All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mat Martineau <mathew.j.martineau@linux.intel.com>
To: ell@lists.01.org
Subject: Re: [PATCH v2 3/6] tls: Use l_key crypto for decrypt and sign
Date: Tue, 09 Aug 2016 11:40:11 -0700	[thread overview]
Message-ID: <alpine.OSX.2.20.1608091136450.24354@mjmartin-mac01.local> (raw)
In-Reply-To: <57AA0431.4050601@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2910 bytes --]


On Tue, 9 Aug 2016, Denis Kenzior wrote:

> Hi Mat,
>
>>
>> -LIB_EXPORT void l_tls_set_auth_data(struct l_tls *tls, const char 
>> *cert_path,
>> -				const char *priv_key_path,
>> -				const char *priv_key_passphrase)
>> +LIB_EXPORT bool l_tls_set_auth_data(struct l_tls *tls, const char 
>> *cert_path,
>> +					const char *priv_key_path,
>> +					const char *priv_key_passphrase)
>>   {
>> +	uint8_t *priv_key = NULL;
>> +	bool is_public = true;
>> +
>
> Just a quick nitpick.  Can you move these into the if (priv_key_path) block?

Sure. Good to know that fits with the style guidelines, I'd prefer to have 
them in the smaller scope.

>>   	if (tls->cert_path) {
>>   		l_free(tls->cert_path);
>> -		l_free(tls->priv_key_path);
>>   		tls->cert_path = NULL;
>> -		tls->priv_key_path = NULL;
>>   	}
>> 
>> -	if (cert_path) {
>> -		tls->cert_path = l_strdup(cert_path);
>> -		tls->priv_key_path = l_strdup(priv_key_path);
>> +	if (tls->priv_key) {
>> +		l_key_free(tls->priv_key);
>> +		tls->priv_key = NULL;
>> +		tls->priv_key_size = 0;
>>   	}
>> 
>> -	if (tls->priv_key_passphrase) {
>> -		memset(tls->priv_key_passphrase, 0,
>> -				strlen(tls->priv_key_passphrase));
>> -		l_free(tls->priv_key_passphrase);
>> -		tls->priv_key_passphrase = NULL;
>> +	if (priv_key_path) {
>> +		priv_key = l_pem_load_private_key(priv_key_path,
>> +							priv_key_passphrase,
>> +							&tls->priv_key_size);
>> +
>> +		tls->priv_key = l_key_new(L_KEY_RSA, priv_key,
>> +						tls->priv_key_size);
>> +		if (priv_key) {
>> +			memset(priv_key, 0, tls->priv_key_size);
>> +			l_free(priv_key);
>> +		}
>> +
>> +		if (!l_key_get_info(tls->priv_key, L_CIPHER_RSA_PKCS1_V1_5,
>> +					L_CHECKSUM_NONE, &tls->priv_key_size,
>> +					&is_public) || is_public) {
>> +			l_key_free(tls->priv_key);
>> +			tls->priv_key = NULL;
>> +			tls->priv_key_size = 0;
>> +			return false;
>> +		}
>> +
>> +		tls->priv_key_size /= 8;
>>   	}
>> 
>> -	if (priv_key_passphrase)
>> -		tls->priv_key_passphrase = l_strdup(priv_key_passphrase);
>> +	if (cert_path)
>> +		tls->cert_path = l_strdup(cert_path);
>> +
>> +	return true;
>>   }
>>
>>   LIB_EXPORT const char *l_tls_alert_to_str(enum l_tls_alert_desc desc)
>> diff --git a/ell/tls.h b/ell/tls.h
>> index a3f3a28..0a7c920 100644
>> --- a/ell/tls.h
>> +++ b/ell/tls.h
>> @@ -97,7 +97,7 @@ void l_tls_set_cacert(struct l_tls *tls, const char 
>> *ca_cert_path);
>>    * one certificate of each type so they can be used depending on which
>>    * is compatible with the negotiated parameters.
>>    */
>> -void l_tls_set_auth_data(struct l_tls *tls, const char *cert_path,
>> +bool l_tls_set_auth_data(struct l_tls *tls, const char *cert_path,
>>   				const char *priv_key_path,
>>   				const char *priv_key_passphrase);
>> 
>> 
>
> Regards,
> -Denis
>

--
Mat Martineau
Intel OTC

  reply	other threads:[~2016-08-09 18:40 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-08 17:25 [PATCH v2 1/6] key: Add NULL check to l_key_get_info Mat Martineau
2016-08-08 17:25 ` [PATCH v2 2/6] tls: Convert encrypt and verify to l_key crypto Mat Martineau
2016-08-09 16:17   ` Denis Kenzior
2016-08-09 18:36     ` Mat Martineau
2016-08-08 17:25 ` [PATCH v2 3/6] tls: Use l_key crypto for decrypt and sign Mat Martineau
2016-08-09 16:26   ` Denis Kenzior
2016-08-09 18:40     ` Mat Martineau [this message]
2016-08-08 17:25 ` [PATCH v2 4/6] unit: Generate and use PKCS8 version of server key for TLS tests Mat Martineau
2016-08-08 17:42   ` Denis Kenzior
2016-08-08 17:53     ` Mat Martineau
2016-08-08 19:58       ` Denis Kenzior
2016-08-08 22:27         ` Mat Martineau
2016-08-08 23:30           ` Denis Kenzior
2016-08-08 17:25 ` [PATCH v2 5/6] unit: Check return value of l_tls_set_auth_data Mat Martineau
2016-08-08 17:25 ` [PATCH v2 6/6] examples: " Mat Martineau
2016-08-08 17:39 ` [PATCH v2 1/6] key: Add NULL check to l_key_get_info Denis Kenzior

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.OSX.2.20.1608091136450.24354@mjmartin-mac01.local \
    --to=mathew.j.martineau@linux.intel.com \
    --cc=ell@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.