Hi Stephan, > -----Original Message----- > From: Stephan Mueller [mailto:smueller@xxxxxxxxxx] > Sent: Friday, March 18, 2016 9:47 PM > To: Tudor-Dan Ambarus > Cc: herbert@xxxxxxxxxxxxxxxxxxx; tadeusz.struk@xxxxxxxxx; linux- > crypto@xxxxxxxxxxxxxxx; Horia Ioan Geanta Neag > Subject: Re: [PATCH 02/10] crypto: rsa_helper - add raw integer parser > actions > > > +int rsa_check_key_length(unsigned int len) > > +{ > > + switch (len) { > > + case 512: > > + case 1024: > > + case 1536: > > + case 2048: > > + case 3072: > > + case 4096: > > + return 0; > > + } > > I know that you copied the code to a new location that was there already. > But > based on the discussion we had for DH, does it make sense that the kernel > adds > such (artificial) limits? [ta] This is not within the scope of this patch set, but we can remove the restrictions in a subsequent patch. Marcel has suggested to not impose limits on the minimum length of the key. What about the maximum? > > + > > + return -EINVAL; > > +} > > +EXPORT_SYMBOL_GPL(rsa_check_key_length); > > + > > +int raw_rsa_get_n(void *context, size_t hdrlen, unsigned char tag, > > + const void *value, size_t vlen) > > +{ > > + struct rsa_raw_ctx *ctx = context; > > + struct rsa_raw_key *key = &ctx->key; > > + const char *ptr = value; > > + int ret = -EINVAL; > > + > > + while (!*ptr && vlen) { > > + ptr++; > > + vlen--; > > + } > > + > > + key->n_sz = vlen; > > + /* In FIPS mode only allow key size 2K & 3K */ > > + if (fips_enabled && (key->n_sz != 256 && key->n_sz != 384)) { > > Again, you copied that code that used to be there . But very very recently, > NIST allowed 4k keys too. May I ask to allow it here? > I suggest to do this in a separate patch. Can you send us a pointer to the NIST specification? Thank you, ta -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html