Hi Stephan, On 12/21/2015 01:27 PM, Stephan Mueller wrote: >> @@ -192,7 +194,30 @@ static int alg_setkey(struct sock *sk, char __user >> > *ukey, if (copy_from_user(key, ukey, keylen)) >> > goto out; >> > >> > - err = setkey(ask->private, key, keylen); >> > + if (key_id) { > Wouldn't it make sense to rather have a complete separate function for setting > the key based on the ID? I.e. we have one function for setting the key based > on a user-given buffer. A second function handles your additional code. As > both are unrelated, I would not suggest to clutter one function with the logic > of the other. Either way is fine with me. I just didn't want to have too many indentation levels in the alg_setsockopt function. > >> - err = alg_setkey(sk, optval, optlen, type->setkey); >> > + /* ALG_SET_KEY_ID is only for akcipher */ >> > + if (!strcmp(type->name, "akcipher") && key_id) > Why do you want to limit it to akcipher? I would think it can apply to all > types of keys. You mention that you want to restrict it to akcipher, but where > do you see the limitation for HMAC / skcipher? > I pass key_type_asymmetric to request_key(), which only works with asymmetric. To enable symmetric we would need to have a new key type, which would handle both. Thanks, -- TS -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html