From: Neil Horman Subject: Re: [PATCH] Add RNG support to AF_ALG (v2) Date: Thu, 20 Jan 2011 18:34:40 -0500 Message-ID: <20110120233440.GA2451@localhost.localdomain> References: <1292260317-2684-1-git-send-email-nhorman@tuxdriver.com> <1292275514-2488-1-git-send-email-nhorman@tuxdriver.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Herbert Xu , "David S. Miller" To: linux-crypto@vger.kernel.org Return-path: Received: from charlotte.tuxdriver.com ([70.61.120.58]:50754 "EHLO smtp.tuxdriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754115Ab1ATXew (ORCPT ); Thu, 20 Jan 2011 18:34:52 -0500 Content-Disposition: inline In-Reply-To: <1292275514-2488-1-git-send-email-nhorman@tuxdriver.com> Sender: linux-crypto-owner@vger.kernel.org List-ID: On Mon, Dec 13, 2010 at 04:25:14PM -0500, Neil Horman wrote: > Change notes: > Changed rng_rcvmsg to allocate a fixed size maximum temp block to store rng data > when recvmsg is called. This should prevent malicious DoS from user space by > tring to receive obscene amounts of random data in one call. Instead now we > loop using the same block of data and copy it incrementally to the user space > buffer using memcpy_toiovecend > > Also changed the accept routine to only allocate a new rng, and not store the > seed value separately, simplifying the code somewhat. also now we memset the > parent sockets seed value to zero on free to hide the seed from intruders. > > Summary: > This patch enhances the AF_ALG protocol family to include support for random > number generator algorithms. With this enhancment, users of the AF_ALG protocol > can now bind sockets to instances of the various RNG algorithms available to the > kernel. For those RNG's that support it, instances can be reseeded using the > SETKEY socket option within the AF_ALG socket family. Like with hashes and > ciphers, only the intially created socket allows seeding, and only child sockets > retured via accept may return random data. Sending data on RNG instances is > prohibited, only receiving RNG data is possible. > > Tested successfully using NIST provided RNG vectors by myself: > Signed-off-by: Neil Horman > CC: Herbert Xu > CC: "David S. Miller" Herbert, Sorry to bug you about this, but are you still planning on pulling this now that Linus has the infrastructure scheduled for 2.6.38? Neil