On Wed, Jan 7, 2026 at 1:53 PM David Howells <[email protected]> wrote: > > Ignat Korchagin <[email protected]> wrote: > > > > + ret = -ENOMEM; > > > + sig->digest = kmalloc(umax(sinfo->authattrs_len, > > > sig->digest_size), > > > + GFP_KERNEL); > > > > Can we refactor this so we allocate the right size from the start. > > The problem is that we don't know the right size until we've tried parsing it. > > > Alternatively, should we just unconditionally use this approach > > "overallocating" some times? > > In some ways, what I'd rather do is push the hash calculation down into the > crypto/ layer for all public key algos.
Probably better indeed > Also, we probably don't actually need to copy the authattrs, just retain a > pointer into the source buffer and the length since we don't intend to keep > the digest around beyond the verification procedure. So I might be able to > get away with just a flag saying I don't need to free it. > > However, there's an intermediate hash if there are authattrs, so I will need > to store that somewhere - though that could be allocated on demand. > > David > Ignat
