Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > > This can be told to skip a particular algorithm for when the caller > > has one precalculated. The precalculated hash can be passed to > > is_hash_blacklisted(). This would typically be the case for a signed > > X.509 message. > > This last part seems a premature optimization to me. Is there a > performance concern preventing us from using (4) only? Crypto stuff is relatively slow - and in the case of X.509 and PKCS#7 the caller will already have calculated a hash. The most likely situation currently, I think, is that we will only have sha256 hashes in the blacklist, and whatever we're checking will have a sha256 hash also. Possibly, I could just pass the precalculated hash into is_data_blacklisted() and so avoid having to call is_hash_blacklisted() from outside. > In any case, the approach and the code look sound to me, although I > think adding a hash of a type that we don't know how to calculate > deserves a warning at least. There are two issues with that: (1) We don't know what hashes are available without checking to see what modules are available. However, to do this would involve loading the hash algorithm module - but we might not be in a position to do this yet (the blacklist is loaded before we start userspace). (2) A module implementing a hash algorithm might be blacklisted by the hash that we've been given to add to the blacklist. I think this is a more general problem - and might require us to restrict blacklisting to hash algorithms that are built in. David -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html