange wrote:
>> This is a resend of v2 with the crypto people properly CC'd.
>>
>> The original v1 can be found here:
>>
>>
>> http://
g the source memory, i.e. alimb2.
Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index 78ec4e1..b05d390 10064
the copying loop's bounds.
Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 21 +
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index eb15e7d..6bb52be 10
Within the copying loop in mpi_write_sgl(), we have
if (lzeros > 0) {
...
lzeros -= sizeof(alimb);
}
However, at this point, lzeros < sizeof(alimb) holds. Make this fact
explicit by rewriting the above to
if (lzeros) {
...
lzeros = 0;
}
Signed-off-by: Nicolai
Within the copying loop in mpi_write_sgl(), we have
if (lzeros) {
...
p -= lzeros;
y = lzeros;
}
p = p - (sizeof(alimb) - y);
If lzeros == 0, then y == 0, too. Thus, lzeros gets subtracted and added
back again to p.
Purge this redundancy.
Signed-off-by: Nicolai Stange
Currently, the endian conversion from CPU order to BE is open coded in
mpi_read_buffer().
Replace this by the centrally provided cpu_to_be*() macros.
Copy from the temporary storage on stack to the destination buffer
by means of memcpy().
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c
ly < BYTES_PER_MPI_LIMB ones, reading some extra bytes from
beyond the last SGE's buffer and discarding them afterwards.
Fix this issue by purging the extension of len beyond the last input SGE's
buffer length.
Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nico
In mpi_read_raw_from_sgl(), unsigned nbits is calculated as follows:
nbits = nbytes * 8;
and redundantly cleared later on if nbytes == 0:
if (nbytes > 0)
...
else
nbits = 0;
Purge this redundant clearing for the sake of clarity.
Signed-off-by: Nicolai Stange
---
lib/
Currently, the endian conversion from CPU order to BE is open coded in
mpi_write_sgl().
Replace this by the centrally provided cpu_to_be*() macros.
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 27 +++
1 file changed, 11 insertions(+), 16 deletions(-)
diff
shift offset to x' bounds and let x run from zero to
sg->length - 1.
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 9 +++--
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index 5d02efe..3f114d2 100644
--- a/lib/mp
, equal in number to the
extra bytes in nbytes, are left uninitialized.
Fix this by adjusting nbytes for each completely zero leading scatterlist
entry.
Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 8 ++--
1 file changed
be21d8f89d ("lib/mpi: only require buffers as big as needed for
the integer")
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 13 +++--
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index a999ee1..
trivial way and that the len
argument is shadowed by a local len variable in several loops, this is just
confusing.
Rename the len argument to nbytes and get rid of the nbytes local variable.
Do the nbytes calculation in place.
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 8
1
G - 8 too many.
Fix this by subtracting
count_leading_zeros(...) - (BITS_PER_LONG - 8)
from nbits only.
Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange
---
lib/mpi/mpicoder.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/m
Currently, if the number of leading zeros is greater than fits into a
complete limb, mpi_read_buffer() skips them by iterating over them
limb-wise.
Instead of skipping the high order zero limbs within the loop as shown
above, adjust the copying loop's bounds.
Signed-off-by: Nicolai S
ich includes the original stuff from v1 plus my new fixes to
mpi_read_raw_from_sgl().
Applicable to linux-next-20160318.
Changes to v1:
- [1-8/14]
former [1-8/8], unchanged.
- [9-14/14]
Added in v2. Fixes to mpi_read_raw_from_sgl().
Nicolai Stange (14):
lib/mpi: mpi_write_sgl(): fix
The implication is that pkcs7_validate_trust() effectively grants trust
when it really shouldn't have.
Fix this by explicitly setting *_trusted to false at the very beginning
of pkcs7_validate_trust().
Signed-off-by: Nicolai Stange
---
Applicable to linux-next-20160318
crypto/asymmetr
89 matches
Mail list logo
