[S390] Handling of 4096 bit RSA keys in CRT format.
authorFelix Beck <felix.beck@de.ibm.com>
Wed, 5 Jan 2011 11:47:48 +0000 (12:47 +0100)
committerMartin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com>
Wed, 5 Jan 2011 11:47:27 +0000 (12:47 +0100)
Also process 4096 bit RSA keys in CRT format. Handle them like the
smaller keys and take care of the zero padding.

Signed-off-by: Felix Beck <felix.beck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
drivers/s390/crypto/zcrypt_api.c

index 7fca9c10ffcfad9b0901e7ae53fcac9b06697d82..8e65447f76b7bb66874c51fbe1ef2538f35df042 100644 (file)
@@ -396,8 +396,15 @@ static long zcrypt_rsa_crt(struct ica_rsa_modexpo_crt *crt)
                        if (copied == 0) {
                                unsigned int len;
                                spin_unlock_bh(&zcrypt_device_lock);
-                               /* len is max 256 / 2 - 120 = 8 */
-                               len = crt->inputdatalength / 2 - 120;
+                               /* len is max 256 / 2 - 120 = 8
+                                * For bigger device just assume len of leading
+                                * 0s is 8 as stated in the requirements for
+                                * ica_rsa_modexpo_crt struct in zcrypt.h.
+                                */
+                               if (crt->inputdatalength <= 256)
+                                       len = crt->inputdatalength / 2 - 120;
+                               else
+                                       len = 8;
                                if (len > sizeof(z1))
                                        return -EFAULT;
                                z1 = z2 = z3 = 0;
@@ -405,6 +412,7 @@ static long zcrypt_rsa_crt(struct ica_rsa_modexpo_crt *crt)
                                    copy_from_user(&z2, crt->bp_key, len) ||
                                    copy_from_user(&z3, crt->u_mult_inv, len))
                                        return -EFAULT;
+                               z1 = z2 = z3 = 0;
                                copied = 1;
                                /*
                                 * We have to restart device lookup -