• Mimi Zohar's avatar
    integrity: support new struct public_key_signature encoding field · 59637d5e
    Mimi Zohar authored
    On systems with IMA-appraisal enabled with a policy requiring file
    signatures, the "good" signature values are stored on the filesystem as
    extended attributes (security.ima).  Signature verification failure
    would normally be limited to just a particular file (eg. executable),
    but during boot signature verification failure could result in a system
    hang.
    
    Defining and requiring a new public_key_signature field requires all
    callers of asymmetric signature verification to be updated to reflect
    the change.  This patch updates the integrity asymmetric_verify()
    caller.
    
    Fixes: 82f94f24 ("KEYS: Provide software public key query function [ver #2]")
    Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    Cc: David Howells <dhowells@redhat.com>
    Acked-by: default avatarDenis Kenzior <denkenz@gmail.com>
    59637d5e
digsig_asymmetric.c 3.43 KB