Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp685737pxb; Fri, 28 Jan 2022 07:59:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJzoB83h2SbNWjpamA/kEmTU0vWmUlsgUISbE15HknaDhSkLXw25bii2fgTs5GMrp23HRmg/ X-Received: by 2002:a63:475e:: with SMTP id w30mr7138806pgk.175.1643385581927; Fri, 28 Jan 2022 07:59:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643385581; cv=none; d=google.com; s=arc-20160816; b=NYHwKg971X6Pbd0ulBVZmz6iBTi1zI4d8ig8QeB5ICvY6xrSIOQjIIWGOzRnh4rsfQ O9Ikh/yB/Bnumr0GqIYp65TkzZOgz9cDeJP7HUiXJWj5IAYi6ezU59wGY+4n2Si7HHyH YrGzCpCw+woYxZZ8Po4JKx6z3OllhGtjfrjEhW2+nka5kCUh7TTLPLB+cVvec8tvqQjA /HKxLkVz/w/8bVyu12RHL9So+P8bfJPw6EjQgCf41wiZgKZQAO9PPD7GwTAEaa8mCcNH kF778Piymz7ktx/WD8oweVRWLg1ALbx8BpaRJZDYDyl5FlQs0CXvDrkxNOUvkrTmphyd t9Xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=BWAmN4MORUVU1jnSV0mYZqh5klNYFMMxTRXQWccVgWw=; b=erGdxpdY8eZDV2YaUQNapkvU2F11fA0D4IeWUskK0SV7HzUgdXd106YsfLoethC0eW rcAkTiofFEDDYAz27LsS+WcMEKuchuHgqxY6LmaJSRj3SCRiJMV+6ZR4rNb19s+jfMLR Bz7PWWfVFAag0bMjgWx5Rma9VCV48azI8QfOjJ3WM/xiSwZbi1cS8HN3LUFlftdmiKTt c43QR4ihvUDn3CqYn9Hz9VRdV3Ba0sO2E/P8KlL9hT8aA9lCYrVRBUbAni0fT9+tPDeS Ee25m/uYstDPD0e76Z3xKiXbp5bat+6rdsExicGA9RnE5R4OqcVjapP9uDWRvKhWBWcv JrhA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a12si6057099pfv.135.2022.01.28.07.59.06; Fri, 28 Jan 2022 07:59:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242344AbiA0Sqh (ORCPT + 99 others); Thu, 27 Jan 2022 13:46:37 -0500 Received: from frasgout.his.huawei.com ([185.176.79.56]:4534 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236489AbiA0Sqc (ORCPT ); Thu, 27 Jan 2022 13:46:32 -0500 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Jl8bk6DQ8z67N6L; Fri, 28 Jan 2022 02:42:58 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Thu, 27 Jan 2022 19:46:30 +0100 From: Roberto Sassu To: CC: , , , , , Roberto Sassu Subject: [RFC][PATCH v3a 08/11] fsverity: Completely disable signature verification if not requested Date: Thu, 27 Jan 2022 19:46:12 +0100 Message-ID: <20220127184614.2837938-4-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20220127184614.2837938-1-roberto.sassu@huawei.com> References: <20220127184614.2837938-1-roberto.sassu@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, fsverity verifies the signature, if supplied, regardless of whether signature verification is requested or not. Completely disable signature verification, if not requested, so that other users of fsverity can do their own verification without relying on the fsverity-specific verification to work. Signed-off-by: Roberto Sassu --- fs/verity/signature.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/verity/signature.c b/fs/verity/signature.c index 143a530a8008..b45a2cea6c59 100644 --- a/fs/verity/signature.c +++ b/fs/verity/signature.c @@ -45,13 +45,13 @@ int fsverity_verify_signature(const struct fsverity_info *vi, struct fsverity_formatted_digest *d; int err; - if (sig_size == 0) { - if (fsverity_require_signatures) { - fsverity_err(inode, - "require_signatures=1, rejecting unsigned file!"); - return -EPERM; - } + if (!fsverity_require_signatures) return 0; + + if (sig_size == 0) { + fsverity_err(inode, + "require_signatures=1, rejecting unsigned file!"); + return -EPERM; } d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL); -- 2.32.0