Re: [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time a uthentication of binaries

[Makan Pourzandi <Makan.Pourzandi@ericsson.com>]

Hi Chris,

Thanks for your patch. We'll work on it and come up with a new release 
soon. I'll keep you and the list emailed about your patch.

Best Regards,
Makan

Chris Wright wrote:
> * Makan Pourzandi (QB/EMC) (makan.pourzandi@ericsson.com) wrote:
> 
>>Thanks a lot for your feedback. We'll work on the modifications in
>>the source code mentioned in your email and send out a new release
>>hopefully soon.
> 
> 
> Here's a patch with a bunch of cleanups:
> (sorry it's one big patch, just kept growing...)
> 
> - white space and braces cleanups
> - NULL pointer checks unified as (!ptr)
> - fixup confusion on ERR_PTR vs. NULL (fixes Oopsen)
> - cast on kmalloc is unecessary
> - make anyting static that can be
>   - functions
>   - variables (and remove redundany 0 initialization for static vars)
>   - use static initializers for things like semaphores, lists, locks
>   - remove set_digsig_ops/security_set_operations in favor of
>     statically initiaized digsig_security_ops
> - name change digsig_attribute_st -> digsig_attribute
> - introduce DIGSIG_ATTR macro, and use for attribute initialization
> - change names of sysfs files (in module, and hopefully supporting scripts
>   and programs)
>   - digsig_interface -> key
>   - digsig_revoke -> revoke
> - move extern defs to header files
> - get ifndef/define header bits correct
> - move towards single point of return (goto and error cleanup)
> - fixup memory leaks on error return paths
> - move towards use of error values rather than just -1
> - move ctx cleanup out of digsig_sign_verify_final so that caller is
>   responsible (less confusion and no chance of double free on error
>   cleanup)
> - mark init functions as __init
> - use security_initcall()
> - remove unneeded digsig_init_revocation (list statically initialized now)
> - remove inline on external functions
> - use list_for_each_entry
> - collapse 'n' and 'e' cases in digsig_key_store for raw_public_key allocation
> - remove redundant file->f_security = NULL after digsig_allow_write_access()
> - move list_add_tail() in dsi_sysfs for revoked key into digsig_revocation.c
>   under helper digsig_add_revoked_sig()
> - add revoked_list_lock (used in above helper) for proper list manipulation
> - s/SHA1_TFM/sha1_tfm/ ala CodingStyle
> - fix bogus ctx==NULL check in digsig_sign_verify_update()
> 
> It compiles, and I actually loaded it and ran some tests to make sure
> it still works.  Seems OK.  I didn't work at stressing any of the error
> paths, but I think they are cleaner than they were.
> 
> thanks,
> -chris
> 


-- 

Makan Pourzandi, Open Systems Lab
Ericsson Research, Montreal, Canada
*This email does not represent or express the opinions of Ericsson Inc.*