Commit fd35f192 authored by Mimi Zohar's avatar Mimi Zohar Committed by James Morris
Browse files

integrity: support new struct public_key_signature encoding field

On systems with IMA-appraisal enabled with a policy requiring file
signatures, the "good" signature values are stored on the filesystem as
extended attributes (security.ima).  Signature verification failure
would normally be limited to just a particular file (eg. executable),
but during boot signature verification failure could result in a system

Defining and requiring a new public_key_signature field requires all
callers of asymmetric signature verification to be updated to reflect
the change.  This patch updates the integrity asymmetric_verify()

Fixes: 82f94f24

 ("KEYS: Provide software public key query function [ver #2]")
Signed-off-by: default avatarMimi Zohar <>
Cc: David Howells <>
Acked-by: default avatarDenis Kenzior <>
Signed-off-by: default avatarJames Morris <>
parent ccda4af0
......@@ -106,6 +106,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
pks.pkey_algo = "rsa";
pks.hash_algo = hash_algo_name[hdr->hash_algo];
pks.encoding = "pkcs1";
pks.digest = (u8 *)data;
pks.digest_size = datalen;
pks.s = hdr->sig;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment