On Sat, 22 Jun 2019 at 07:06, Herbert Xu <herb...@gondor.apana.org.au> wrote:
>
> On Sat, Jun 22, 2019 at 02:30:43AM +0200, Ard Biesheuvel wrote:
> > The recently added helper routines to perform key strength validation
> > of 3ede_keys is slightly inadequate, since it doesn't check the key
> > length, and it comes in two versions, neither of which are highly
>
> The skcipher helper doesn't need to check the key length because
> it's the responsibility of the crypto API to check the key length
> through min_keysize/max_keysize.
>
> But yes if you're going to do a helper for lib/des then you'd need
> to check the key length but please keep it separate from the skcipher
> helper.
>

Ah yes, I had missed the fact that skcipher checks the lengths
already. But actually, that applies equally to ablkcipher and cipher,
so only aead instantiations need to perform the length check
explicitly.

I will drop the key_len arg from these helper routines, but I'd still
like to convert the skcipher helper into a generic helper that takes a
struct crypto_tfm*.

I'll also add some better documentation of the API in the next rev.

Reply via email to