Hi Stephan, I was out of office, sorry for the delay. > Am Mittwoch, 6. April 2016, 16:37:05 schrieb Tudor Ambarus: > > > +int rsa_check_key_length(unsigned int len) > > +{ > > + switch (len) { > > + case 512: > > + case 1024: > > + case 1536: > > + case 2048: > > + case 3072: > > + case 4096: > > + return 0; > > + } > > + > > + return -EINVAL; > > +} > > +EXPORT_SYMBOL_GPL(rsa_check_key_length); > > I assume we can remove that length check in the future and you just ported > it > to be en-par with the feature set of the current implementation? Yes, this is how we agreed. Removing this limitation is a fix for the current implementation and should be treated in an explicit patch. It's not in the scope of this patch set, we will do it later. > > +void raw_rsa_free_coherent_key(struct device *dev, struct rsa_raw_key > *key) > > +{ > > + if (key->d) { > > + memset(key->d, '\0', key->n_sz); > > memzero_explicit, please I don't think this is really needed. memzero_explicit is used only on stack variables that get cleared just before they go out of scope. > > > + dma_free_coherent(dev, key->n_sz, key->d, key->dma_d); > > + key->d = NULL; > > + } > > + > > + if (key->e) { > > + dma_free_coherent(dev, key->n_sz, key->e, key->dma_e); > > + key->e = NULL; > > + } > > + > > + if (key->n) { > > + dma_free_coherent(dev, key->n_sz, key->n, key->dma_n); > > + key->n = NULL; > > + } > > + > > + key->n_sz = 0; > > + key->e_sz = 0; > > +} > > +EXPORT_SYMBOL_GPL(raw_rsa_free_coherent_key); > > + > > +int raw_rsa_get_n(void *context, const void *value, size_t vlen) > > +{ > > + struct rsa_raw_ctx *ctx = context; > > + struct rsa_raw_key *key = &ctx->key; > > + const char *ptr = value; > > + int ret = -EINVAL; > > + > > + while (!*ptr && vlen) { > > + ptr++; > > + vlen--; > > + } > > + > > + key->n_sz = vlen; > > + /* In FIPS mode only allow key size 2K & 3K */ > > Again, this only excludes 4k as this should be done in a subsequent patch, > right? Yes, this will be addressed in an explicit patch. It's an update that is not in the scope of this patch set. Stephan, thank you for the review! ta -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html