Re: [PATCH v2 2/2] integrity: convert digsig to akcipher api

From: Mimi Zohar
Date: Mon Dec 14 2015 - 08:25:52 EST


On Sat, 2015-12-12 at 18:26 -0800, Tadeusz Struk wrote:
> Convert asymmetric_verify to akcipher api.
>
> Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxx>
> ---
> security/integrity/Kconfig | 1 +
> security/integrity/digsig_asymmetric.c | 10 +++-------
> 2 files changed, 4 insertions(+), 7 deletions(-)
>
> diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
> index 73c457b..f0b2463 100644
> --- a/security/integrity/Kconfig
> +++ b/security/integrity/Kconfig
> @@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
> select ASYMMETRIC_KEY_TYPE
> select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
> select PUBLIC_KEY_ALGO_RSA
> + select CRYPTO_RSA
> select X509_CERTIFICATE_PARSER
> help
> This option enables digital signature verification using
> diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
> index 4fec181..5629372 100644
> --- a/security/integrity/digsig_asymmetric.c
> +++ b/security/integrity/digsig_asymmetric.c
> @@ -92,13 +92,9 @@ int asymmetric_verify(struct key *keyring, const char *sig,
> pks.pkey_hash_algo = hdr->hash_algo;
> pks.digest = (u8 *)data;
> pks.digest_size = datalen;
> - pks.nr_mpi = 1;
> - pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen);
> -
> - if (pks.rsa.s)
> - ret = verify_signature(key, &pks);
> -
> - mpi_free(pks.rsa.s);
> + pks.s = hdr->sig;

Thanks! With this change, my system is now able to boot.

Mimi

> + pks.s_size = siglen;
> + ret = verify_signature(key, &pks);
> key_put(key);
> pr_debug("%s() = %d\n", __func__, ret);
> return ret;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/