Re: [PATCH 2/3] crypto: ccp - return an actual key size from RSA max_size callback

From: Gary R Hook
Date: Fri Mar 02 2018 - 19:16:28 EST


On 03/02/2018 05:58 PM, Maciej S. Szmigiero wrote:
On 03.03.2018 00:49, Hook, Gary wrote:
On 3/2/2018 5:15 PM, Maciej S. Szmigiero wrote:

Thanks.

However, what about the first patch from this series?
Without it, while it no longer should cause a buffer overflow, in-kernel
X.509 certificate verification will still fail with CCP driver loaded
(since CCP RSA implementation has a higher priority than the software
RSA implementation).

Maciej



I commented on that one here:
https://marc.info/?l=linux-crypto-vger&m=151986452422791&w=2

Effectively a NACK. We are a reviewing a proposed patch right now.

Your earlier comment referred to the third patch from this series.
My message above was about the first one.

Apologies; my mistake.