On Sat, 22 Jun 2019 at 07:06, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Sat, Jun 22, 2019 at 02:30:43AM +0200, Ard Biesheuvel wrote: > > The recently added helper routines to perform key strength validation > > of 3ede_keys is slightly inadequate, since it doesn't check the key > > length, and it comes in two versions, neither of which are highly > > The skcipher helper doesn't need to check the key length because > it's the responsibility of the crypto API to check the key length > through min_keysize/max_keysize. > > But yes if you're going to do a helper for lib/des then you'd need > to check the key length but please keep it separate from the skcipher > helper. > Ah yes, I had missed the fact that skcipher checks the lengths already. But actually, that applies equally to ablkcipher and cipher, so only aead instantiations need to perform the length check explicitly. I will drop the key_len arg from these helper routines, but I'd still like to convert the skcipher helper into a generic helper that takes a struct crypto_tfm*. I'll also add some better documentation of the API in the next rev.
