lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 3 Mar 2024 11:34:49 -0500
From: Stefan Berger <stefanb@...ux.ibm.com>
To: Lukas Wunner <lukas@...ner.de>
Cc: keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
        herbert@...dor.apana.org.au, davem@...emloft.net,
        linux-kernel@...r.kernel.org, saulo.alessandre@....jus.br
Subject: Re: [PATCH v4 01/12] crypto: ecdsa - Convert byte arrays with key
 coordinates to digits



On 3/2/24 16:34, Lukas Wunner wrote:
> On Thu, Feb 29, 2024 at 09:19:56PM -0500, Stefan Berger wrote:
>> --- a/crypto/ecdsa.c
>> +++ b/crypto/ecdsa.c
>> @@ -222,9 +222,8 @@ static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx)
>>   static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen)
>>   {
>>   	struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm);
>> +	unsigned int digitlen, ndigits;
>>   	const unsigned char *d = key;
>> -	const u64 *digits = (const u64 *)&d[1];
>> -	unsigned int ndigits;
>>   	int ret;
>>   
>>   	ret = ecdsa_ecc_ctx_reset(ctx);
> 
> Hm, the removal of digits isn't strictly necessary.  If you would keep it,
> the patch would become simpler (fewer lines changes).
> 
> 
>> @@ -238,12 +237,17 @@ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig
>>   		return -EINVAL;
>>   
>>   	keylen--;
>> -	ndigits = (keylen >> 1) / sizeof(u64);
>> +	digitlen = keylen >> 1;
>> +
>> +	ndigits = DIV_ROUND_UP(digitlen, sizeof(u64));
> 
> Instead of introducing an additional digitlen variable, you could just
> use keylen.  It seems it's not used in the remainder of the function,
> so modifying it is harmless:
> 
>   	keylen--;
> + 	keylen >>= 1;
> -	ndigits = (keylen >> 1) / sizeof(u64);
> +	ndigits = DIV_ROUND_UP(digitlen, sizeof(u64));
> 
> Just a suggestion.

I would prefer 'digitlen' rather than repurposing keylen and giving it a 
different meaning...

    Stefan
> 
> Thanks,
> 
> Lukas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ