| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Dec 2015 06:59:02 -0800 From: Tadeusz Struk <tadeusz.struk@...el.com> To: Mimi Zohar <zohar@...ux.vnet.ibm.com>, dhowells@...hat.com Cc: herbert@...dor.apana.org.au, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-crypto@...r.kernel.org Subject: Re: [PATCH v2 2/2] integrity: convert digsig to akcipher api On 12/14/2015 05:24 AM, Mimi Zohar wrote: > On Sat, 2015-12-12 at 18:26 -0800, Tadeusz Struk wrote: >> Convert asymmetric_verify to akcipher api. >> >> Signed-off-by: Tadeusz Struk <tadeusz.struk@...el.com> >> --- >> security/integrity/Kconfig | 1 + >> security/integrity/digsig_asymmetric.c | 10 +++------- >> 2 files changed, 4 insertions(+), 7 deletions(-) >> >> diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig >> index 73c457b..f0b2463 100644 >> --- a/security/integrity/Kconfig >> +++ b/security/integrity/Kconfig >> @@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS >> select ASYMMETRIC_KEY_TYPE >> select ASYMMETRIC_PUBLIC_KEY_SUBTYPE >> select PUBLIC_KEY_ALGO_RSA >> + select CRYPTO_RSA >> select X509_CERTIFICATE_PARSER >> help >> This option enables digital signature verification using >> diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c >> index 4fec181..5629372 100644 >> --- a/security/integrity/digsig_asymmetric.c >> +++ b/security/integrity/digsig_asymmetric.c >> @@ -92,13 +92,9 @@ int asymmetric_verify(struct key *keyring, const char *sig, >> pks.pkey_hash_algo = hdr->hash_algo; >> pks.digest = (u8 *)data; >> pks.digest_size = datalen; >> - pks.nr_mpi = 1; >> - pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen); >> - >> - if (pks.rsa.s) >> - ret = verify_signature(key, &pks); >> - >> - mpi_free(pks.rsa.s); >> + pks.s = hdr->sig; > > Thanks! With this change, my system is now able to boot. > Thanks Mimi. David, do you have any comments to this patch set? If not could you ACK please. Thanks, -- TS -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists