Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3293793pxb;
        Tue, 19 Jan 2021 20:22:03 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwjV8kvcI/GzC0wRIb+q06HGaCf5eDjsUnewcPvHS4h5RxyrIFAkmgEdFvAlPq/2q8zCBad
X-Received: by 2002:a50:84e7:: with SMTP id 94mr6045891edq.87.1611116523118;
        Tue, 19 Jan 2021 20:22:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1611116523; cv=none;
        d=google.com; s=arc-20160816;
        b=VPdHJ264tpm6J3fdG8q4ChBb8Lj4EP549TS8tIbAA4luX86MJNZxD+V1FIu7DSY4eP
         xHv7Tpj2ITqqWKRibpogI5NdG0BzGlk2mmBIeLkbqSVPLLgL0GT4ZgQUUVK5SIkR216c
         dLuXlrKZWqM01VyxzJrNdYbmF1hz8gyoZLldOoJb4qQ1R4aSLFtJ8nRmN0kTUTgelrtp
         xD8XUVygMLcDgLyQAjc+D5q1xPTjq3I2a4ILs/1wUI1xZXP+WnjXW40UkAx8Q8IP8tR0
         wkKPnFm8LnZzWfKsuwmoTc7VuHVbiuifsEubwfcAe8VX5LGeW3LODwOx6N+IPcRqm1Dl
         MpLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-transfer-encoding
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=S1s8Kn4UBhm3hqRKKeWT2q+M4ciGpNtz8l/in9FqCKA=;
        b=qYlPqYFmWC5WAs/yzGZhRKQlYeaLV5ZJT2Vw/k5B1docDoE94A16jBxqPyVywcUNmZ
         4jQv0vauruHd5PcymaqEIAd9PhRYhlUGYfKpbRD6A6ZI4/YsUxUuOgjvlcckmpfceJcl
         KnS55VCPD3kmvPXdP6082ZxEWpAAt1bQ2+NcQ3FcXhSGlYp6+HYHqb5MrDZaybfKD/HL
         pr9e7URddgAEcdM69h7lsFvdzAonBb2ckJlGNSGDbmf7l+v33ITOWLtjif9nVi7cZDGh
         NOeIXOo2AixUq3JvjJwAVO68H3fqCZ/PeWniGvvWzyjpu7vLs0KZMLbWqi+2y82WBit9
         2Zhg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ah7CzMik;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r15si284590ejs.502.2021.01.19.20.21.32;
        Tue, 19 Jan 2021 20:22:03 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ah7CzMik;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727393AbhATES2 (ORCPT <rfc822;beexploring@gmail.com>
        + 99 others); Tue, 19 Jan 2021 23:18:28 -0500
Received: from mail.kernel.org ([198.145.29.99]:48862 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728134AbhATERL (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 19 Jan 2021 23:17:11 -0500
Received: by mail.kernel.org (Postfix) with ESMTPSA id 3C8E623131;
        Wed, 20 Jan 2021 04:16:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1611116190;
        bh=xyjnizKJKYbTRv0UN0+Gwt4VTaFiAxMHtX+9p9eYe1s=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=ah7CzMikRzj9W9tCn1AXbZZE8R1ZZweT7ziyrwOtDpZNF2g4cVOr6PlWh5KRAFxsC
         AsbyuxEJ7GBuwoXPbRq9GiQePaNVne4UT+gu7x4YV6Ov8TvIZ0Z/FAHEm6WoCE8U/o
         x3tNJU7WNAdOBS6eYKCR3szPJBlq0AI3sjlazIcwBrqsJWGeK4ORLPxH3rMihm1ykE
         Lr0r4acf4K5C7MoADs+SRSfn/OeKJ4tTs7cNgaqo330SvD6nYRKcsjP8u3Vf0m2zqy
         Rs0SpKX5xSvb/Rg6JYz14DF23Yy5LF9BUa8F30nt64fgx+JITef2DSwaq5iXNc6OAk
         XDQUGoZNZjTsA==
Date:   Wed, 20 Jan 2021 06:16:23 +0200
From:   Jarkko Sakkinen <jarkko@kernel.org>
To:     =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= <mic@digikod.net>
Cc:     David Howells <dhowells@redhat.com>,
        David Woodhouse <dwmw2@infradead.org>,
        "David S . Miller" <davem@davemloft.net>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        James Morris <jmorris@namei.org>,
        =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= <mic@linux.microsoft.com>,
        Mimi Zohar <zohar@linux.ibm.com>,
        "Serge E . Hallyn" <serge@hallyn.com>, keyrings@vger.kernel.org,
        linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: Re: [PATCH v3 06/10] certs: Make blacklist_vet_description() more
 strict
Message-ID: <YAeul+B2x6QK0NVq@kernel.org>
References: <20210114151909.2344974-1-mic@digikod.net>
 <20210114151909.2344974-7-mic@digikod.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20210114151909.2344974-7-mic@digikod.net>
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Thu, Jan 14, 2021 at 04:19:05PM +0100, Micka?l Sala?n wrote:
> From: Micka?l Sala?n <mic@linux.microsoft.com>
> 
> Before exposing this new key type to user space, make sure that only
> meaningful blacklisted hashes are accepted.  This is also checked for
> builtin blacklisted hashes, but a following commit make sure that the
> user will notice (at built time) and will fix the configuration if it
> already included errors.
> 
> Check that a blacklist key description starts with a valid prefix and
> then a valid hexadecimal string.
> 
> Cc: David Howells <dhowells@redhat.com>
> Cc: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Micka?l Sala?n <mic@linux.microsoft.com>
> Acked-by: Jarkko Sakkinen <jarkko@kernel.org>

In this I'm not as worried about ABI, i.e. you don't have any reason
supply any other data, which doesn't follow these ruels, whereas there
could very well be a script that does format hex "incorrectly".

/Jarkko