diff options
author | Mimi Zohar <zohar@linux.ibm.com> | 2018-11-09 06:53:40 +0100 |
---|---|---|
committer | James Morris <james.morris@microsoft.com> | 2018-11-13 22:09:56 +0100 |
commit | fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca (patch) | |
tree | 772f7b697fa729f1f186f6e9310def5493c11e83 /security | |
parent | Linux 4.20-rc2 (diff) | |
download | linux-fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca.tar.xz linux-fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca.zip |
integrity: support new struct public_key_signature encoding field
On systems with IMA-appraisal enabled with a policy requiring file
signatures, the "good" signature values are stored on the filesystem as
extended attributes (security.ima). Signature verification failure
would normally be limited to just a particular file (eg. executable),
but during boot signature verification failure could result in a system
hang.
Defining and requiring a new public_key_signature field requires all
callers of asymmetric signature verification to be updated to reflect
the change. This patch updates the integrity asymmetric_verify()
caller.
Fixes: 82f94f24475c ("KEYS: Provide software public key query function [ver #2]")
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Acked-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/digsig_asymmetric.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c index 6dc075144508..d775e03fbbcc 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -106,6 +106,7 @@ int asymmetric_verify(struct key *keyring, const char *sig, pks.pkey_algo = "rsa"; pks.hash_algo = hash_algo_name[hdr->hash_algo]; + pks.encoding = "pkcs1"; pks.digest = (u8 *)data; pks.digest_size = datalen; pks.s = hdr->sig; |