lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1403053631.6929.9.camel@dhcp-9-2-203-236.watson.ibm.com>
Date:	Tue, 17 Jun 2014 21:07:11 -0400
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	Dmitry Kasatkin <d.kasatkin@...sung.com>
Cc:	dhowells@...hat.com, jwboyer@...hat.com, keyrings@...ux-nfs.org,
	linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/3] KEYS: make key id matching as a dedicated
 function

On Tue, 2014-06-17 at 11:56 +0300, Dmitry Kasatkin wrote: 
> Key id matching will also be used in the following patch.
> To avoid code duplication this patch moves functionality
> to a separate function.
> 
> Signed-off-by: Dmitry Kasatkin <d.kasatkin@...sung.com>

In refactoring asymmetric_key_match(), its changed.  The reason for this
change should be included in the patch description.  (Bug fixes should
be documented.)

thanks,

Mimi

> ---
>  crypto/asymmetric_keys/asymmetric_keys.h |  2 ++
>  crypto/asymmetric_keys/asymmetric_type.c | 50 ++++++++++++++++++++------------
>  2 files changed, 33 insertions(+), 19 deletions(-)
> 
> diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h
> index 515b634..a63c551 100644
> --- a/crypto/asymmetric_keys/asymmetric_keys.h
> +++ b/crypto/asymmetric_keys/asymmetric_keys.h
> @@ -9,6 +9,8 @@
>   * 2 of the Licence, or (at your option) any later version.
>   */
> 
> +int asymmetric_keyid_match(const char *kid, const char *id);
> +
>  static inline const char *asymmetric_key_id(const struct key *key)
>  {
>  	return key->type_data.p[1];
> diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
> index b77eb53..1fd1d30 100644
> --- a/crypto/asymmetric_keys/asymmetric_type.c
> +++ b/crypto/asymmetric_keys/asymmetric_type.c
> @@ -23,6 +23,34 @@ static LIST_HEAD(asymmetric_key_parsers);
>  static DECLARE_RWSEM(asymmetric_key_parsers_sem);
> 
>  /*
> + * Match asymmetric key id with partial match
> + * @id:		key id to match in a form "id:<id>"
> + */
> +int asymmetric_keyid_match(const char *kid, const char *id)
> +{
> +	size_t idlen, kidlen;
> +
> +	if (!kid || !id)
> +		return 0;
> +
> +	/* make it possible to use id as in the request: "id:<id>" */
> +	if (strncmp(id, "id:", 3) == 0)
> +		id += 3;
> +
> +	/* Anything after here requires a partial match on the ID string */
> +	idlen = strlen(id);
> +	kidlen = strlen(kid);
> +	if (idlen > kidlen)
> +		return 0;
> +
> +	kid += kidlen - idlen;
> +	if (strcasecmp(id, kid) != 0)
> +		return 0;
> +
> +	return 1;
> +}
> +
> +/*
>   * Match asymmetric keys on (part of) their name
>   * We have some shorthand methods for matching keys.  We allow:
>   *
> @@ -34,9 +62,8 @@ static int asymmetric_key_match(const struct key *key, const void *description)
>  {
>  	const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
>  	const char *spec = description;
> -	const char *id, *kid;
> +	const char *id;
>  	ptrdiff_t speclen;
> -	size_t idlen, kidlen;
> 
>  	if (!subtype || !spec || !*spec)
>  		return 0;
> @@ -55,23 +82,8 @@ static int asymmetric_key_match(const struct key *key, const void *description)
>  	speclen = id - spec;
>  	id++;
> 
> -	/* Anything after here requires a partial match on the ID string */
> -	kid = asymmetric_key_id(key);
> -	if (!kid)
> -		return 0;
> -
> -	idlen = strlen(id);
> -	kidlen = strlen(kid);
> -	if (idlen > kidlen)
> -		return 0;
> -
> -	kid += kidlen - idlen;
> -	if (strcasecmp(id, kid) != 0)
> -		return 0;
> -
> -	if (speclen == 2 &&
> -	    memcmp(spec, "id", 2) == 0)
> -		return 1;
> +	if (speclen == 2 && memcmp(spec, "id", 2) == 0)
> +		return asymmetric_keyid_match(asymmetric_key_id(key), id);
> 
>  	if (speclen == subtype->name_len &&
>  	    memcmp(spec, subtype->name, speclen) == 0)


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ