+3 -2

security/integrity/digsig.c

reviewed

··· 44 44 } 45 45 } 46 46 47 47 - switch (sig[0]) { 47 47 + switch (sig[1]) { 48 48 case 1: 49 49 - return digsig_verify(keyring[id], sig, siglen, 49 49 + /* v1 API expect signature without xattr type */ 50 50 + return digsig_verify(keyring[id], sig + 1, siglen - 1, 50 51 digest, digestlen); 51 52 case 2: 52 53 return asymmetric_verify(keyring[id], sig, siglen,

+2 -2

security/integrity/evm/evm_main.c

reviewed

··· 123 123 goto out; 124 124 } 125 125 126 126 - xattr_len = rc - 1; 126 126 + xattr_len = rc; 127 127 128 128 /* check value type */ 129 129 switch (xattr_data->type) { ··· 143 143 if (rc) 144 144 break; 145 145 rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM, 146 146 - xattr_data->digest, xattr_len, 146 146 + (const char *)xattr_data, xattr_len, 147 147 calc.digest, sizeof(calc.digest)); 148 148 if (!rc) { 149 149 /* we probably want to replace rsa with hmac here */

+1 -1

security/integrity/ima/ima_appraise.c

reviewed

··· 205 205 case EVM_IMA_XATTR_DIGSIG: 206 206 iint->flags |= IMA_DIGSIG; 207 207 rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA, 208 208 - xattr_value->digest, rc - 1, 208 208 + (const char *)xattr_value, rc, 209 209 iint->ima_hash.digest, 210 210 iint->ima_hash.length); 211 211 if (rc == -EOPNOTSUPP) {

+1

security/integrity/integrity.h

reviewed

··· 74 74 * signature format v2 - for using with asymmetric keys 75 75 */ 76 76 struct signature_v2_hdr { 77 77 + uint8_t type; /* xattr type */ 77 78 uint8_t version; /* signature format version */ 78 79 uint8_t hash_algo; /* Digest algorithm [enum pkey_hash_algo] */ 79 80 uint32_t keyid; /* IMA key identifier - not X509/PGP specific */