Looking through the source code I didn't see anything specific to an
in-kernel only encryption key.

My thought would be to add an extra flag into the session_op structure
indicating that the session should just ignore any data in the ioctl call.
Thus, instead of the copy_from_user call, the function would be modified to
retrieve the key data from some other kernel source.  I also this could be
accomplished by some sort of negative value indicators for the key lengths
or NULL for the key pointers passed in in the session_op ioctl, but that
seems more like magic.  Adding another ioctl definition also seems

Does anyone have any guidance for a convention?
Cryptodev-linux-devel mailing list

Reply via email to