On 10/01/2015 09:04 PM, Herbert Xu wrote: >> I do use src_len for processing. The sg_len() is still useful for >> > parameter checking to make sure that src_len <= sg_len(req->src) > I don't see the point. We don't check that anywhere else in the > crypto API. It's the caller's responsibility to provide valid input > parameters. > > Untrusted callers must be vetted at the point of entry, i.e., > algif. This is used not only in rsa, but also in the new mpi sgl helpers. Should I drop all the params checking? -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html