Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752970Ab1ETM3Q (ORCPT ); Fri, 20 May 2011 08:29:16 -0400 Received: from e39.co.us.ibm.com ([32.97.110.160]:43226 "EHLO e39.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750835Ab1ETM3N (ORCPT ); Fri, 20 May 2011 08:29:13 -0400 Subject: Re: [PATCH v5 03/21] evm: re-release From: Mimi Zohar To: "Serge E. Hallyn" Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, James Morris , David Safford , Andrew Morton , Greg KH , Dmitry Kasatkin , Mimi Zohar In-Reply-To: <20110519213754.GA10072@mail.hallyn.com> References: <1305557115-15652-1-git-send-email-zohar@linux.vnet.ibm.com> <1305557115-15652-4-git-send-email-zohar@linux.vnet.ibm.com> <20110519213754.GA10072@mail.hallyn.com> Content-Type: text/plain; charset="UTF-8" Date: Fri, 20 May 2011 08:29:05 -0400 Message-ID: <1305894545.3247.43.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 (2.30.3-1.fc13) Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1842 Lines: 45 On Thu, 2011-05-19 at 16:37 -0500, Serge E. Hallyn wrote: > Quoting Mimi Zohar (zohar@linux.vnet.ibm.com): > ... > > +extern int evm_hmac_size; > ... > > +int evm_hmac_size = SHA1_DIGEST_SIZE; > > I think I object to having both MAX_DIGEST_SIZE and evm_hmac_size, both > of which are set to SHA1_DIGEST_SIZE throughout this patchset. Especially > because of the comment I was about to make on patch 4/21, where you > then prepend the hmac with a 'type' byte, and start passing around > MAX_DIGEST_SIZE+1 and evm_hmac_size+1. > > Even if you're going to be using those differently in a later patchset, > let's focus on this set for now and keep things simpler. One constant > for the hmac size, and then please define a new one (in patch 4) for > the annotated digest size. I can't think think of a good name. Which > suggests that perhaps you should define a nicely typed struct to contain > the header+hmac... > > I see no other problems, so presuming that these are nicely addressed > I expect to happily ack. > > thanks, > -serge Ok, MAX_DIGEST_SIZE was defined in the first patch of this patchset, which moves the iint from IMA to integrity, but it seems to be unnecessary for any of the additional EVM or IMA extensions, including support for additional IMA hash sizes. I'll remove MAX_DIGEST_SIZE. The reason for introducing the extra byte at this point in the patch set, as opposed to waiting to do so in the digital signature patches, is to permit existing labeled systems to continue to run properly (and be bisect safe). Defining a structure is a good idea. thanks, Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/