lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 12 Oct 2018 10:02:39 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     denkenz@...il.com
Cc:     "James E.J. Bottomley" <jejb@...ux.vnet.ibm.com>,
        dhowells@...hat.com, Nathan Chancellor <natechancellor@...il.com>,
        Eric Biggers <ebiggers@...gle.com>, zohar@...ux.vnet.ibm.com,
        jmorris@...ei.org, serge@...lyn.com,
        linux-integrity@...r.kernel.org, keyrings@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] KEYS: trusted: fix -Wvarags warning

On Fri, Oct 12, 2018 at 5:29 AM Denis Kenzior <denkenz@...il.com> wrote:
>
> Hi Nick,
>
> > @@ -123,7 +123,7 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
> >    */
> >   static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
> >                       unsigned int keylen, unsigned char *h1,
> > -                     unsigned char *h2, unsigned char h3, ...)
> > +                     unsigned char h2, unsigned char *h3, ...)
> >   {
> >       unsigned char paramdigest[SHA1_DIGEST_SIZE];
> >       struct sdesc *sdesc;
>
> So my concern here is that this actually breaks the natural argument
> order compared to what the specification uses.  This in turn requires
> one to perform some mental gymnastics and I'm not sure that this is such
> a good idea.

Thanks for the review.

> Refer to
> https://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-3-Commands_v1.2_rev116_01032011.pdf
> for details.

 Can you cite the relevant section?

>
> Note that H3 is really the 'continueAuthSession' variable which is a
> bool.  In the above specification BOOL has a size of 1, and TSS_authhmac
> already assigns a h3 to 'c' which is used for the actual hashing.
>
> So can't we simply use 'bool' or uint32 as the type for h3 instead of
> re-ordering everything?

int was exactly what I originally proposed:
https://github.com/ClangBuiltLinux/linux/issues/41#issuecomment-428365339.
If that works for you and the maintainers, I can send that in patch
form.

>
> Regards,
> -Denis



-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ