lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YfiCc9XXzbQz9rqy@sol.localdomain>
Date:   Mon, 31 Jan 2022 16:44:35 -0800
From:   Eric Biggers <ebiggers@...nel.org>
To:     Mimi Zohar <zohar@...ux.ibm.com>
Cc:     linux-integrity@...r.kernel.org,
        Stefan Berger <stefanb@...ux.ibm.com>,
        linux-fscrypt@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 3/8] fs-verity: define a function to return the
 integrity protected file digest

On Tue, Jan 25, 2022 at 07:06:53PM -0500, Mimi Zohar wrote:
> +	hash_alg = vi->tree_params.hash_alg;
> +	memset(digest, 0, FS_VERITY_MAX_DIGEST_SIZE);
> +
> +	/* convert hash algorithm to hash_algo_name */
> +	i = match_string(hash_algo_name, HASH_ALGO__LAST, hash_alg->name);
> +	if (i < 0)
> +		return -EINVAL;
> +	*alg = i;

The above comment is backwards.  This code is converting a hash algorithm name
to an ID.  The comment is unclear, but it sounds like it's saying the opposite.

> +
> +	memcpy(digest, vi->file_digest, hash_alg->digest_size);

Here there are two "sources of truth" for the digest size.  How about checking
that they are the same:

	if (WARN_ON_ONCE(hash_alg->digest_size != hash_digest_size[*alg]))
		return -EINVAL;

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ