From: Mimi Zohar <zohar@linux.ibm.com>
To: Vitaly Chikunov <vt@altlinux.org>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH v7 3/3] ima-evm-utils: Read keyid from the cert appended to the key file
Date: Mon, 05 Jul 2021 16:04:52 -0400 [thread overview]
Message-ID: <f304a136df93bd74e06a68737f9512e003e329ab.camel@linux.ibm.com> (raw)
In-Reply-To: <20210701011323.2377251-4-vt@altlinux.org>
Hi Vitaly,
On Thu, 2021-07-01 at 04:13 +0300, Vitaly Chikunov wrote:
>
> +/**
> + * read_keyid_from_key() - Read 32-bit keyid from the key file
> + * @keyid_be: Pointer to 32-bit value in network order (BE, unaligned).
> + * @keyfile: PEM file with private key with optionally appended x509 cert.
> + * Return: 0 on success and keyid_be is written;
> + * -1 on error, logged error message, and keyid_be isn't written.
> + */
> +static int read_keyid_from_key(uint32_t *keyid_be, const char *keyfile)
(With the new option "--keyid-from-cert" is this patch really still
needed?)
The function name is a bit off. Both imaevm_read_keyid() and this
function are getting the keyid from a cert. There's also quite a bit
of code duplication between them. Refactoring the code might help.
For example, perhaps imaevm_read_keyid() could be a wrapper for
read_keyid_from_cert().
Otherwise renaming this function to read_keyid_from_keyfile(),
read_appended_keyid() or read_appended_keyid_from_cert(), which is
really wordy, would be better.
thanks,
Mimi
next prev parent reply other threads:[~2021-07-05 20:10 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-01 1:13 [PATCH v7 0/3] ima-evm-utils: Add --keyid option Vitaly Chikunov
2021-07-01 1:13 ` [PATCH v7 1/3] ima-evm-utils: Allow manual setting keyid for signing Vitaly Chikunov
2021-07-01 1:13 ` [PATCH v7 2/3] ima-evm-utils: Allow manual setting keyid from a cert file Vitaly Chikunov
2021-07-05 19:59 ` Mimi Zohar
2021-07-05 20:50 ` Vitaly Chikunov
2021-07-01 1:13 ` [PATCH v7 3/3] ima-evm-utils: Read keyid from the cert appended to the key file Vitaly Chikunov
2021-07-05 20:04 ` Mimi Zohar [this message]
2021-07-05 21:15 ` Vitaly Chikunov
2021-07-06 16:23 ` [PATCH v7 0/3] ima-evm-utils: Add --keyid option Mimi Zohar
2021-07-06 21:13 ` Vitaly Chikunov
2021-07-08 15:37 ` Mimi Zohar
2021-07-08 15:46 ` Vitaly Chikunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f304a136df93bd74e06a68737f9512e003e329ab.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=vt@altlinux.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.