diff mbox series

[GIT,PULL] integrity: fixup for new struct public_key_signature encoding field

Message ID alpine.LRH.2.21.1811140813530.15226@namei.org (mailing list archive)
State New, archived
Headers show
Series [GIT,PULL] integrity: fixup for new struct public_key_signature encoding field | expand

Pull-request

git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git fixes-v4.20-rc3

Commit Message

James Morris Nov. 13, 2018, 9:17 p.m. UTC 
Hi Linus,

Please pull this fix for a bug introduced with '82f94f24475c ("KEYS: 
Provide software public key query function [ver #2]")'.


The following changes since commit ccda4af0f4b92f7b4c308d3acc262f4a7e3affad:

  Linux 4.20-rc2 (2018-11-11 17:12:31 -0600)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git fixes-v4.20-rc3

for you to fetch changes up to fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca:

  integrity: support new struct public_key_signature encoding field (2018-11-13 13:09:56 -0800)

----------------------------------------------------------------
Mimi Zohar (1):
      integrity: support new struct public_key_signature encoding field

 security/integrity/digsig_asymmetric.c | 1 +
 1 file changed, 1 insertion(+)

---
commit fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca
Author: Mimi Zohar <zohar@linux.ibm.com>
Date:   Fri Nov 9 00:53:40 2018 -0500

    integrity: support new struct public_key_signature encoding field
    
    On systems with IMA-appraisal enabled with a policy requiring file
    signatures, the "good" signature values are stored on the filesystem as
    extended attributes (security.ima).  Signature verification failure
    would normally be limited to just a particular file (eg. executable),
    but during boot signature verification failure could result in a system
    hang.
    
    Defining and requiring a new public_key_signature field requires all
    callers of asymmetric signature verification to be updated to reflect
    the change.  This patch updates the integrity asymmetric_verify()
    caller.
    
    Fixes: 82f94f24475c ("KEYS: Provide software public key query function [ver #2]")
    Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
    Cc: David Howells <dhowells@redhat.com>
    Acked-by: Denis Kenzior <denkenz@gmail.com>
    Signed-off-by: James Morris <james.morris@microsoft.com>

Comments

pr-tracker-bot@kernel.org Nov. 14, 2018, 11:20 p.m. UTC | #1 
The pull request you sent on Wed, 14 Nov 2018 08:17:19 +1100 (AEDT):

> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git fixes-v4.20-rc3

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/e4c4b0e45dfd1212831ad5bd129c6781d55e162a

Thank you!
diff mbox series

Patch

diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 6dc075144508..d775e03fbbcc 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -106,6 +106,7 @@  int asymmetric_verify(struct key *keyring, const char *sig,
 
 	pks.pkey_algo = "rsa";
 	pks.hash_algo = hash_algo_name[hdr->hash_algo];
+	pks.encoding = "pkcs1";
 	pks.digest = (u8 *)data;
 	pks.digest_size = datalen;
 	pks.s = hdr->sig;