RE: [PATCH v3 2/3] crypto: rsa_helper - add raw integer parser actions

Thu, 14 Apr 2016 08:29:49 -0700 

Hi Stephan,

I was out of office, sorry for the delay.

> Am Mittwoch, 6. April 2016, 16:37:05 schrieb Tudor Ambarus:
> 
> > +int rsa_check_key_length(unsigned int len)
> > +{
> > +   switch (len) {
> > +   case 512:
> > +   case 1024:
> > +   case 1536:
> > +   case 2048:
> > +   case 3072:
> > +   case 4096:
> > +           return 0;
> > +   }
> > +
> > +   return -EINVAL;
> > +}
> > +EXPORT_SYMBOL_GPL(rsa_check_key_length);
> 
> I assume we can remove that length check in the future and you just ported
> it
> to be en-par with the feature set of the current implementation?

Yes, this is how we agreed. Removing this limitation is a fix for the current 
implementation and should be treated in an explicit patch. It's not in the 
scope of this patch set, we will do it later.

> > +void raw_rsa_free_coherent_key(struct device *dev, struct rsa_raw_key
> *key)
> > +{
> > +   if (key->d) {
> > +           memset(key->d, '\0', key->n_sz);
> 
> memzero_explicit, please

I don't think this is really needed. memzero_explicit is used only on stack 
variables that get cleared just before they go out of scope.

> 
> > +           dma_free_coherent(dev, key->n_sz, key->d, key->dma_d);
> > +           key->d = NULL;
> > +   }
> > +
> > +   if (key->e) {
> > +           dma_free_coherent(dev, key->n_sz, key->e, key->dma_e);
> > +           key->e = NULL;
> > +   }
> > +
> > +   if (key->n) {
> > +           dma_free_coherent(dev, key->n_sz, key->n, key->dma_n);
> > +           key->n = NULL;
> > +   }
> > +
> > +   key->n_sz = 0;
> > +   key->e_sz = 0;
> > +}
> > +EXPORT_SYMBOL_GPL(raw_rsa_free_coherent_key);
> > +
> > +int raw_rsa_get_n(void *context, const void *value, size_t vlen)
> > +{
> > +   struct rsa_raw_ctx *ctx = context;
> > +   struct rsa_raw_key *key = &ctx->key;
> > +   const char *ptr = value;
> > +   int ret = -EINVAL;
> > +
> > +   while (!*ptr && vlen) {
> > +           ptr++;
> > +           vlen--;
> > +   }
> > +
> > +   key->n_sz = vlen;
> > +   /* In FIPS mode only allow key size 2K & 3K */
> 
> Again, this only excludes 4k as this should be done in a subsequent patch,
> right?

Yes, this will be addressed in an explicit patch. It's an update that is not in 
the scope of this patch set.

Stephan, thank you for the review!

ta
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to