On Mon, Dec 13, 2010 at 04:25:14PM -0500, Neil Horman wrote:
> Change notes:
> Changed rng_rcvmsg to allocate a fixed size maximum temp block to store rng 
> data
> when recvmsg is called.  This should prevent malicious DoS from user space by
> tring to receive obscene amounts of random data in one call.  Instead now we
> loop using the same block of data and copy it incrementally to the user space
> buffer using memcpy_toiovecend
> 
> Also changed the accept routine to only allocate a new rng, and not store the
> seed value separately, simplifying the code somewhat.  also now we memset the
> parent sockets seed value to zero on free to hide the seed from intruders.
> 
> Summary:
> This patch enhances the AF_ALG protocol family to include support for random
> number generator algorithms.  With this enhancment, users of the AF_ALG 
> protocol
> can now bind sockets to instances of the various RNG algorithms available to 
> the
> kernel.  For those RNG's that support it, instances can be reseeded using the
> SETKEY socket option within the AF_ALG socket family.  Like with hashes and
> ciphers, only the intially created socket allows seeding, and only child 
> sockets
> retured via accept may return random data.  Sending data on RNG instances is
> prohibited, only receiving RNG data is possible.
> 
> Tested successfully using NIST provided RNG vectors by myself:
> Signed-off-by: Neil Horman <nhor...@tuxdriver.com>
> CC: Herbert Xu <herb...@gondor.apana.org.au>
> CC: "David S. Miller" <da...@davemloft.net>
Herbert, Sorry to bug you about this, but are you still planning on pulling this
now that Linus has the infrastructure scheduled for 2.6.38?

Neil

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to