[GIT PULL] KEYS: Miscellaneous bits for security/next
Hi James, Could you pull this into security/next, please? The most important patches here are the ones that deal with making the asymmetric key software public key subtype use the akcipher crypto API for the actual public key algorithm. But there are also: (1) Allow space to be reserved for extra certificate insertion in the unsigned kernel image. (2) Allow modules to be signed with a raw signature. (3) Allow utilities to be built with LibreSSL instead of OpenSSL. (4) Fix X.509 time & date parsing. (5) Use text-based identifiers within the public key code instead of enums. Plus other small fixes. Thanks, David --- The following changes since commit 388f7b1d6e8ca06762e2454d28d6c3c55ad0fe95: Linux 4.5-rc3 (2016-02-07 15:38:30 -0800) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-next-20160303 for you to fetch changes up to 4e8ae72a75aae285ec5b93518b9680da198afd0d: X.509: Make algo identifiers text instead of enum (2016-03-03 21:49:27 +) Keyrings changes for next Arnd Bergmann (1): modsign: hide openssl output in silent builds Codarren Velvindron (1): v2 linux-next scripts/sign-file.c Fix LibreSSL support Colin Ian King (1): PKCS#7: fix unitialized boolean 'want' David Howells (10): KEYS: Add an alloc flag to convey the builtinness of a key KEYS: CONFIG_KEYS_DEBUG_PROC_KEYS is no longer an option X.509: Fix leap year handling again Handle ISO 8601 leap seconds and encodings of midnight in mktime64() X.509: Support leap seconds X.509: Handle midnight alternative notation in GeneralizedTime certs: Fix misaligned data in extra certificate list MODSIGN: linux/string.h should be #included to get memcpy() akcipher: Move the RSA DER encoding check to the crypto layer X.509: Make algo identifiers text instead of enum Juerg Haefliger (1): scripts/sign-file.c: Add support for signing with a raw signature Marc-Antoine Perennou (1): sign-file: fix build with CMS support disabled Mehmet Kayaalp (2): KEYS: Reserve an extra certificate symbol for inserting without recompiling KEYS: Use the symbol value for list size, updated by scripts/insert-sys-cert Paul Gortmaker (1): security/keys: make big_key.c explicitly non-modular Tadeusz Struk (4): crypto: KEYS: convert public key and digsig asym to the akcipher api integrity: convert digsig to akcipher api crypto: public_key: remove MPIs from public_key_signature struct crypto: Add hash param to pkcs1pad arch/arm/configs/colibri_pxa270_defconfig | 1 - arch/arm/configs/iop13xx_defconfig | 1 - arch/arm/configs/iop32x_defconfig | 1 - arch/arm/configs/trizeps4_defconfig | 1 - arch/microblaze/configs/mmu_defconfig | 1 - arch/microblaze/configs/nommu_defconfig | 1 - arch/mips/configs/bigsur_defconfig | 1 - arch/mips/configs/ip22_defconfig| 1 - arch/mips/configs/ip27_defconfig| 1 - arch/mips/configs/ip32_defconfig| 1 - arch/mips/configs/jazz_defconfig| 1 - arch/mips/configs/lemote2f_defconfig| 1 - arch/mips/configs/rm200_defconfig | 1 - arch/mips/configs/sb1250_swarm_defconfig| 1 - arch/parisc/configs/712_defconfig | 1 - arch/parisc/configs/a500_defconfig | 1 - arch/parisc/configs/default_defconfig | 1 - arch/parisc/configs/generic-32bit_defconfig | 1 - arch/powerpc/configs/c2k_defconfig | 1 - arch/powerpc/configs/ppc6xx_defconfig | 1 - arch/score/configs/spct6600_defconfig | 1 - arch/tile/configs/tilegx_defconfig | 1 - arch/tile/configs/tilepro_defconfig | 1 - arch/x86/configs/i386_defconfig | 1 - arch/x86/configs/x86_64_defconfig | 1 - certs/Kconfig | 16 ++ certs/Makefile | 33 ++- certs/system_certificates.S | 13 + certs/system_keyring.c | 4 +- crypto/asymmetric_keys/Kconfig | 7 - crypto/asymmetric_keys/Makefile | 8 +- crypto/asymmetric_keys/mscode_parser.c | 14 +- crypto/asymmetric_keys/pkcs7_parser.c | 32 +-- crypto/asymmetric_keys/pkcs7_trust.c| 2 +- crypto/asymmetric_keys/pkcs7_verify.c | 10 +- crypto/asymmetric_keys/public_key.c | 154 +++ crypto/asymmetric_keys/public_key.h | 36 --- crypto/asymmetric_keys/rsa.c| 278 --- crypto/asymmetric_keys/verify_pefile.c | 4 +- crypto/asymmetric_keys/verify_pefile.h | 2 +- crypto/asymmetric_keys/x509_cert_parser.c | 75 ++--- cr
Re: [PATCH 1/3] Documentation: devicetree: add Freescale RNGC binding
On Mon, Feb 29, 2016 at 04:52:34PM +0100, Steffen Trumtrar wrote: > Add binding documentation for the Freescale RNGC found on > some i.MX2/3/5 SoCs. > > Signed-off-by: Steffen Trumtrar> --- > Documentation/devicetree/bindings/rng/mxc_rngc.txt | 16 > 1 file changed, 16 insertions(+) > create mode 100644 Documentation/devicetree/bindings/rng/mxc_rngc.txt Acked-by: Rob Herring -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [GIT PULL] KEYS: Miscellaneous bits for security/next
On Fri, 4 Mar 2016, David Howells wrote: > Hi James, > > Could you pull this into security/next, please? > Done. -- James Morris-- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/4] scatterlist: Introduce some helper functions
Hi Robert, On 4 March 2016 at 03:15, Robert Jarzmikwrote: > Baolin Wang writes: > >> @@ -212,6 +212,37 @@ static inline void sg_unmark_end(struct scatterlist *sg) >> } >> >> /** >> + * sg_is_contiguous - Check if the scatterlists are contiguous >> + * @sga: SG entry >> + * @sgb: SG entry >> + * >> + * Description: >> + * If the sga scatterlist is contiguous with the sgb scatterlist, >> + * that means they can be merged together. >> + * >> + **/ >> +static inline bool sg_is_contiguous(struct scatterlist *sga, >> + struct scatterlist *sgb) >> +{ >> + return ((sga->page_link & ~0x3UL) + sga->offset + sga->length == >> + (sgb->page_link & ~0x3UL)); >> +} > I don't understand that one. > sga->page_link is a pointer to a "struct page *". How can it be added to an > offset within a page ??? Ah, sorry that's a mistake. It should check as below: static inline bool sg_is_contiguous(struct scatterlist *sga, struct scatterlist *sgb) { return (unsigned int)sg_virt(sga) + sga->length == (unsigned int)sg_virt(sgb); } > >> @@ -370,6 +370,65 @@ int sg_alloc_table(struct sg_table *table, unsigned int >> nents, gfp_t gfp_mask) > ... >> /** >> + * sg_add_sg_to_table - Add one scatterlist into sg table >> + * @sgt: The sg table header to use >> + * @src: The sg need to be added into sg table >> + * >> + * Description: >> + * The 'nents' member indicates how many scatterlists added in the sg >> table. >> + * Copy the @src@ scatterlist into sg table and increase 'nents' member. >> + * >> + **/ >> +int sg_add_sg_to_table(struct sg_table *sgt, struct scatterlist *src) >> +{ >> + unsigned int i = 0, orig_nents = sgt->orig_nents; >> + struct scatterlist *sgl = sgt->sgl; >> + struct scatterlist *sg; >> + >> + /* Check if there are enough space for the new sg to be added */ >> + if (sgt->nents >= sgt->orig_nents) >> + return -EINVAL; > I must admit I don't understand that one either : how do comparing the number > of > "mapped" entries against the number of "allocated" entries determines if there > is enough room ? That's for a dynamic sg table. If there is one sg table allocated 'orig_nents' scatterlists, and we need copy another mapped scatterlist into the sg table if there are some requirements. So we use 'nents' to record how many scatterlists have been copied into the sg table. > >> +/** >> + * sg_alloc_empty_table - Allocate one empty sg table >> + * @sgt: The sg table header to use >> + * @nents: Number of entries in sg list >> + * @gfp_mask:GFP allocation mask >> + * >> + * Description: >> + *Allocate and initialize an sg table. The 'nents' member of sg_table >> + *indicates how many scatterlists added in the sg table. It should set >> + *0 which means there are no scatterlists added in this sg table now. >> + * >> + **/ >> +int sg_alloc_empty_table(struct sg_table *sgt, unsigned int nents, >> + gfp_t gfp_mask) > As for this one, there has to be a purpose for it I fail to see. From far away > it looks exactly like sg_alloc_table(), excepting it "works around" the nents > > > 0 protection of __sg_alloc_table(). > What is exactly the need for this one, and if it's usefull why not simply > changing the __sg_alloc_table() "nents > 0" test and see what the outcome of > the > review will be ? Like I said above. If we want to copy some mapped scatterlists into one sg table, we should set the 'nents' to 0 to indicates how many scatterlists coppied in the sg table. Thanks for your comments. > > Cheers. > > -- > Robert -- Baolin.wang Best Regards -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] vti6: Add pmtu handling to vti6_xmit.
On Wed, Feb 24, 2016 at 09:37:39PM +, Mark McKinstry wrote: > On 19/02/16 01:19, Steffen Klassert wrote: > > On Thu, Feb 18, 2016 at 01:40:00AM +, Mark McKinstry wrote: > >> This patch fixes our issue, thanks. In our scenario the tunnel path MTU > >> now gets updated so that subsequent large packets sent over the tunnel > >> get fragmented correctly. > > I've applied this patch to the ipsec tree now. > > Thanks for testing! > I spoke too soon. Upon further testing with this patch we have found it > causes > a skt buffer leak. This is problematic for us and can cause memory > exhaustion in > one of our test scenarios that has an IPv4 IPsec tunnel over a PPP link. The patch below is what I plan to apply on top of the original patch. Subject: [PATCH] vti: Fix recource leeks on pmtu discovery A recent patch introduced pmtu handling directly in the vti transmit routine. Unfortunately we now return without releasing the dst_entry and freeing the sk_buff. This patch fixes the issue. Fixes: 325b71fe0f57 ("vti: Add pmtu handling to vti_xmit.") Reported-by: Mark McKinstrySigned-off-by: Steffen Klassert --- net/ipv4/ip_vti.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index 6862305..2ea2b6e 100644 --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c @@ -206,7 +206,8 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev, else icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); - return -EMSGSIZE; + dst_release(dst); + goto tx_error; } err = dst_output(tunnel->net, skb->sk, skb); -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 0/3] KEYS: Use crypto rsa pkcs1pad module for software public keys
On Mon, Feb 29, 2016 at 09:32:08AM +, David Howells wrote: > Herbert Xuwrote: > > > David Howells wrote: > > > > > > Here's a set of patches that change the software public key asymmetric key > > > subtype to use the RSA pkcs1pad module in the crypto layer. I've merged > > > together mine and Tadeusz's patches. > > > > > > I have not included Tadeusz's original three patches that converted to > > > using the raw rsa module in this set, but they're prerequisites for this. > > > > Looks OK to me. Where do you want these patches to go? > > Can I turn that into an Reviewed-by? I'll take them through my tree and > James's tree. Of course. Acked-by: Herbert Xu -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH V2] crypto: implement DH primitives under akcipher API
Hi Salvatore, > Implement Diffie-Hellman primitives required by the scheme under the > akcipher API. Here is how it works. > 1) Call set_pub_key() by passing DH parameters (p,g) in PKCS3 format > 2) Call set_priv_key() to set your own private key (xa) in raw format > 3) Call decrypt() without passing any data as input to get back the > public part which will be computed as g^xa mod p > 4) Call encrypt() by passing the counter part public key (yb) in raw format > as input to get back the shared secret calculated as zz = yb^xa mod p I am still not convinced that akcipher is good match for key exchange methods. I think we should try to introduce a new abstraction here. Overloading set_pub_key() with DH params and using decrypt() for private/public key pair generation seems not a good fit. It does not really match. And as I said before, we know for certain that ECDH has to happen as well. So we need to forward look into making that fit as well. Regards Marcel -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto/async_pq: use __free_page() instead of put_page()
On Tue, Mar 01, 2016 at 10:54:50PM +0900, Joonsoo Kim wrote: > 2016-03-01 3:04 GMT+09:00 Dan Williams: > > On Mon, Feb 29, 2016 at 1:33 AM, Arnd Bergmann wrote: > >> The addition of tracepoints to the page reference tracking had an > >> unfortunate side-effect in at least one driver that calls put_page > >> from its exit function, resulting in a link error: > >> > >> `.exit.text' referenced in section `__jump_table' of crypto/built-in.o: > >> defined in discarded section `.exit.text' of crypto/built-in.o > >> > >> From a cursory look at that this driver, it seems that it may be > >> doing the wrong thing here anyway, as the page gets allocated > >> using 'alloc_page()', and should be freed using '__free_page()' > >> rather than 'put_page()'. > >> > >> With this patch, I no longer get any other build errors from the > >> page_ref patch, so hopefully we can assume that it's always wrong > >> to call any of those functions from __exit code, and that no other > >> driver does it. > >> > >> Fixes: 0f80830dd044 ("mm/page_ref: add tracepoint to track down page > >> reference manipulation") > >> Signed-off-by: Arnd Bergmann > > > > Acked-by: Dan Williams > > > > Vinod, will you take this one? > > Problematic patch ("mm/page_ref: ~~~") is not yet merged one. It is on mmotm > and this fix should go together with it or before it. I think that > handling this fix by > Andrew is easier to all. Okay fine by me. -- ~Vinod -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH V2] crypto: implement DH primitives under akcipher API
Implement Diffie-Hellman primitives required by the scheme under the akcipher API. Here is how it works. 1) Call set_pub_key() by passing DH parameters (p,g) in PKCS3 format 2) Call set_priv_key() to set your own private key (xa) in raw format 3) Call decrypt() without passing any data as input to get back the public part which will be computed as g^xa mod p 4) Call encrypt() by passing the counter part public key (yb) in raw format as input to get back the shared secret calculated as zz = yb^xa mod p A test is included in the patch. Test vector has been generated with openssl Signed-off-by: Salvatore Benedetto--- Changes in V2: * Use dh_get_params where required * Use key lengths defined in RFC3526 * Set fips_allowed=1 for the test crypto/Kconfig| 8 ++ crypto/Makefile | 7 ++ crypto/dh.c | 264 ++ crypto/pkcs3.asn1 | 5 ++ crypto/tcrypt.c | 4 + crypto/testmgr.c | 141 +++-- crypto/testmgr.h | 208 +- 7 files changed, 628 insertions(+), 9 deletions(-) create mode 100644 crypto/dh.c create mode 100644 crypto/pkcs3.asn1 diff --git a/crypto/Kconfig b/crypto/Kconfig index f6bfdda..fd5b78d 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -101,6 +101,14 @@ config CRYPTO_RSA help Generic implementation of the RSA public key algorithm. +config CRYPTO_DH + tristate "Diffie-Hellman algorithm" + select CRYPTO_AKCIPHER + select MPILIB + select ASN1 + help + Generic implementation of the Diffie-Hellman algorithm. + config CRYPTO_MANAGER tristate "Cryptographic algorithm manager" select CRYPTO_MANAGER2 diff --git a/crypto/Makefile b/crypto/Makefile index 4f4ef7e..ee73489 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -31,6 +31,13 @@ obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o +$(obj)/pkcs3-asn1.o: $(obj)/pkcs3-asn1.c $(obj)/pkcs3-asn1.h +clean-files += pkcs3-asn1.c pkcs3-asn1.h + +dh_generic-y := pkcs3-asn1.o +dh_generic-y += dh.o +obj-$(CONFIG_CRYPTO_DH) += dh_generic.o + $(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h $(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h clean-files += rsapubkey-asn1.c rsapubkey-asn1.h diff --git a/crypto/dh.c b/crypto/dh.c new file mode 100644 index 000..29243ee --- /dev/null +++ b/crypto/dh.c @@ -0,0 +1,264 @@ +/* Diffie-Hellman Key Agreement Method [RFC2631] + * + * Copyright (c) 2016, Intel Corporation + * Authors: Salvatore Benedetto + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#include +#include +#include +#include +#include +#include "pkcs3-asn1.h" + +struct dh_params { + MPI p; + MPI g; + MPI xa; +}; + +int dh_get_g(void *context, size_t hdrlen, unsigned char tag, const void *value, +size_t vlen) +{ + struct dh_params *params = context; + + params->g = mpi_read_raw_data(value, vlen); + + if (!params->g) + return -ENOMEM; + + return 0; +} + +int dh_get_p(void *context, size_t hdrlen, unsigned char tag, const void *value, +size_t vlen) +{ + struct dh_params *params = context; + + params->p = mpi_read_raw_data(value, vlen); + + if (!params->p) + return -ENOMEM; + + return 0; +} + +static int dh_parse_params(struct dh_params *params, const void *key, + unsigned int keylen) +{ + int ret; + + mpi_free(params->p); + mpi_free(params->g); + + ret = asn1_ber_decoder(_decoder, params, key, keylen); + + return ret; +} + +static void dh_free_params(struct dh_params *params) +{ + mpi_free(params->p); + mpi_free(params->g); + mpi_free(params->xa); + params->p = NULL; + params->g = NULL; + params->xa = NULL; +} + +/* + * Public key generation function [RFC2631 sec 2.1.1] + * ya = g^xa mod p; + */ +static int _generate_public_key(const struct dh_params *params, MPI ya) +{ + /* ya = g^xa mod p */ + return mpi_powm(ya, params->g, params->xa, params->p); +} + +/* + * ZZ generation function [RFC2631 sec 2.1.1] + * ZZ = yb^xa mod p; + */ +static int _compute_shared_secret(const struct dh_params *params, MPI yb, + MPI zz) +{ + /* ZZ = yb^xa mod p */ + return mpi_powm(zz, yb, params->xa, params->p); +} + +static inline struct dh_params *dh_get_params(struct crypto_akcipher *tfm) +{ + return akcipher_tfm_ctx(tfm); +} + +static int dh_generate_public_key(struct akcipher_request *req) +{ + struct
Re: [PATCH 3/4] crypto: ccp - CCP versioning support
On 03/01/2016 01:49 PM, Gary R Hook wrote: > Future hardware may introduce new algorithms wherein the > driver will need to manage resources for different versions > of the cryptographic coprocessor. This precursor patch > determines the version of the available device, and marks > and registers algorithms accordingly. A structure is added > which manages the version-specific data. > > Signed-off-by: Gary R HookAcked-by: Tom Lendacky > --- > drivers/crypto/ccp/ccp-crypto-aes.c | 12 ++- > drivers/crypto/ccp/ccp-crypto-sha.c |9 +++- > drivers/crypto/ccp/ccp-dev.c| 27 > drivers/crypto/ccp/ccp-dev.h|8 +++ > drivers/crypto/ccp/ccp-pci.c|8 ++- > drivers/crypto/ccp/ccp-platform.c | 39 > +-- > include/linux/ccp.h | 17 +++ > 7 files changed, 115 insertions(+), 5 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/4] crypto: ccp - Remove check for x86 family and model
On 03/01/2016 01:48 PM, Gary R Hook wrote: > Each x86 SoC will make use of a unique PCI ID for the CCP > device so it is not necessary to check for the CPU family > and model. > > Signed-off-by: Gary R HookAcked-by: Tom Lendacky > --- > drivers/crypto/ccp/ccp-dev.c | 47 > ++ > 1 file changed, 11 insertions(+), 36 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/4] scatterlist: Introduce some helper functions
Baolin Wangwrites: > @@ -212,6 +212,37 @@ static inline void sg_unmark_end(struct scatterlist *sg) > } > > /** > + * sg_is_contiguous - Check if the scatterlists are contiguous > + * @sga: SG entry > + * @sgb: SG entry > + * > + * Description: > + * If the sga scatterlist is contiguous with the sgb scatterlist, > + * that means they can be merged together. > + * > + **/ > +static inline bool sg_is_contiguous(struct scatterlist *sga, > + struct scatterlist *sgb) > +{ > + return ((sga->page_link & ~0x3UL) + sga->offset + sga->length == > + (sgb->page_link & ~0x3UL)); > +} I don't understand that one. sga->page_link is a pointer to a "struct page *". How can it be added to an offset within a page ??? > @@ -370,6 +370,65 @@ int sg_alloc_table(struct sg_table *table, unsigned int > nents, gfp_t gfp_mask) ... > /** > + * sg_add_sg_to_table - Add one scatterlist into sg table > + * @sgt: The sg table header to use > + * @src: The sg need to be added into sg table > + * > + * Description: > + * The 'nents' member indicates how many scatterlists added in the sg > table. > + * Copy the @src@ scatterlist into sg table and increase 'nents' member. > + * > + **/ > +int sg_add_sg_to_table(struct sg_table *sgt, struct scatterlist *src) > +{ > + unsigned int i = 0, orig_nents = sgt->orig_nents; > + struct scatterlist *sgl = sgt->sgl; > + struct scatterlist *sg; > + > + /* Check if there are enough space for the new sg to be added */ > + if (sgt->nents >= sgt->orig_nents) > + return -EINVAL; I must admit I don't understand that one either : how do comparing the number of "mapped" entries against the number of "allocated" entries determines if there is enough room ? > +/** > + * sg_alloc_empty_table - Allocate one empty sg table > + * @sgt: The sg table header to use > + * @nents: Number of entries in sg list > + * @gfp_mask:GFP allocation mask > + * > + * Description: > + *Allocate and initialize an sg table. The 'nents' member of sg_table > + *indicates how many scatterlists added in the sg table. It should set > + *0 which means there are no scatterlists added in this sg table now. > + * > + **/ > +int sg_alloc_empty_table(struct sg_table *sgt, unsigned int nents, > + gfp_t gfp_mask) As for this one, there has to be a purpose for it I fail to see. From far away it looks exactly like sg_alloc_table(), excepting it "works around" the nents > 0 protection of __sg_alloc_table(). What is exactly the need for this one, and if it's usefull why not simply changing the __sg_alloc_table() "nents > 0" test and see what the outcome of the review will be ? Cheers. -- Robert -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html