On 2/2/22 01:59, Vitaly Chikunov wrote:
Rarely used `keyctl pkey_verify' can verify raw signatures, but was failing, because ECDSA/EC-RDSA signature sizes are twice key sizes which does not pass in/out sizes check in keyctl_pkey_params_get_2. This in turn because these values cannot be distinguished by a single `max_size' callback return value. Also, `keyctl pkey_query` displays incorrect `max_sig_size' about these algorithms. Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>
How do you use pkey_query? $ keyctl padd asymmetric testkey %keyring:test < cert.der 385037223 $ keyctl pkey_query 385037223 '' Password passing is not yet supported $ keyctl pkey_query 385037223 Format: keyctl --version keyctl add <type> <desc> <data> <keyring> [...] $ keyctl unlink 385037223 1 links removed
