Re: [PATCH v4 4/5] crypto: AF_ALG: add random number generator support
From: Stephan Mueller <hidden>
Date: 2014-12-05 22:03:06
Also in:
linux-crypto, lkml
Am Freitag, 5. Dezember 2014, 23:53:59 schrieb Herbert Xu: Hi Herbert,
On Wed, Dec 03, 2014 at 08:59:01PM +0100, Stephan Mueller wrote:quoted
+static int rng_recvmsg(struct kiocb *unused, struct socket *sock, + struct msghdr *msg, size_t len, int flags) +{ + struct sock *sk = sock->sk; + struct alg_sock *ask = alg_sk(sk); + struct rng_ctx *ctx = ask->private; + int err = -EFAULT; + + if (len == 0) + return 0; + if (len > MAXSIZE) + len = MAXSIZE; + + lock_sock(sk);This lock simply protects ctx->result. Since you're using a tiny buffer why not just put it on the stack?
When I developed the DRBG code, I got comments that 128 byte variables shall not be on the stack in kernel code. But if you agree that I can put a 128 byte variable on the stack, I will see it done.
quoted
+ u8 *buf = kmalloc(seedsize, GFP_KERNEL); + if (!buf) + goto err; + get_random_bytes(buf, seedsize); + ret = crypto_rng_reset(private, buf, len);I think you should leave the seeding and the seed to the user. Perhaps do it through setsockopt (on the parent socket).
Sure. But please note that the seeding happens only when seedsize > 0. Such seeding therefore is not performed for krng, and the DRBG because both seed automatically. Therefore, may I propose the following: We offer a setsockopt for (re)seeding. For all RNGs with seedsize > 0, we return EAGAIN for recvmsg until a setsockopt for at least seedsize is provided. That would imply that krng and DRBG would be usable without seeding from user space. -- Ciao Stephan