Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer
From: Mimi Zohar
Date: Wed Feb 24 2016 - 01:00:32 EST
On Wed, 2016-02-24 at 00:04 -0500, Mimi Zohar wrote:
> On Fri, 2016-02-19 at 17:18 +0000, David Howells wrote:
>
> > /*
> > * Verify a signature using a public key.
> > */
> > int public_key_verify_signature(const struct public_key *pkey,
> > const struct public_key_signature *sig)
> > {
> > + struct public_key_completion compl;
> > + struct crypto_akcipher *tfm;
> > + struct akcipher_request *req;
> > + struct scatterlist sig_sg, digest_sg;
> > + int ret = -ENOMEM;
> > +
> > + pr_devel("==>%s()\n", __func__);
> > +
> > BUG_ON(!pkey);
> > BUG_ON(!sig);
> > BUG_ON(!sig->digest);
> > BUG_ON(!sig->s);
> >
> > - if (pkey->pkey_algo >= PKEY_ALGO__LAST)
> > - return -ENOPKG;
> > + tfm = crypto_alloc_akcipher(pkey_algo_name[sig->pkey_algo], 0, 0);
> > + if (IS_ERR(tfm))
> > + return PTR_ERR(tfm);
>
> IMA fails here.
Please include the following fix in this patch.
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 2fa3bc6..69a92e6 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -103,6 +103,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
memset(&pks, 0, sizeof(pks));
+ pks.pkey_algo = PKEY_ALGO_RSA;
pks.pkey_hash_algo = hdr->hash_algo;
pks.digest = (u8 *)data;
pks.digest_size = datalen;
--
2.1.0