On Sun, Feb 02, 2025 at 08:00:53PM +0100, Lukas Wunner wrote: > KEYCTL_PKEY_QUERY system calls for ecdsa keys return the key size as > max_enc_size and max_dec_size, even though such keys cannot be used for > encryption/decryption. They're exclusively for signature generation or > verification. > > Only rsa keys with pkcs1 encoding can also be used for encryption or > decryption. > > Return 0 instead for ecdsa keys (as well as ecrdsa keys). > > Signed-off-by: Lukas Wunner <lukas@xxxxxxxxx> > Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > --- > crypto/asymmetric_keys/public_key.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) I think we should discuss who is using these user-space APIs before doing any more work on them. The in-kernel asymmetric crypto code is not safe against side-channel attacks. As there are no in-kernel users of private-key functionality, we should consider getting rid of private key support completely. As it stands the only user is this user-space API. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
