Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5884702imu;
        Tue, 13 Nov 2018 13:18:11 -0800 (PST)
X-Google-Smtp-Source: AJdET5ciMhMpHjTcpzetDyWTQCUBzveaplNgUFu5V75465b28oYYkZj1uxfcMurEMsbvxBFiI6EJ
X-Received: by 2002:a63:5f95:: with SMTP id t143mr6320395pgb.395.1542143891754;
        Tue, 13 Nov 2018 13:18:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542143891; cv=none;
        d=google.com; s=arc-20160816;
        b=EIPnR08F+9xlc436SCfha1U3U/nracbGJHAz2kXl13zvekw9T5uIXb4kwBF91iWunn
         9Ge4locg/BTujGQuGZHJGGxFIwzVyAy7wEO0AlC8RE0ZpAFW/Qzdfbpa6nN7qus+V2xJ
         oX23MbQNBMpwwhZvm6z0cbQDPxoZuogypRCOfpIvIcHkmBVf/fkolS1uDstB5/sT2V9V
         /ohcnwz94cPp9ZlaB/tvdzyC6BTY23IlghgUph4xFNKDAFLFrzE7+tXLYg4s0iflZNo3
         rS8M0iqgGn4c6s62100o03/IsXnh3/oB27SNoj+CWT8uPRJRKKOM5AE/MUIuYIWC1DoS
         LVnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:message-id
         :subject:cc:to:from:date;
        bh=7JSVnp3xoWBurrxrSDYuxgFLqmwSHfkusGEWb2DJ+yo=;
        b=UE9yB28HT3oi48OHVwc6PrpLBVfTz91gE6bqW2AClMkcdyRdHDescJY0UKpFw03g8O
         UIyfgieG67muUt6QRgwRu0szxpPE7CG3ZbDHtWviJ6tZtCbedVScbdu6nKPrnI9IOmUk
         puFJ/xF+0s1eC+a3uyCGmcnVc/BaiH0VTdaP0Kh7prXoyv0AGP07uz+YAj3vc3JmwfOY
         +ptYTYcV3u0G9sC1OfXEP5OEFKQ6fgkhhFvcjuLBRixkcsrmhCpoG4z6TQ4+USwfQvBp
         w0linatZzA2+nJDnZ69pnjCK+MVNHKBcJA27BKh7Yn1njSPjBeFegRfkRLjSbvLrEo6g
         5M1g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y15-v6si9362147pfc.183.2018.11.13.13.17.51;
        Tue, 13 Nov 2018 13:18:11 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727005AbeKNHRU (ORCPT <rfc822;chauncqc@gmail.com> + 99 others);
        Wed, 14 Nov 2018 02:17:20 -0500
Received: from namei.org ([65.99.196.166]:53100 "EHLO namei.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725748AbeKNHRU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Nov 2018 02:17:20 -0500
Received: from localhost (localhost [127.0.0.1])
        by namei.org (8.14.4/8.14.4) with ESMTP id wADLHJCR015343;
        Tue, 13 Nov 2018 21:17:20 GMT
Date:   Wed, 14 Nov 2018 08:17:19 +1100 (AEDT)
From:   James Morris <jmorris@namei.org>
To:     Linus Torvalds <torvalds@linux-foundation.org>
cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: [GIT PULL] integrity: fixup for new struct public_key_signature
 encoding field
Message-ID: <alpine.LRH.2.21.1811140813530.15226@namei.org>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Linus,

Please pull this fix for a bug introduced with '82f94f24475c ("KEYS: 
Provide software public key query function [ver #2]")'.


The following changes since commit ccda4af0f4b92f7b4c308d3acc262f4a7e3affad:

  Linux 4.20-rc2 (2018-11-11 17:12:31 -0600)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git fixes-v4.20-rc3

for you to fetch changes up to fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca:

  integrity: support new struct public_key_signature encoding field (2018-11-13 13:09:56 -0800)

----------------------------------------------------------------
Mimi Zohar (1):
      integrity: support new struct public_key_signature encoding field

 security/integrity/digsig_asymmetric.c | 1 +
 1 file changed, 1 insertion(+)

---
commit fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca
Author: Mimi Zohar <zohar@linux.ibm.com>
Date:   Fri Nov 9 00:53:40 2018 -0500

    integrity: support new struct public_key_signature encoding field
    
    On systems with IMA-appraisal enabled with a policy requiring file
    signatures, the "good" signature values are stored on the filesystem as
    extended attributes (security.ima).  Signature verification failure
    would normally be limited to just a particular file (eg. executable),
    but during boot signature verification failure could result in a system
    hang.
    
    Defining and requiring a new public_key_signature field requires all
    callers of asymmetric signature verification to be updated to reflect
    the change.  This patch updates the integrity asymmetric_verify()
    caller.
    
    Fixes: 82f94f24475c ("KEYS: Provide software public key query function [ver #2]")
    Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
    Cc: David Howells <dhowells@redhat.com>
    Acked-by: Denis Kenzior <denkenz@gmail.com>
    Signed-off-by: James Morris <james.morris@microsoft.com>

diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 6dc075144508..d775e03fbbcc 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -106,6 +106,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
 
 	pks.pkey_algo = "rsa";
 	pks.hash_algo = hash_algo_name[hdr->hash_algo];
+	pks.encoding = "pkcs1";
 	pks.digest = (u8 *)data;
 	pks.digest_size = datalen;
 	pks.s = hdr->sig;