| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5807.1479987214@warthog.procyon.org.uk>
Date: Thu, 24 Nov 2016 11:33:34 +0000
From: David Howells <dhowells@...hat.com>
To: Andrey Ryabinin <ryabinin.a.a@...il.com>
Cc: dhowells@...hat.com, jmorris@...ei.org,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
LKML <linux-kernel@...r.kernel.org>, stable@...r.kernel.org,
linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
linux-ima-devel@...ts.sourceforge.net
Subject: Re: [PATCH 2/2] MPI: Fix mpi_powm() when exponent is 0 and the result has no limbs
Andrey Ryabinin <ryabinin.a.a@...il.com> wrote:
> > David Howells <dhowells@...hat.com> wrote:
> >
> >> + if (!rp) {
> >> + if (mpi_resize(res, 1) < 0)
> >
> > This is better done with RESIZE_IF_NEEDED().
> >
>
> mpi_resize() is equal to RESIZE_IF_NEEDED(), it also checks for allocated space:
>
> int mpi_resize(MPI a, unsigned nlimbs)
> {
> ....
> if (nlimbs <= a->alloced)
> return 0; /* no need to do it */
Hmmm... In that case, should your patch use mpi_resize() rather than
RESIZE_IF_NEEDED()? It's a trivial case that we should perhaps weed out much
earlier (ie. reject the key if exp<2 or mod<2), but it would make the object
file slightly smaller not to do the test twice.
David
Powered by blists - more mailing lists