On Mon, Dec 13, 2010 at 12:24:34PM -0500, Miloslav Trmac wrote:
> ----- "Neil Horman" <nhorman@xxxxxxxxxxxxx> wrote:
> > +static int rng_recvmsg(struct kiocb *unused, struct socket *sock,
> > + struct msghdr *msg, size_t len, int flags)
> > +{
> > + struct sock *sk = sock->sk;
> > + struct alg_sock *ask = alg_sk(sk);
> > + struct rng_ctx *ctx = ask->private;
> > + int rc, i;
> > + u8 *data = kzalloc(len, GFP_KERNEL);
> There probably should be an upper limit on the allocation - perhaps just always allocate a single page.
>
I'd rather allocate the explicit amount needed, just to avoid added memory
pressure allocating memory that we won't use, but yes, I can definately add an
upper limit to how much data can be requested in a single call.
> > +static void rng_release(void *private)
> > +{
> > + struct rng_ctx *ctx = private;
> > + crypto_free_rng(ctx->ctx);
> > + kfree(ctx->seed);
> Is a seed secret enough that it should be zeroed before freeing? (Same in setkey, accept_parent).
>
I don't think that nececcecary, strictly speaking, but it couldn't hurt.
Actually looking at it, I don't really need to duplicate the seed at all in
accept_parent. I can probaby shrink that down considerably.
Thanks for the notes Mirek, I'll post an updated version shortly.
Neil
> Mirek
>
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
