On Mon, Dec 13, 2010 at 12:24:34PM -0500, Miloslav Trmac wrote:
> ----- "Neil Horman" <nhor...@tuxdriver.com> wrote:
> > +static int rng_recvmsg(struct kiocb *unused, struct socket *sock,
> > +                   struct msghdr *msg, size_t len, int flags)
> > +{
> > +   struct sock *sk = sock->sk;
> > +   struct alg_sock *ask = alg_sk(sk);
> > +   struct rng_ctx *ctx = ask->private;
> > +   int rc, i;
> > +   u8 *data = kzalloc(len, GFP_KERNEL);
> There probably should be an upper limit on the allocation - perhaps just 
> always allocate a single page.
> 
I'd rather allocate the explicit amount needed, just to avoid added memory
pressure allocating memory that we won't use, but yes, I can definately add an
upper limit to how much data can be requested in a single call.

> > +static void rng_release(void *private)
> > +{
> > +   struct rng_ctx *ctx = private;
> > +   crypto_free_rng(ctx->ctx);
> > +   kfree(ctx->seed);
> Is a seed secret enough that it should be zeroed before freeing?  (Same in 
> setkey, accept_parent).
> 
I don't think that nececcecary, strictly speaking, but it couldn't hurt.
Actually looking at it, I don't really need to duplicate the seed at all in
accept_parent.  I can probaby shrink that down considerably. 

Thanks for the notes Mirek, I'll post an updated version shortly.
Neil

>      Mirek
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to