From: Nicolai Stange <nicstange@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: Tadeusz Struk <tadeusz.struk@intel.com>,
Michal Marek <mmarek@suse.com>,
Andrzej Zaborowski <andrew.zaborowski@intel.com>,
Stephan Mueller <smueller@chronox.de>,
Arnd Bergmann <arnd@arndb.de>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Nicolai Stange <nicstange@gmail.com>
Subject: [PATCH v3 01/14] lib/mpi: mpi_write_sgl(): fix skipping of leading zero limbs
Date: Tue, 22 Mar 2016 13:12:35 +0100 [thread overview]
Message-ID: <1458648768-1469-2-git-send-email-nicstange@gmail.com> (raw)
In-Reply-To: <1458648768-1469-1-git-send-email-nicstange@gmail.com>
Currently, if the number of leading zeros is greater than fits into a
complete limb, mpi_write_sgl() skips them by iterating over them limb-wise.
However, it fails to adjust its internal leading zeros tracking variable,
lzeros, accordingly: it does a
p -= sizeof(alimb);
continue;
which should really have been a
lzeros -= sizeof(alimb);
continue;
Since lzeros never decreases if its initial value >= sizeof(alimb), nothing
gets copied by mpi_write_sgl() in that case.
Instead of skipping the high order zero limbs within the loop as shown
above, fix the issue by adjusting the copying loop's bounds.
Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
---
lib/mpi/mpicoder.c | 21 +++++++++------------
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index eb15e7d..6bb52be 100644
--- a/lib/mpi/mpicoder.c
+++ b/lib/mpi/mpicoder.c
@@ -380,7 +380,9 @@ int mpi_write_to_sgl(MPI a, struct scatterlist *sgl, unsigned *nbytes,
buf_len = sgl->length;
p2 = sg_virt(sgl);
- for (i = a->nlimbs - 1; i >= 0; i--) {
+ for (i = a->nlimbs - 1 - lzeros / BYTES_PER_MPI_LIMB,
+ lzeros %= BYTES_PER_MPI_LIMB;
+ i >= 0; i--) {
alimb = a->d[i];
p = (u8 *)&alimb2;
#if BYTES_PER_MPI_LIMB == 4
@@ -401,17 +403,12 @@ int mpi_write_to_sgl(MPI a, struct scatterlist *sgl, unsigned *nbytes,
#error please implement for this limb size.
#endif
if (lzeros > 0) {
- if (lzeros >= sizeof(alimb)) {
- p -= sizeof(alimb);
- continue;
- } else {
- mpi_limb_t *limb1 = (void *)p - sizeof(alimb);
- mpi_limb_t *limb2 = (void *)p - sizeof(alimb)
- + lzeros;
- *limb1 = *limb2;
- p -= lzeros;
- y = lzeros;
- }
+ mpi_limb_t *limb1 = (void *)p - sizeof(alimb);
+ mpi_limb_t *limb2 = (void *)p - sizeof(alimb)
+ + lzeros;
+ *limb1 = *limb2;
+ p -= lzeros;
+ y = lzeros;
lzeros -= sizeof(alimb);
}
--
2.7.4
next prev parent reply other threads:[~2016-03-22 12:13 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-22 12:12 [PATCH v3 00/14] lib/mpi: bug fixes and cleanup Nicolai Stange
2016-03-22 12:12 ` Nicolai Stange [this message]
2016-03-22 12:12 ` [PATCH v3 02/14] lib/mpi: mpi_write_sgl(): fix style issue with lzero decrement Nicolai Stange
2016-03-22 12:12 ` [PATCH v3 03/14] lib/mpi: mpi_write_sgl(): purge redundant pointer arithmetic Nicolai Stange
2016-03-22 12:12 ` [PATCH v3 04/14] lib/mpi: mpi_write_sgl(): fix out-of-bounds stack access Nicolai Stange
2016-03-22 12:12 ` [PATCH v3 05/14] lib/mpi: mpi_write_sgl(): replace open coded endian conversion Nicolai Stange
2016-03-22 12:12 ` [PATCH v3 06/14] lib/mpi: mpi_read_buffer(): optimize skipping of leading zero limbs Nicolai Stange
2016-03-22 12:12 ` [PATCH v3 07/14] lib/mpi: mpi_read_buffer(): replace open coded endian conversion Nicolai Stange
2016-03-22 12:12 ` [PATCH v3 08/14] lib/mpi: mpi_read_buffer(): fix buffer overflow Nicolai Stange
2016-03-22 12:12 ` [PATCH v3 09/14] lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes Nicolai Stange
2016-03-22 12:12 ` [PATCH v3 10/14] lib/mpi: mpi_read_raw_from_sgl(): don't include leading zero SGEs in nbytes Nicolai Stange
2016-03-22 12:12 ` [PATCH v3 11/14] lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits Nicolai Stange
2016-03-22 12:17 ` [PATCH v3 12/14] lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation Nicolai Stange
2016-03-22 12:18 ` [PATCH v3 13/14] lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices Nicolai Stange
2016-03-22 12:18 ` [PATCH v3 14/14] lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access Nicolai Stange
2016-04-05 12:47 ` [PATCH v3 00/14] lib/mpi: bug fixes and cleanup Herbert Xu
2016-04-05 12:49 ` Nicolai Stange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1458648768-1469-2-git-send-email-nicstange@gmail.com \
--to=nicstange@gmail.com \
--cc=andrew.zaborowski@intel.com \
--cc=arnd@arndb.de \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mmarek@suse.com \
--cc=smueller@chronox.de \
--cc=tadeusz.struk@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).