Re: [PATCH v8 6/6] crypto: AF_ALG - add support for key_id

From: Tadeusz Struk
Date: Tue Jul 05 2016 - 16:27:12 EST

Next message: Mark Hounschell: "Resend: Another 4.4 to 4.5 floppy issue"
Previous message: Mason: "Re: WARNING: CPU: 0 PID: 0 at net/ipv4/af_inet.c:155 inet_sock_destruct+0x1c4/0x1dc"
Next in thread: Mat Martineau: "Re: [PATCH v8 6/6] crypto: AF_ALG - add support for key_id"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Mat,
On 06/29/2016 11:43 AM, Mat Martineau wrote:
>> + ret = verify_signature(key, &sig);
>> + if (!ret) {
>> + req->dst_len = sizeof(digest);
>
> I think you fixed the BUG_ON() problem but there's still an issue with
> the handling of the digest. Check the use of sig->digest in
> public_key_verify_signature(), it's an input not an output. Right now it
> looks like 20 uninitialized bytes are compared with the computed digest
> within verify_signature, and then the unintialized bytes are copied to
> req->dst here.
>
> With some modifications to public_key_verify_signature you could get the
> digest you need, but I'm not sure if verification with a hardware key
> (like a key in a TPM) can or can not provide the digest needed. Maybe
> this is why the verify_signature hook in struct asymmetric_key_subtype
> is optional.
>
>> + scatterwalk_map_and_copy(digest, req->dst, 0, req->dst_len, 1);
>> + }

So it looks like the only thing that we need to return to the user in
this case is the return code. Do you agree?
Thanks,
--
TS

Next message: Mark Hounschell: "Resend: Another 4.4 to 4.5 floppy issue"
Previous message: Mason: "Re: WARNING: CPU: 0 PID: 0 at net/ipv4/af_inet.c:155 inet_sock_destruct+0x1c4/0x1dc"
Next in thread: Mat Martineau: "Re: [PATCH v8 6/6] crypto: AF_ALG - add support for key_id"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]