libkcapi
libkcapi copied to clipboard
smuellerDD
fipscheck doesn't allow setting checkdir
https://github.com/smuellerDD/libkcapi/blob/1429ab42d48123cc8f73b96c69a87fb9c6d8a7c9/apps/kcapi-hasher.c#L1124
is followed by
https://github.com/smuellerDD/libkcapi/blob/1429ab42d48123cc8f73b96c69a87fb9c6d8a7c9/apps/kcapi-hasher.c#L1183
so the attribute to fipscheck's -d goes nowhere.
Am Montag, 28. März 2022, 12:55:58 CEST schrieb Alexander Sosedkin:
Hi Alexander,
sorry for the delay.
https://github.com/smuellerDD/libkcapi/blob/1429ab42d48123cc8f73b96c69a87fb9 c6d8a7c9/apps/kcapi-hasher.c#L1124 is followed by https://github.com/smuellerDD/libkcapi/blob/1429ab42d48123cc8f73b96c69a87fb9 c6d8a7c9/apps/kcapi-hasher.c#L1183 so the attribute to
fipscheck's-dgoes nowhere.
Line 1194 uses the parameter which is then subsequently used. May I ask what your concern is?
Thanks.
Ciao Stephan
On April 22, 2022 11:17:43 PM GMT+02:00, smuellerDD @.***> wrote:
Am Montag, 28. März 2022, 12:55:58 CEST schrieb Alexander Sosedkin:
Hi Alexander,
sorry for the delay.
https://github.com/smuellerDD/libkcapi/blob/1429ab42d48123cc8f73b96c69a87fb9
c6d8a7c9/apps/kcapi-hasher.c#L1124 is followed by
https://github.com/smuellerDD/libkcapi/blob/1429ab42d48123cc8f73b96c69a87fb9
c6d8a7c9/apps/kcapi-hasher.c#L1183 so the attribute to
fipscheck's-dgoes nowhere.
Line 1194 uses the parameter which is then subsequently used.
Line 1194 is almost dead code, reachable only if get_hmac_file errors out, ain't it? And then checkfile is what matters, unaffected by an argument to -d.
May I ask what your concern is?
I can't figure out how to verify using an hmac at a nonstandard location, to the point of doubting this is even possible with the current code.
Thanks.
Ciao
Stephan
-- > Reply to this email directly or view it on GitHub:
https://github.com/smuellerDD/libkcapi/issues/137#issuecomment-1106873052
You are receiving this because you authored the thread.
Message ID: @.***>
Am Freitag, 22. April 2022, 23:31:37 CEST schrieb Alexander Sosedkin:
Hi Alexander,
On April 22, 2022 11:17:43 PM GMT+02:00, smuellerDD @.***> wrote:
Am Montag, 28. März 2022, 12:55:58 CEST schrieb Alexander Sosedkin:
Hi Alexander,
sorry for the delay.
https://github.com/smuellerDD/libkcapi/blob/1429ab42d48123cc8f73b96c69a87 fb9
c6d8a7c9/apps/kcapi-hasher.c#L1124 is followed by
https://github.com/smuellerDD/libkcapi/blob/1429ab42d48123cc8f73b96c69a87 fb9
c6d8a7c9/apps/kcapi-hasher.c#L1183 so the attribute to
fipscheck's-dgoes nowhere.
Line 1194 uses the parameter which is then subsequently used.
Line 1194 is almost dead code, reachable only if get_hmac_file errors out, ain't it? And then checkfile is what matters, unaffected by an argument to -d.
May I ask what your concern is?
I can't figure out how to verify using an hmac at a nonstandard location, to the point of doubting this is even possible with the current code.
For fipscheck, you are right, it is not used.
But the original fipscheck does not contain a -d flag either. The target directory is set during compile time:
$ ./configure --help | grep sum --enable-sum-prefix=PRE prefix to add to filenames when deriving the binary's checksum file's name (default ".") --enable-sum-suffix=EXT suffix to add to filenames when deriving the binary's checksum file's name (default "hmac") --enable-sum-dir=DIR directory where HMAC checksum files will be placed
Thanks.
Ciao
Stephan
-- > Reply to this email directly or view it on GitHub:
https://github.com/smuellerDD/libkcapi/issues/137#issuecomment-1106873052
You are receiving this because you authored the thread.
Message ID: @.***>
-- Reply to this email directly or view it on GitHub: https://github.com/smuellerDD/libkcapi/issues/137#issuecomment-1106885103 You are receiving this because you commented.
Message ID: @.***>
Ciao Stephan