| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.2.21.1811140813530.15226@namei.org>
Date: Wed, 14 Nov 2018 08:17:19 +1100 (AEDT)
From: James Morris <jmorris@...ei.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
cc: linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, Mimi Zohar <zohar@...ux.vnet.ibm.com>
Subject: [GIT PULL] integrity: fixup for new struct public_key_signature
encoding field
Hi Linus,
Please pull this fix for a bug introduced with '82f94f24475c ("KEYS:
Provide software public key query function [ver #2]")'.
The following changes since commit ccda4af0f4b92f7b4c308d3acc262f4a7e3affad:
Linux 4.20-rc2 (2018-11-11 17:12:31 -0600)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git fixes-v4.20-rc3
for you to fetch changes up to fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca:
integrity: support new struct public_key_signature encoding field (2018-11-13 13:09:56 -0800)
----------------------------------------------------------------
Mimi Zohar (1):
integrity: support new struct public_key_signature encoding field
security/integrity/digsig_asymmetric.c | 1 +
1 file changed, 1 insertion(+)
---
commit fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca
Author: Mimi Zohar <zohar@...ux.ibm.com>
Date: Fri Nov 9 00:53:40 2018 -0500
integrity: support new struct public_key_signature encoding field
On systems with IMA-appraisal enabled with a policy requiring file
signatures, the "good" signature values are stored on the filesystem as
extended attributes (security.ima). Signature verification failure
would normally be limited to just a particular file (eg. executable),
but during boot signature verification failure could result in a system
hang.
Defining and requiring a new public_key_signature field requires all
callers of asymmetric signature verification to be updated to reflect
the change. This patch updates the integrity asymmetric_verify()
caller.
Fixes: 82f94f24475c ("KEYS: Provide software public key query function [ver #2]")
Signed-off-by: Mimi Zohar <zohar@...ux.ibm.com>
Cc: David Howells <dhowells@...hat.com>
Acked-by: Denis Kenzior <denkenz@...il.com>
Signed-off-by: James Morris <james.morris@...rosoft.com>
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 6dc075144508..d775e03fbbcc 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -106,6 +106,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
pks.pkey_algo = "rsa";
pks.hash_algo = hash_algo_name[hdr->hash_algo];
+ pks.encoding = "pkcs1";
pks.digest = (u8 *)data;
pks.digest_size = datalen;
pks.s = hdr->sig;
Powered by blists - more mailing lists