integrity: support new struct public_key_signature encoding field
On systems with IMA-appraisal enabled with a policy requiring file
signatures, the "good" signature values are stored on the filesystem as
extended attributes (security.ima). Signature verification failure
would normally be limited to just a particular file (eg. executable),
but during boot signature verification failure could result in a system
hang.
Defining and requiring a new public_key_signature field requires all
callers of asymmetric signature verification to be updated to reflect
the change. This patch updates the integrity asymmetric_verify()
caller.
Fixes: 82f94f2447
("KEYS: Provide software public key query function [ver #2]")
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Acked-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
This commit is contained in:
parent
ccda4af0f4
commit
fd35f192e4
|
@ -106,6 +106,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
|
|||
|
||||
pks.pkey_algo = "rsa";
|
||||
pks.hash_algo = hash_algo_name[hdr->hash_algo];
|
||||
pks.encoding = "pkcs1";
|
||||
pks.digest = (u8 *)data;
|
||||
pks.digest_size = datalen;
|
||||
pks.s = hdr->sig;
|
||||
|
|
Loading…
Reference in New Issue