On 12/14/2015 05:24 AM, Mimi Zohar wrote: > On Sat, 2015-12-12 at 18:26 -0800, Tadeusz Struk wrote: >> Convert asymmetric_verify to akcipher api. >> >> Signed-off-by: Tadeusz Struk <tadeusz.st...@intel.com> >> --- >> security/integrity/Kconfig | 1 + >> security/integrity/digsig_asymmetric.c | 10 +++------- >> 2 files changed, 4 insertions(+), 7 deletions(-) >> >> diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig >> index 73c457b..f0b2463 100644 >> --- a/security/integrity/Kconfig >> +++ b/security/integrity/Kconfig >> @@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS >> select ASYMMETRIC_KEY_TYPE >> select ASYMMETRIC_PUBLIC_KEY_SUBTYPE >> select PUBLIC_KEY_ALGO_RSA >> + select CRYPTO_RSA >> select X509_CERTIFICATE_PARSER >> help >> This option enables digital signature verification using >> diff --git a/security/integrity/digsig_asymmetric.c >> b/security/integrity/digsig_asymmetric.c >> index 4fec181..5629372 100644 >> --- a/security/integrity/digsig_asymmetric.c >> +++ b/security/integrity/digsig_asymmetric.c >> @@ -92,13 +92,9 @@ int asymmetric_verify(struct key *keyring, const char >> *sig, >> pks.pkey_hash_algo = hdr->hash_algo; >> pks.digest = (u8 *)data; >> pks.digest_size = datalen; >> - pks.nr_mpi = 1; >> - pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen); >> - >> - if (pks.rsa.s) >> - ret = verify_signature(key, &pks); >> - >> - mpi_free(pks.rsa.s); >> + pks.s = hdr->sig; > > Thanks! With this change, my system is now able to boot. > Thanks Mimi.
David, do you have any comments to this patch set? If not could you ACK please. Thanks, -- TS -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
