Re: [PATCH 2/3] hwrng: exynos - add Samsung Exynos True RNG driver

It was <2017-11-24 pią 16:25>, when PrasannaKumar Muralidharan wrote: >> +} >> + >> +static int exynos_trng_do_read(struct hwrng *rng, void *data, size_t max, >> + bool wait) >> +{ >> + struct exynos_trng_dev *trng; >> + u32 val; >> + >> + max = max >

[PATCH] X.509: use crypto_shash_digest()

From: Eric Biggers Use crypto_shash_digest() instead of crypto_shash_init() followed by crypto_shash_finup(). (For simplicity only; they are equivalent.) Signed-off-by: Eric Biggers --- crypto/asymmetric_keys/x509_public_key.c | 6 +- 1 file

[PATCH] KEYS: be careful with error codes in public_key_verify_signature()

From: Eric Biggers In public_key_verify_signature(), if akcipher_request_alloc() fails, we return -ENOMEM. But that error code was set 25 lines above, and by accident someone could easily insert new code in between that assigns to 'ret', which would introduce a signature

[PATCH] pkcs7: use crypto_shash_digest()

From: Eric Biggers Use crypto_shash_digest() instead of crypto_shash_init() followed by crypto_shash_finup(). (For simplicity only; they are equivalent.) Signed-off-by: Eric Biggers --- crypto/asymmetric_keys/pkcs7_verify.c | 7 ++- 1 file

[PATCH] pkcs7: fix check for self-signed certificate

From: Eric Biggers pkcs7_validate_trust_one() used 'x509->next == x509' to identify a self-signed certificate. That's wrong; ->next is simply the link in the linked list of certificates in the PKCS#7 message. It should be checking ->signer instead. Fix it. Fortunately

[PATCH] pkcs7: return correct error code if pkcs7_check_authattrs() fails

From: Eric Biggers If pkcs7_check_authattrs() returns an error code, we should pass that error code on, rather than using ENOMEM. Fixes: 99db44350672 ("PKCS#7: Appropriately restrict authenticated attributes and content type") Signed-off-by: Eric Biggers

[PATCH] X.509: fix printing uninitialized stack memory when OID is empty

From: Eric Biggers Callers of sprint_oid() do not check its return value before printing the result. In the case where the OID is zero-length, -EBADMSG was being returned without anything being written to the buffer, resulting in uninitialized stack memory being printed.

[PATCH] X.509: fix buffer overflow detection in sprint_oid()

From: Eric Biggers In sprint_oid(), if the input buffer were to be more than 1 byte too small for the first snprintf(), 'bufsize' would underflow, causing a buffer overflow when printing the remainder of the OID. Fortunately this cannot actually happen currently, because no

[PATCH] X.509: fix comparisons of ->pkey_algo

From: Eric Biggers ->pkey_algo used to be an enum, but was changed to a string by commit 4e8ae72a75aa ("X.509: Make algo identifiers text instead of enum"). But two comparisons were not updated. Fix them to use strcmp(). This bug broke signature verification in certain

[PATCH] X.509: reject invalid BIT STRING for subjectPublicKey

From: Eric Biggers Adding a specially crafted X.509 certificate whose subjectPublicKey ASN.1 value is zero-length caused x509_extract_key_data() to set the public key size to SIZE_MAX, as it subtracted the nonexistent BIT STRING metadata byte. Then, x509_cert_parse() called

[PATCH] ASN.1: check for error from ASN1_OP_END__ACT actions

From: Eric Biggers asn1_ber_decoder() was ignoring errors from actions associated with the opcodes ASN1_OP_END_SEQ_ACT, ASN1_OP_END_SET_ACT, ASN1_OP_END_SEQ_OF_ACT, and ASN1_OP_END_SET_OF_ACT. In practice, this meant the pkcs7_note_signed_info() action (since that was the

[PATCH] ASN.1: fix out-of-bounds read when parsing indefinite length item

From: Eric Biggers In asn1_ber_decoder(), indefinitely-sized ASN.1 items were being passed to the action functions before their lengths had been computed, using the bogus length of 0x80 (ASN1_INDEFINITE_LENGTH). This resulted in reading data past the end of the input

Re: [PATCH 1/3] dt-bindings: hwrng: Add Samsung Exynos 5250+ True RNG bindings

On Thu, Nov 23, 2017 at 04:09:12PM +0100, Łukasz Stelmach wrote: > Add binding documentation for the True Random Number Generator > found on Samsung Exynos 5250+ SoCs. > > Signed-off-by: Łukasz Stelmach > --- > .../devicetree/bindings/rng/samsung,exynos5250-trng.txt | 17