lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1456293568.2887.2.camel@linux.vnet.ibm.com>
Date:	Wed, 24 Feb 2016 00:59:28 -0500
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	David Howells <dhowells@...hat.com>
Cc:	keyrings@...r.kernel.org, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, tadeusz.struk@...el.com
Subject: Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto
 layer

On Wed, 2016-02-24 at 00:04 -0500, Mimi Zohar wrote:
> On Fri, 2016-02-19 at 17:18 +0000, David Howells wrote:
> 
> >  /*
> >   * Verify a signature using a public key.
> >   */
> >  int public_key_verify_signature(const struct public_key *pkey,
> >  				const struct public_key_signature *sig)
> >  {
> > +	struct public_key_completion compl;
> > +	struct crypto_akcipher *tfm;
> > +	struct akcipher_request *req;
> > +	struct scatterlist sig_sg, digest_sg;
> > +	int ret = -ENOMEM;
> > +
> > +	pr_devel("==>%s()\n", __func__);
> > +
> >  	BUG_ON(!pkey);
> >  	BUG_ON(!sig);
> >  	BUG_ON(!sig->digest);
> >  	BUG_ON(!sig->s);
> > 
> > -	if (pkey->pkey_algo >= PKEY_ALGO__LAST)
> > -		return -ENOPKG;
> > +	tfm = crypto_alloc_akcipher(pkey_algo_name[sig->pkey_algo], 0, 0);
> > +	if (IS_ERR(tfm))
> > +		return PTR_ERR(tfm);
> 
> IMA fails here.

Please include the following fix in this patch.

diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 2fa3bc6..69a92e6 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -103,6 +103,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
 
 	memset(&pks, 0, sizeof(pks));
 
+	pks.pkey_algo = PKEY_ALGO_RSA;
 	pks.pkey_hash_algo = hdr->hash_algo;
 	pks.digest = (u8 *)data;
 	pks.digest_size = datalen;
-- 
2.1.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ