On Tue, Mar 01, 2016 at 12:17:15PM +0100, Stephan Mueller wrote: Hi Stephan, > Am Dienstag, 1. März 2016, 11:08:34 schrieb Salvatore Benedetto: > > Hi Salvatore, > > > > > +static int dh_check_params_length(unsigned int p_len) > > > > +{ > > > > + switch (p_len) { > > > > + case 768: > > > > + case 1024: > > > > + case 1536: > > > > + case 2048: > > > > + case 3072: > > > > + case 4096: > > > > + return 0; > > > > + } > > > > + return -EINVAL; > > > > +} > > > > > > What is the reason for restricting the size to 4096? > > > > Honestly no reason. > > Could not find restrictions in the spec about the params length. > > I am just wondering because other DH impls allow longer sizes. > > And besides, I would like to disallow all < 2048 right from the start. > Hmm.. What range would you suggest? I just thought that having the same range we support with RSA would be OK for now. > > > > + > > > > +static int dh_no_op(struct akcipher_request *req) > > > > +{ > > > > + return -ENOPROTOOPT; > > > > +} > > > > + > > > > +static int dh_set_priv_key(struct crypto_akcipher *tfm, const void > > > > *key, > > > > + unsigned int keylen) > > > > +{ > > > > + struct dh_params *params = akcipher_tfm_ctx(tfm); > > > > > > dh_get_params? > > > > You mean adding a helper function? OK. > > Not adding, but using your helper function -- why do you have it there in the > first place? :-) > True. I actually use it in dh_generate_public_key and dh_compute_shared_secret. I'll fix that, thanks. Regards, Salvatore -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html