From: Tadeusz Struk <tadeusz.struk@intel.com>
To: David Howells <dhowells@redhat.com>
Cc: herbert@gondor.apana.org.au, smueller@chronox.de,
linux-api@vger.kernel.org, marcel@holtmann.org,
linux-kernel@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, dwmw2@infradead.org,
davem@davemloft.net
Subject: Re: [PATCH v3 7/7] crypto: AF_ALG - add support for key_id
Date: Wed, 30 Mar 2016 10:19:43 -0700 [thread overview]
Message-ID: <56FC0AAF.3000404@intel.com> (raw)
In-Reply-To: <14284.1459355506@warthog.procyon.org.uk>
Hi David,
On 03/30/2016 09:31 AM, David Howells wrote:
>> + keyring = request_key(&key_type_asymmetric, key_name, NULL);
>> > +
>> > + err = -ENOKEY;
>> > + if (IS_ERR(keyring))
>> > + goto out;
>> > +
>> > + pkey = keyring->payload.data[asym_crypto];
> NAK. This is liable to crash in future. You may not assume that you know
> what keyring->payload.data[asym_crypto] points to.
>
> You may not use struct public_key outside of crypto/asymmetric_key/. It's the
> internal data of the software subtype. I'll move it out of the global header
> to remove the temptation;-).
>
> You must use accessor functions such as verify_signature(). Feel free to add
> further accessor functions such as query_asym_capabilities(),
> create_signature(), encrypt_blob() and decrypt_blob() or something like that.
Thanks for your response. I thought that the public_key_query_sw_key(pkey)
check was enough for now.
I'll remove public_key stuff from af_alg and add the accessors.
Thanks,
--
TS
prev parent reply other threads:[~2016-03-30 17:19 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-30 0:56 [PATCH v3 0/7] crypto: algif - add akcipher Tadeusz Struk
2016-03-30 0:56 ` Tadeusz Struk
2016-03-30 0:56 ` [PATCH v3 1/7] crypto: AF_ALG -- add sign/verify API Tadeusz Struk
2016-03-30 0:57 ` [PATCH v3 2/7] crypto: AF_ALG -- add setpubkey setsockopt call Tadeusz Struk
2016-03-30 0:57 ` [PATCH v3 3/7] crypto: AF_ALG -- add asymmetric cipher interface Tadeusz Struk
2016-03-30 0:57 ` Tadeusz Struk
2016-03-30 0:57 ` [PATCH v3 4/7] crypto: algif_akcipher - enable compilation Tadeusz Struk
2016-03-30 0:57 ` [PATCH v3 5/7] crypto: algif_akcipher - add ops_nokey Tadeusz Struk
2016-03-30 0:57 ` [PATCH v3 6/7] crypto: KEYS - add public_key info query Tadeusz Struk
2016-03-30 0:57 ` [PATCH v3 7/7] crypto: AF_ALG - add support for key_id Tadeusz Struk
2016-03-30 1:49 ` kbuild test robot
2016-03-30 1:49 ` kbuild test robot
[not found] ` <201603300916.Og5tA3rF%fengguang.wu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-03-30 2:52 ` Tadeusz Struk
2016-03-30 2:52 ` Tadeusz Struk
2016-03-30 2:22 ` kbuild test robot
2016-03-30 2:22 ` kbuild test robot
2016-03-30 2:22 ` kbuild test robot
2016-03-30 2:46 ` kbuild test robot
2016-03-30 2:46 ` kbuild test robot
2016-03-30 2:46 ` kbuild test robot
2016-03-30 16:31 ` David Howells
2016-03-30 16:45 ` David Woodhouse
2016-03-30 16:45 ` David Woodhouse
2016-03-30 16:45 ` David Woodhouse
2016-03-30 16:45 ` David Woodhouse
2016-03-30 17:19 ` Tadeusz Struk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56FC0AAF.3000404@intel.com \
--to=tadeusz.struk@intel.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.