lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0ae37bcc-4398-644b-a295-1245d73e5450@gmail.com>
Date:   Tue, 25 Apr 2023 16:14:49 +0530
From:   Shreenidhi Shedi <yesshedi@...il.com>
To:     gregkh@...uxfoundation.org, dhowells@...hat.com,
        dwmw2@...radead.org
Cc:     linux-kernel@...r.kernel.org, sshedi@...are.com
Subject: Re: [PATCH v6 0/7] refactor file signing program

On Wed, 22-Mar-2023 01:03, Shreenidhi Shedi wrote:
> From: Shreenidhi Shedi <yesshedi@...il.com>
> 
> This patch series refactors the sign-file program.
> 
> Brief of changes in this patch series:
> 
> - Improve argument parsing logic.
> - Add few more easy to remember arguments.
> - Add support to sign bunch of modules at once.
> - Improve the help message with examples.
> - Few trivial checkpatch reported issue fixes.
> 
> Version 6 changes:
> - Fixed commit messages as suggested by Greg and David.
> 
> Version 5 changes:
> - Addressed review comments from David Howells.
> - Fragmented the patches into further small units.
> Link:
> v4: https://lore.kernel.org/all/20230221170804.3267242-1-yesshedi@gmail.com/
> 
> Version 1 - Version 4 changes:
> Did some back and forth changes. Getting familiar with patch submission
> process, nothing significant happened.
> 
> Links:
> v1: https://lore.kernel.org/all/dc852d8e-816a-0fb2-f50e-ff6c2aa11dd8@gmail.com/
> v2: https://lore.kernel.org/all/20230213185019.56902-1-yesshedi@gmail.com/
> v3: https://lore.kernel.org/all/20230213190034.57097-1-yesshedi@gmail.com/
> 
> Shreenidhi Shedi (7):
>    sign-file: use getopt_long_only for parsing input args
>    sign-file: inntroduce few new flags to make argument processing easy.
>    sign-file: move file signing logic to its own function
>    sign-file: add support to sign modules in bulk
>    sign-file: improve help message
>    sign-file: use const with a global string constant
>    sign-file: fix do while styling issue
> 
>   scripts/sign-file.c | 292 +++++++++++++++++++++++++++++++-------------
>   1 file changed, 209 insertions(+), 83 deletions(-)
> 
> --
> 2.39.2
> 
>  From mboxrd@z Thu Jan  1 00:00:00 1970
> Return-Path: <linux-kernel-owner@...r.kernel.org>
> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
> 	aws-us-west-2-korg-lkml-1.web.codeaurora.org
> Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
> 	by smtp.lore.kernel.org (Postfix) with ESMTP id 04233C6FD1D
> 	for <linux-kernel@...hiver.kernel.org>; Tue, 21 Mar 2023 19:34:57 +0000 (UTC)
> Received: (majordomo@...r.kernel.org) by vger.kernel.org via listexpand
>          id S230310AbjCUTez (ORCPT <rfc822;linux-kernel@...hiver.kernel.org>);
>          Tue, 21 Mar 2023 15:34:55 -0400
> Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50370 "EHLO
>          lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
>          with ESMTP id S230287AbjCUTeq (ORCPT
>          <rfc822;linux-kernel@...r.kernel.org>);
>          Tue, 21 Mar 2023 15:34:46 -0400
> Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d])
>          by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 127EC570B5
>          for <linux-kernel@...r.kernel.org>; Tue, 21 Mar 2023 12:34:09 -0700 (PDT)
> Received: by mail-pf1-x42d.google.com with SMTP id fd25so9747574pfb.1
>          for <linux-kernel@...r.kernel.org>; Tue, 21 Mar 2023 12:34:09 -0700 (PDT)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>          d=gmail.com; s=20210112; t=1679427226;
>          h=content-transfer-encoding:mime-version:references:in-reply-to
>           :message-id:date:subject:cc:to:from:from:to:cc:subject:date
>           :message-id:reply-to;
>          bh=JfE1Pm3xCC/xMjfmbV6dg9bDdIIYNa99PYfAs69HM0w=;
>          b=lg/FcqI+lffJF0M/bbmFlheKKJUVTXCS5F8jAhnrBAvXyA2IqG/9hmNjzvsDp5ngKk
>           SDO3W2J+fE6lLOj/TSKcsSfKiFb6PBXyAUEVycnCvhNuN9U4QO10ihmPCnwMX6t+okTd
>           V7073khKaNF0l7HH0sODuuxEBuR26SC2Sfr3Ejf/A3DwrerYutz/aKdNC06BGtcx9VTd
>           jOqI5hf/s5xGB8YKp8zGdbn0XnRG5QE7Io2dLaEw2EDU6RVp+0sQBepgBPbMNnM1vGVC
>           w2gtIizlYIO1WyZAXij+vlqgRARBPm42MVPHtG3mEBeVhkuHvcJl9KuzowBZXUqqcm+P
>           ELjQ==
> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>          d=1e100.net; s=20210112; t=1679427226;
>          h=content-transfer-encoding:mime-version:references:in-reply-to
>           :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
>           :subject:date:message-id:reply-to;
>          bh=JfE1Pm3xCC/xMjfmbV6dg9bDdIIYNa99PYfAs69HM0w=;
>          b=EycJZurnMRKaNtbX9dO0lkGbc2874R1xwH37vsERv4GSiRcqjNFXyQNcKfdgoQCLir
>           C9Y2TX/5Z1RO8h9Q4jLrVKwd4ET+uxWuartUjIxLWn54dRlyT0iQErQ9D1D9u7WlFcL+
>           Rzb54LhQ8OsPRnq5EL6pWlV9kwz1f+vRdhGSLzr9Yh9SgcdmfC795gVip2Q4AqoJtPy5
>           qyUK9YLjRALEsrfQ6Dv5qa1YHZgJI0pvT5JGj+mG4ivQA8GohclChNDilLqL4bWjrmMJ
>           Tsh3y/gU2tvHVzFFclSnR5aLMeyq/YJ0TeQIY2kfY55La4dcKa/vN4zoInzMJtGSauaD
>           0AyQ==
> X-Gm-Message-State: AO0yUKXAn7Kq+WcFipmZkubkO6+9cgkbmRpOdXeWo0Ec3Ybm6KP4x9H4
>          jmstKnTCBbBo/srwNR0LEHc=
> X-Google-Smtp-Source: AK7set+AIpPB2wg+jmk+XWvuY7jaNO6CT8aybg2knfYtPhrLXe9DgrH3ebZsJ6n8B4fdOysRGySkBA==
> X-Received: by 2002:a05:6a00:2e1e:b0:626:2bb0:30d4 with SMTP id fc30-20020a056a002e1e00b006262bb030d4mr1076267pfb.8.1679427226423;
>          Tue, 21 Mar 2023 12:33:46 -0700 (PDT)
> Received: from f37.eng.vmware.com ([66.170.99.1])
>          by smtp.googlemail.com with ESMTPSA id k23-20020aa790d7000000b006247123adf1sm8843044pfk.143.2023.03.21.12.33.45
>          (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
>          Tue, 21 Mar 2023 12:33:46 -0700 (PDT)
> From:   Shreenidhi Shedi <yesshedi@...il.com>
> X-Google-Original-From: Shreenidhi Shedi <sshedi@...are.com>
> To:     gregkh@...uxfoundation.org, dhowells@...hat.com,
>          dwmw2@...radead.org
> Cc:     linux-kernel@...r.kernel.org, sshedi@...are.com, yesshedi@...il.com
> Subject: [PATCH v6 1/7] sign-file: use getopt_long_only for parsing input args
> Date:   Wed, 22 Mar 2023 01:03:35 +0530
> Message-Id: <20230321193341.87997-2-sshedi@...are.com>
> X-Mailer: git-send-email 2.39.2
> In-Reply-To: <20230321193341.87997-1-sshedi@...are.com>
> References: <20230321193341.87997-1-sshedi@...are.com>
> MIME-Version: 1.0
> Content-Transfer-Encoding: 8bit
> Precedence: bulk
> List-ID: <linux-kernel.vger.kernel.org>
> X-Mailing-List: linux-kernel@...r.kernel.org
> 
> From: Shreenidhi Shedi <yesshedi@...il.com>
> 
> - getopt_long_only gives an option to use long names for options, so
>    using it here to make the app usage easier.
> 
> - Use more easy to remember command line argument names
> 
> - Introduce cmd_opts structure to ease the handling of command line args
> 
> Signed-off-by: Shreenidhi Shedi <yesshedi@...il.com>
> ---
>   scripts/sign-file.c | 97 ++++++++++++++++++++++++++++++++++++---------
>   1 file changed, 78 insertions(+), 19 deletions(-)
> 
> diff --git a/scripts/sign-file.c b/scripts/sign-file.c
> index 598ef5465f82..94228865b6cc 100644
> --- a/scripts/sign-file.c
> +++ b/scripts/sign-file.c
> @@ -213,15 +213,77 @@ static X509 *read_x509(const char *x509_name)
>   	return x509;
>   }
>   
> +struct cmd_opts {
> +	char *raw_sig_name;
> +	bool save_sig;
> +	bool replace_orig;
> +	bool raw_sig;
> +	bool sign_only;
> +#ifndef USE_PKCS7
> +	unsigned int use_keyid;
> +#endif
> +};
> +
> +static void parse_args(int argc, char **argv, struct cmd_opts *opts)
> +{
> +	struct option cmd_options[] = {
> +		{"rawsig",	required_argument,  0,	's'},
> +		{"savesig",	no_argument,	    0,	'p'},
> +		{"signonly",	no_argument,	    0,	'd'},
> +#ifndef USE_PKCS7
> +		{"usekeyid",	no_argument,	    0,	'k'},
> +#endif
> +		{0, 0, 0, 0}
> +	};
> +
> +	int opt;
> +	int opt_index = 0;
> +
> +	do {
> +#ifndef USE_PKCS7
> +		opt = getopt_long_only(argc, argv, "pds:",
> +				cmd_options, &opt_index);
> +#else
> +		opt = getopt_long_only(argc, argv, "pdks:",
> +				cmd_options, &opt_index);
> +#endif
> +		switch (opt) {
> +		case 's':
> +			opts->raw_sig = true;
> +			opts->raw_sig_name = optarg;
> +			break;
> +
> +		case 'p':
> +			opts->save_sig = true;
> +			break;
> +
> +		case 'd':
> +			opts->sign_only = true;
> +			opts->save_sig = true;
> +			break;
> +
> +#ifndef USE_PKCS7
> +		case 'k':
> +			opts->use_keyid = CMS_USE_KEYID;
> +			break;
> +#endif
> +
> +		case -1:
> +			break;
> +
> +		default:
> +			format();
> +			break;
> +		}
> +	} while (opt != -1);
> +}
> +
>   int main(int argc, char **argv)
>   {
>   	struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
>   	char *hash_algo = NULL;
> -	char *private_key_name = NULL, *raw_sig_name = NULL;
> +	char *private_key_name = NULL;
>   	char *x509_name, *module_name, *dest_name;
> -	bool save_sig = false, replace_orig;
> -	bool sign_only = false;
> -	bool raw_sig = false;
>   	unsigned char buf[4096];
>   	unsigned long module_size, sig_size;
>   	unsigned int use_signed_attrs;
> @@ -229,13 +291,14 @@ int main(int argc, char **argv)
>   	EVP_PKEY *private_key;
>   #ifndef USE_PKCS7
>   	CMS_ContentInfo *cms = NULL;
> -	unsigned int use_keyid = 0;
>   #else
>   	PKCS7 *pkcs7 = NULL;
>   #endif
>   	X509 *x509;
>   	BIO *bd, *bm;
> -	int opt, n;
> +	int n;
> +	struct cmd_opts opts = {};
> +
>   	OpenSSL_add_all_algorithms();
>   	ERR_load_crypto_strings();
>   	ERR_clear_error();
> @@ -247,23 +310,19 @@ int main(int argc, char **argv)
>   #else
>   	use_signed_attrs = PKCS7_NOATTR;
>   #endif
> +	parse_args(argc, argv, &opts);
> +	argc -= optind;
> +	argv += optind;
>   
> -	do {
> -		opt = getopt(argc, argv, "sdpk");
> -		switch (opt) {
> -		case 's': raw_sig = true; break;
> -		case 'p': save_sig = true; break;
> -		case 'd': sign_only = true; save_sig = true; break;
> +	const char *raw_sig_name = opts.raw_sig_name;
> +	const bool save_sig = opts.save_sig;
> +	const bool raw_sig = opts.raw_sig;
> +	const bool sign_only = opts.sign_only;
> +	bool replace_orig = opts.replace_orig;
>   #ifndef USE_PKCS7
> -		case 'k': use_keyid = CMS_USE_KEYID; break;
> +	const unsigned int use_keyid = opts.use_keyid;
>   #endif
> -		case -1: break;
> -		default: format();
> -		}
> -	} while (opt != -1);
>   
> -	argc -= optind;
> -	argv += optind;
>   	if (argc < 4 || argc > 5)
>   		format();
>   

Hi Greg and David,

Can you please review the latest patch series? I think I have addressed 
your concerns. Thanks.

-- 
Shedi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ