lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1293207642.3196.35.camel@localhost.localdomain>
Date:	Fri, 24 Dec 2010 11:20:42 -0500
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	Roberto Sassu <roberto.sassu@...ito.it>
Cc:	linux-security-module@...r.kernel.org, keyrings@...ux-nfs.org,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	David Howells <dhowells@...hat.com>,
	James Morris <jmorris@...ei.org>,
	David Safford <safford@...son.ibm.com>,
	Gianluca Ramunno <ramunno@...ito.it>,
	Tyler Hicks <tyhicks@...ux.vnet.ibm.com>,
	kirkland@...onical.com
Subject: Re: [RFC][PATCH 2/6] encrypted-keys: added additional debug
 messages

On Thu, 2010-12-23 at 18:34 +0100, Roberto Sassu wrote:
> Some debug messages have been added in the function datablob_parse() in
> order to better identify errors returned when dealing with 'encrypted'
> keys.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@...ito.it>

Other than the patches being mangled by the mailer, nice. Please
re-post.

Acked-by: Mimi Zohar <zohar@...ibm.com>

> ---
>  security/keys/encrypted_defined.c |   44 +++++++++++++++++++++++++++---------
>  1 files changed, 33 insertions(+), 11 deletions(-)
> 
> diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted_defined.c
> index c1c5e27..2bb2c47 100644
> --- a/security/keys/encrypted_defined.c
> +++ b/security/keys/encrypted_defined.c
> @@ -133,46 +133,68 @@ static int datablob_parse(char *datablob, char **master_desc,
>  	substring_t args[MAX_OPT_ARGS];
>  	int ret = -EINVAL;
>  	int key_cmd;
> -	char *p;
> +	char *p, *keyword;
>  
> -	p = strsep(&datablob, " \t");
> -	if (!p)
> +	keyword = strsep(&datablob, " \t");
> +	if (!keyword) {
> +		pr_err("encrypted_key: insufficient parameters specified\n");
>  		return ret;
> -	key_cmd = match_token(p, key_tokens, args);
> +	}
> +	key_cmd = match_token(keyword, key_tokens, args);
>  
>  	*master_desc = strsep(&datablob, " \t");
> -	if (!*master_desc)
> +	if (!*master_desc) {
> +		pr_err("encrypted_key: master key parameter is missing\n");
>  		goto out;
> +	}
>  
> -	if (valid_master_desc(*master_desc, NULL) < 0)
> +	if (valid_master_desc(*master_desc, NULL) < 0) {
> +		pr_err("encrypted_key: master key parameter \'%s\' "
> +		       "is invalid\n", *master_desc);
>  		goto out;
> +	}
>  
>  	if (decrypted_datalen) {
>  		*decrypted_datalen = strsep(&datablob, " \t");
> -		if (!*decrypted_datalen)
> +		if (!*decrypted_datalen) {
> +			pr_err("encrypted_key: keylen parameter is missing\n");
>  			goto out;
> +		}
>  	}
>  
>  	switch (key_cmd) {
>  	case Opt_new:
> -		if (!decrypted_datalen)
> +		if (!decrypted_datalen) {
> +			pr_err("encrypted_key: keyword \'%s\' not allowed when "
> +			       "updating an existent key\n", keyword);
>  			break;
> +		}
>  		ret = 0;
>  		break;
>  	case Opt_load:
> -		if (!decrypted_datalen)
> +		if (!decrypted_datalen) {
> +			pr_err("encrypted_key: keyword \'%s\' not allowed when "
> +			       "updating an existent key\n", keyword);
>  			break;
> +		}
>  		*hex_encoded_iv = strsep(&datablob, " \t");
> -		if (!*hex_encoded_iv)
> +		if (!*hex_encoded_iv) {
> +			pr_err("encrypted_key: hex blob is missing\n");
>  			break;
> +		}
>  		ret = 0;
>  		break;
>  	case Opt_update:
> -		if (decrypted_datalen)
> +		if (decrypted_datalen) {
> +			pr_err("encrypted_key: keyword \'%s\' not allowed when "
> +			       "instantiating a new key\n", keyword);
>  			break;
> +		}
>  		ret = 0;
>  		break;
>  	case Opt_err:
> +		pr_err("encrypted_key: keyword \'%s\' not recognized\n",
> +		       keyword);
>  		break;
>  	}
>  out:


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ