Re: [PATCH v2 2/2] integrity: convert digsig to akcipher api

From: Tadeusz Struk
Date: Mon Dec 14 2015 - 10:02:26 EST


On 12/14/2015 05:24 AM, Mimi Zohar wrote:
> On Sat, 2015-12-12 at 18:26 -0800, Tadeusz Struk wrote:
>> Convert asymmetric_verify to akcipher api.
>>
>> Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxx>
>> ---
>> security/integrity/Kconfig | 1 +
>> security/integrity/digsig_asymmetric.c | 10 +++-------
>> 2 files changed, 4 insertions(+), 7 deletions(-)
>>
>> diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
>> index 73c457b..f0b2463 100644
>> --- a/security/integrity/Kconfig
>> +++ b/security/integrity/Kconfig
>> @@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
>> select ASYMMETRIC_KEY_TYPE
>> select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
>> select PUBLIC_KEY_ALGO_RSA
>> + select CRYPTO_RSA
>> select X509_CERTIFICATE_PARSER
>> help
>> This option enables digital signature verification using
>> diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
>> index 4fec181..5629372 100644
>> --- a/security/integrity/digsig_asymmetric.c
>> +++ b/security/integrity/digsig_asymmetric.c
>> @@ -92,13 +92,9 @@ int asymmetric_verify(struct key *keyring, const char *sig,
>> pks.pkey_hash_algo = hdr->hash_algo;
>> pks.digest = (u8 *)data;
>> pks.digest_size = datalen;
>> - pks.nr_mpi = 1;
>> - pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen);
>> -
>> - if (pks.rsa.s)
>> - ret = verify_signature(key, &pks);
>> -
>> - mpi_free(pks.rsa.s);
>> + pks.s = hdr->sig;
>
> Thanks! With this change, my system is now able to boot.
>
Thanks Mimi.

David, do you have any comments to this patch set? If not could you ACK please.
Thanks,

--
TS
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/