From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756170AbcBXGA1 (ORCPT <rfc822;w@1wt.eu>);
	Wed, 24 Feb 2016 01:00:27 -0500
Received: from e23smtp07.au.ibm.com ([202.81.31.140]:48153 "EHLO
	e23smtp07.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750996AbcBXGAZ (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 24 Feb 2016 01:00:25 -0500
X-IBM-Helo: d23dlp01.au.ibm.com
X-IBM-MailFrom: zohar@linux.vnet.ibm.com
X-IBM-RcptTo: keyrings@vger.kernel.org;linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org
Message-ID: <1456293568.2887.2.camel@linux.vnet.ibm.com>
Subject: Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto
 layer
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, tadeusz.struk@intel.com
Date: Wed, 24 Feb 2016 00:59:28 -0500
In-Reply-To: <1456290244.2651.10.camel@linux.vnet.ibm.com>
References: <20160219171806.17223.91381.stgit@warthog.procyon.org.uk>
	 <20160219171836.17223.9507.stgit@warthog.procyon.org.uk>
	 <1456290244.2651.10.camel@linux.vnet.ibm.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16022406-0025-0000-0000-00000303DD60
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2016-02-24 at 00:04 -0500, Mimi Zohar wrote:
> On Fri, 2016-02-19 at 17:18 +0000, David Howells wrote:
> 
> >  /*
> >   * Verify a signature using a public key.
> >   */
> >  int public_key_verify_signature(const struct public_key *pkey,
> >  				const struct public_key_signature *sig)
> >  {
> > +	struct public_key_completion compl;
> > +	struct crypto_akcipher *tfm;
> > +	struct akcipher_request *req;
> > +	struct scatterlist sig_sg, digest_sg;
> > +	int ret = -ENOMEM;
> > +
> > +	pr_devel("==>%s()\n", __func__);
> > +
> >  	BUG_ON(!pkey);
> >  	BUG_ON(!sig);
> >  	BUG_ON(!sig->digest);
> >  	BUG_ON(!sig->s);
> > 
> > -	if (pkey->pkey_algo >= PKEY_ALGO__LAST)
> > -		return -ENOPKG;
> > +	tfm = crypto_alloc_akcipher(pkey_algo_name[sig->pkey_algo], 0, 0);
> > +	if (IS_ERR(tfm))
> > +		return PTR_ERR(tfm);
> 
> IMA fails here.

Please include the following fix in this patch.

diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 2fa3bc6..69a92e6 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -103,6 +103,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
 
 	memset(&pks, 0, sizeof(pks));
 
+	pks.pkey_algo = PKEY_ALGO_RSA;
 	pks.pkey_hash_algo = hdr->hash_algo;
 	pks.digest = (u8 *)data;
 	pks.digest_size = datalen;
-- 
2.1.0