| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Nov 2016 15:20:08 +0300
From: Andrey Ryabinin <ryabinin.a.a@...il.com>
To: David Howells <dhowells@...hat.com>
Cc: jmorris@...ei.org, Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
LKML <linux-kernel@...r.kernel.org>, stable@...r.kernel.org,
linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
linux-ima-devel@...ts.sourceforge.net
Subject: Re: [PATCH 2/2] MPI: Fix mpi_powm() when exponent is 0 and the result
has no limbs
2016-11-24 14:33 GMT+03:00 David Howells <dhowells@...hat.com>:
> Andrey Ryabinin <ryabinin.a.a@...il.com> wrote:
>
>> > David Howells <dhowells@...hat.com> wrote:
>> >
>> >> + if (!rp) {
>> >> + if (mpi_resize(res, 1) < 0)
>> >
>> > This is better done with RESIZE_IF_NEEDED().
>> >
>>
>> mpi_resize() is equal to RESIZE_IF_NEEDED(), it also checks for allocated space:
>>
>> int mpi_resize(MPI a, unsigned nlimbs)
>> {
>> ....
>> if (nlimbs <= a->alloced)
>> return 0; /* no need to do it */
>
> Hmmm... In that case, should your patch use mpi_resize() rather than
> RESIZE_IF_NEEDED()? It's a trivial case that we should perhaps weed out much
> earlier (ie. reject the key if exp<2 or mod<2), but it would make the object
> file slightly smaller not to do the test twice.
>
Right, it could be mpi_resize(). I realized that these two functions
do the exactly the same thing only after I send the patch.
We could even remove RESIZE_IF_NEEDED() to not confuse people, because
currently it has no users.
> David
Powered by blists - more mailing lists