On 6/9/26 11:28 AM, Zhuoying Cai wrote:
[...]
vce_max_size = sizeof(VCEntryHeader) +
ROUND_UP(CERT_KEY_ID_LEN, 4) +
ROUND_UP(CERT_HASH_LEN, 4) +
ROUND_UP(cert->der_size, 4);
After thinking about this, I’m not entirely sure, but I think using the
calculated vce_max_size might be a better choice than MAX_ENTRY_SIZE,
since vce_max_size more closely reflects the size of the current VCE.
MAX_ENTRY_SIZE is currently defined as 8192, which is significantly
larger than the size of a single VCB that will be requested in a later
patch.
I agree that it does make more sense to use the calculated size here, but
do we actually know 8192 is significantly larger than what we will need?
If so that seems like a problem with our definition of the max size.
Can we use a smaller value, or is it possible that the calculated
vce_max_size is close to 8k anyway?
Although we check whether the remaining space is sufficient to
store the VCE, allocating MAX_ENTRY_SIZE for each VCE might be unnecessary?
Just wondering if this makes sense, or if you think we should keep using
MAX_ENTRY_SIZE here?
In this context, yes, it would be better to use the calculated size, but
also if you feel that the current definition of MAX_ENTRY_SIZE will be
significantly larger than we need, should we reconsider what we define
MAX_ENTRY_SIZE as?
[...]
Regards,
Jared Rossi
