RE: [PATCH v3 2/3] crypto: rsa_helper - add raw integer parser actions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Stephan,

I was out of office, sorry for the delay.

> Am Mittwoch, 6. April 2016, 16:37:05 schrieb Tudor Ambarus:
> 
> > +int rsa_check_key_length(unsigned int len)
> > +{
> > +	switch (len) {
> > +	case 512:
> > +	case 1024:
> > +	case 1536:
> > +	case 2048:
> > +	case 3072:
> > +	case 4096:
> > +		return 0;
> > +	}
> > +
> > +	return -EINVAL;
> > +}
> > +EXPORT_SYMBOL_GPL(rsa_check_key_length);
> 
> I assume we can remove that length check in the future and you just ported
> it
> to be en-par with the feature set of the current implementation?

Yes, this is how we agreed. Removing this limitation is a fix for the current implementation and should be treated in an explicit patch. It's not in the scope of this patch set, we will do it later.

> > +void raw_rsa_free_coherent_key(struct device *dev, struct rsa_raw_key
> *key)
> > +{
> > +	if (key->d) {
> > +		memset(key->d, '\0', key->n_sz);
> 
> memzero_explicit, please

I don't think this is really needed. memzero_explicit is used only on stack variables that get cleared just before they go out of scope.

> 
> > +		dma_free_coherent(dev, key->n_sz, key->d, key->dma_d);
> > +		key->d = NULL;
> > +	}
> > +
> > +	if (key->e) {
> > +		dma_free_coherent(dev, key->n_sz, key->e, key->dma_e);
> > +		key->e = NULL;
> > +	}
> > +
> > +	if (key->n) {
> > +		dma_free_coherent(dev, key->n_sz, key->n, key->dma_n);
> > +		key->n = NULL;
> > +	}
> > +
> > +	key->n_sz = 0;
> > +	key->e_sz = 0;
> > +}
> > +EXPORT_SYMBOL_GPL(raw_rsa_free_coherent_key);
> > +
> > +int raw_rsa_get_n(void *context, const void *value, size_t vlen)
> > +{
> > +	struct rsa_raw_ctx *ctx = context;
> > +	struct rsa_raw_key *key = &ctx->key;
> > +	const char *ptr = value;
> > +	int ret = -EINVAL;
> > +
> > +	while (!*ptr && vlen) {
> > +		ptr++;
> > +		vlen--;
> > +	}
> > +
> > +	key->n_sz = vlen;
> > +	/* In FIPS mode only allow key size 2K & 3K */
> 
> Again, this only excludes 4k as this should be done in a subsequent patch,
> right?

Yes, this will be addressed in an explicit patch. It's an update that is not in the scope of this patch set.

Stephan, thank you for the review!

ta
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux