Some debug messages have been added in the function datablob_parse() in order to better identify errors returned when dealing with 'encrypted' keys. Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxx> --- security/keys/encrypted_defined.c | 44 +++++++++++++++++++++++++++--------- 1 files changed, 33 insertions(+), 11 deletions(-) diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted_defined.c index c1c5e27..2bb2c47 100644 --- a/security/keys/encrypted_defined.c +++ b/security/keys/encrypted_defined.c @@ -133,46 +133,68 @@ static int datablob_parse(char *datablob, char **master_desc, substring_t args[MAX_OPT_ARGS]; int ret = -EINVAL; int key_cmd; - char *p; + char *p, *keyword; - p = strsep(&datablob, " \t"); - if (!p) + keyword = strsep(&datablob, " \t"); + if (!keyword) { + pr_err("encrypted_key: insufficient parameters specified\n"); return ret; - key_cmd = match_token(p, key_tokens, args); + } + key_cmd = match_token(keyword, key_tokens, args); *master_desc = strsep(&datablob, " \t"); - if (!*master_desc) + if (!*master_desc) { + pr_err("encrypted_key: master key parameter is missing\n"); goto out; + } - if (valid_master_desc(*master_desc, NULL) < 0) + if (valid_master_desc(*master_desc, NULL) < 0) { + pr_err("encrypted_key: master key parameter \'%s\' " + "is invalid\n", *master_desc); goto out; + } if (decrypted_datalen) { *decrypted_datalen = strsep(&datablob, " \t"); - if (!*decrypted_datalen) + if (!*decrypted_datalen) { + pr_err("encrypted_key: keylen parameter is missing\n"); goto out; + } } switch (key_cmd) { case Opt_new: - if (!decrypted_datalen) + if (!decrypted_datalen) { + pr_err("encrypted_key: keyword \'%s\' not allowed when " + "updating an existent key\n", keyword); break; + } ret = 0; break; case Opt_load: - if (!decrypted_datalen) + if (!decrypted_datalen) { + pr_err("encrypted_key: keyword \'%s\' not allowed when " + "updating an existent key\n", keyword); break; + } *hex_encoded_iv = strsep(&datablob, " \t"); - if (!*hex_encoded_iv) + if (!*hex_encoded_iv) { + pr_err("encrypted_key: hex blob is missing\n"); break; + } ret = 0; break; case Opt_update: - if (decrypted_datalen) + if (decrypted_datalen) { + pr_err("encrypted_key: keyword \'%s\' not allowed when " + "instantiating a new key\n", keyword); break; + } ret = 0; break; case Opt_err: + pr_err("encrypted_key: keyword \'%s\' not recognized\n", + keyword); break; } out: -- 1.7.2.3
Attachment:
smime.p7s
Description: S/MIME cryptographic signature