summaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.ibm.com>2018-11-09 00:53:40 -0500
committerMimi Zohar <zohar@linux.ibm.com>2018-11-13 07:37:42 -0500
commit59637d5e1693451b03d2979ffbe9d40423ef05d7 (patch)
tree30f8596dd886f5ce918fdcc57b4d3b6b42fa4896 /security/integrity
parent26b76320a8a550472bbb8f42257df83fcb8d8df6 (diff)
downloadlinux-59637d5e1693451b03d2979ffbe9d40423ef05d7.tar.bz2
integrity: support new struct public_key_signature encoding field
On systems with IMA-appraisal enabled with a policy requiring file signatures, the "good" signature values are stored on the filesystem as extended attributes (security.ima). Signature verification failure would normally be limited to just a particular file (eg. executable), but during boot signature verification failure could result in a system hang. Defining and requiring a new public_key_signature field requires all callers of asymmetric signature verification to be updated to reflect the change. This patch updates the integrity asymmetric_verify() caller. Fixes: 82f94f24475c ("KEYS: Provide software public key query function [ver #2]") Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Cc: David Howells <dhowells@redhat.com> Acked-by: Denis Kenzior <denkenz@gmail.com>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/digsig_asymmetric.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 6dc075144508..d775e03fbbcc 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -106,6 +106,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
pks.pkey_algo = "rsa";
pks.hash_algo = hash_algo_name[hdr->hash_algo];
+ pks.encoding = "pkcs1";
pks.digest = (u8 *)data;
pks.digest_size = datalen;
pks.s = hdr->sig;