On Mon, Dec 13, 2010 at 04:25:14PM -0500, Neil Horman wrote: > Change notes: > Changed rng_rcvmsg to allocate a fixed size maximum temp block to store rng data > when recvmsg is called. This should prevent malicious DoS from user space by > tring to receive obscene amounts of random data in one call. Instead now we > loop using the same block of data and copy it incrementally to the user space > buffer using memcpy_toiovecend > > Also changed the accept routine to only allocate a new rng, and not store the > seed value separately, simplifying the code somewhat. also now we memset the > parent sockets seed value to zero on free to hide the seed from intruders. > > Summary: > This patch enhances the AF_ALG protocol family to include support for random > number generator algorithms. With this enhancment, users of the AF_ALG protocol > can now bind sockets to instances of the various RNG algorithms available to the > kernel. For those RNG's that support it, instances can be reseeded using the > SETKEY socket option within the AF_ALG socket family. Like with hashes and > ciphers, only the intially created socket allows seeding, and only child sockets > retured via accept may return random data. Sending data on RNG instances is > prohibited, only receiving RNG data is possible. > > Tested successfully using NIST provided RNG vectors by myself: > Signed-off-by: Neil Horman <nhorman@xxxxxxxxxxxxx> > CC: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > CC: "David S. Miller" <davem@xxxxxxxxxxxxx> Herbert, Sorry to bug you about this, but are you still planning on pulling this now that Linus has the infrastructure scheduled for 2.6.38? Neil -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
