Re: [RFC PATCH] KEYS: Double max_size to make keyctl pkey_verify work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 2/2/22 01:59, Vitaly Chikunov wrote:
Rarely used `keyctl pkey_verify' can verify raw signatures, but was
failing, because ECDSA/EC-RDSA signature sizes are twice key sizes which
does not pass in/out sizes check in keyctl_pkey_params_get_2.
This in turn because these values cannot be distinguished by a single
`max_size' callback return value.
Also, `keyctl pkey_query` displays incorrect `max_sig_size' about these
algorithms.

Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>

How do you use pkey_query?

$ keyctl padd asymmetric testkey %keyring:test < cert.der
385037223
$ keyctl pkey_query 385037223 ''
Password passing is not yet supported
$ keyctl pkey_query 385037223
Format:
  keyctl --version
  keyctl add <type> <desc> <data> <keyring>
[...]

$ keyctl unlink 385037223
1 links removed





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux