Mat Martineau <mathew.j.martineau@xxxxxxxxxxxxxxx> wrote:
>
>> + if (strcmp(encoding, "pkcs1") == 0) {
>> + /* The data wangled by the RSA algorithm is typically padded
>> + * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
>> + * sec 8.2].
>> + */
>> + if (!hash_algo)
>> + n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
>> + "pkcs1pad(%s)",
>> + pkey->pkey_algo);
>
> Did you see Herbert's patch that strips out non-hash pkcs1pad capabilities
> (and the ensuing discussion)?
>
> http://www.spinics.net/lists/linux-crypto/index.html#20432
>
> I'm making use of pkcs1pad(rsa) with a TLS implementation, so it's good to
> see it supported here.
Indeed I'm nacking this patch because it's exporting a purely
software algorithm to user-space for no good reason. AFAICS
there is nothing in the pkcs1pad code that cannot be done in
user-space, even assuming that your private key is secret and
only accessible from the kernel.
IOW exporting the raw RSA might make sense because the key may
not be visible to user-space, or that the RSA might be implemented
in hardware offload, but there is no sane reason to export pkcs1pad.
Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
