On Wed, Feb 02, 2022 at 07:55:43AM -0500, Stefan Berger wrote: > > On 2/2/22 01:59, Vitaly Chikunov wrote: > > Rarely used `keyctl pkey_verify' can verify raw signatures, but was > > failing, because ECDSA/EC-RDSA signature sizes are twice key sizes which > > does not pass in/out sizes check in keyctl_pkey_params_get_2. > > This in turn because these values cannot be distinguished by a single > > `max_size' callback return value. > > Also, `keyctl pkey_query` displays incorrect `max_sig_size' about these > > algorithms. > > > > Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx> > > How do you use pkey_query? > > $ keyctl padd asymmetric testkey %keyring:test < cert.der > 385037223 > $ keyctl pkey_query 385037223 '' > Password passing is not yet supported > $ keyctl pkey_query 385037223 > Format: > keyctl --version > keyctl add <type> <desc> <data> <keyring> > [...] > > $ keyctl unlink 385037223 > 1 links removed A keyctl transcript of the failing case would be really educating addition to the commit message (low-barrier to test this patch). BR, Jarkko
