Am Freitag, 18. März 2016, 20:32:05 schrieb Tudor Ambarus: Hi Tudor, > This patch adds the function scatterwalk_sg_copychunks which writes > a chunk of data from a scatterwalk to another scatterwalk. > It will be used by caam driver to remove the leading zeros of RSA's > algorithm output. The following is unrelated to the patch, but regarding your statement: I lately read that leading zeros are skipped for RSA. Why is that implemented this way? The driver of my question is side channels. Don't we open ourselves up to side channel attacks when forgetting about zeros? Heck, by simply processing zeros in a modular exponentiation (of a private key), we have side channels, because processing of zeros is faster than ones. I am starting to wonder whether this magic with the leading zeros is going to hurt us? Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html