Re: [PATCH ima-evm-utils v7] ima-evm-utils: Support SM2/3 algorithm for sign and verify
From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2021-07-21 18:02:51
Hi Tianjia, On Wed, 2021-07-21 at 11:16 +0800, Tianjia Zhang wrote:
Keep in sync with the kernel IMA, IMA signature tool supports SM2/3 algorithm combination. Because in the current version of OpenSSL 1.1.1, the SM2 algorithm and the public key using the EC algorithm share the same ID 'EVP_PKEY_EC', and the specific algorithm can only be distinguished by the curve name used. This patch supports this feature. Secondly, the openssl 1.1.1 tool does not fully support the signature of SM2/3 algorithm combination, so the openssl3 tool is used in the test case, and there is no this problem with directly calling the openssl 1.1.1 API in evmctl. Signed-off-by: Tianjia Zhang <redacted>
Other than the change noted below in .travis.yml, it's fine. It's now queued in next-testing.
---
quoted hunk ↗ jump to hunk
diff --git a/.travis.yml b/.travis.yml index 7a76273..ab030e5 100644 --- a/.travis.yml +++ b/.travis.yml@@ -9,7 +9,7 @@ matrix: include: # 32 bit build - os: linux - env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss + env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss COMPILE_SSL: openssl-3.0.0-beta1
"COMPILE_SSL: openssl-3.0.0-beta1" -> "COMPILE_SSL=openssl-3.0.0- beta1" thanks, Mimi
quoted hunk ↗ jump to hunk
compiler: gcc # cross compilation builds@@ -32,7 +32,7 @@ matrix: # glibc (gcc/clang) - os: linux - env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/runc --network=host" + env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/runc --network=host" COMPILE_SSL: openssl-3.0.0-beta1 compiler: clang - os: linux@@ -40,7 +40,7 @@ matrix: compiler: gcc - os: linux - env: DISTRO=ubuntu:groovy TSS=ibmtss + env: DISTRO=ubuntu:groovy TSS=ibmtss COMPILE_SSL: openssl-3.0.0-beta1 compiler: gcc - os: linux