From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
To: Mimi Zohar <zohar@linux.ibm.com>, Petr Vorel <pvorel@suse.cz>,
Vitaly Chikunov <vt@altlinux.org>,
Stefan Berger <stefanb@linux.ibm.com>,
linux-integrity@vger.kernel.org,
Jia Zhang <zhang.jia@linux.alibaba.com>,
"YiLin . Li" <YiLin.Li@linux.alibaba.com>
Subject: Re: [PATCH ima-evm-utils v7] ima-evm-utils: Support SM2/3 algorithm for sign and verify
Date: Thu, 22 Jul 2021 10:09:09 +0800 [thread overview]
Message-ID: <2e064a17-ed77-10a2-3d4c-03665b921a64@linux.alibaba.com> (raw)
In-Reply-To: <090dad3a30d709e6fbc9d20a4d283d68e27e1620.camel@linux.ibm.com>
Hi Mimi,
On 7/22/21 2:02 AM, Mimi Zohar wrote:
> Hi Tianjia,
>
> On Wed, 2021-07-21 at 11:16 +0800, Tianjia Zhang wrote:
>> Keep in sync with the kernel IMA, IMA signature tool supports SM2/3
>> algorithm combination. Because in the current version of OpenSSL 1.1.1,
>> the SM2 algorithm and the public key using the EC algorithm share the
>> same ID 'EVP_PKEY_EC', and the specific algorithm can only be
>> distinguished by the curve name used. This patch supports this feature.
>>
>> Secondly, the openssl 1.1.1 tool does not fully support the signature
>> of SM2/3 algorithm combination, so the openssl3 tool is used in the
>> test case, and there is no this problem with directly calling the
>> openssl 1.1.1 API in evmctl.
>>
>> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
>
> Other than the change noted below in .travis.yml, it's fine. It's now
> queued in next-testing.
>
>> ---
>
>> diff --git a/.travis.yml b/.travis.yml
>> index 7a76273..ab030e5 100644
>> --- a/.travis.yml
>> +++ b/.travis.yml
>> @@ -9,7 +9,7 @@ matrix:
>> include:
>> # 32 bit build
>> - os: linux
>> - env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss
>> + env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss COMPILE_SSL: openssl-3.0.0-beta1
>
>
> "COMPILE_SSL: openssl-3.0.0-beta1" -> "COMPILE_SSL=openssl-3.0.0-
> beta1"
>
> thanks,
>
> Mimi
>
I was careless, thanks for the change.
Best regards,
Tianjia
>> compiler: gcc
>>
>> # cross compilation builds
>> @@ -32,7 +32,7 @@ matrix:
>>
>> # glibc (gcc/clang)
>> - os: linux
>> - env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/runc --network=host"
>> + env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/runc --network=host" COMPILE_SSL: openssl-3.0.0-beta1
>> compiler: clang
>>
>> - os: linux
>> @@ -40,7 +40,7 @@ matrix:
>> compiler: gcc
>>
>> - os: linux
>> - env: DISTRO=ubuntu:groovy TSS=ibmtss
>> + env: DISTRO=ubuntu:groovy TSS=ibmtss COMPILE_SSL: openssl-3.0.0-beta1
>> compiler: gcc
>>
>> - os: linux
>>
>
prev parent reply other threads:[~2021-07-22 2:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-21 3:16 [PATCH ima-evm-utils v7] ima-evm-utils: Support SM2/3 algorithm for sign and verify Tianjia Zhang
2021-07-21 15:35 ` Petr Vorel
2021-07-21 18:02 ` Mimi Zohar
2021-07-22 2:09 ` Tianjia Zhang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2e064a17-ed77-10a2-3d4c-03665b921a64@linux.alibaba.com \
--to=tianjia.zhang@linux.alibaba.com \
--cc=YiLin.Li@linux.alibaba.com \
--cc=linux-integrity@vger.kernel.org \
--cc=pvorel@suse.cz \
--cc=stefanb@linux.ibm.com \
--cc=vt@altlinux.org \
--cc=zhang.jia@linux.alibaba.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.