Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 536

kernel-2.6.18-238.el5.src.rpm

From: Jarod Wilson <jarod@redhat.com>
Date: Wed, 5 Nov 2008 15:28:51 -0500
Subject: [crypto] export DSA_verify as a gpl symbol
Message-id: 200811051528.51210.jarod@redhat.com
O-Subject: [RHEL5.4 PATCH] crypto: export DSA_verify as a gpl symbol
Bugzilla: 470111
RH-Acked-by: Mikulas Patocka <mpatocka@redhat.com>
RH-Acked-by: David Miller <davem@redhat.com>
RH-Acked-by: Neil Horman <nhorman@redhat.com>

Bug #470111: FIPS certification requires exporting DSA_verify function
https://bugzilla.redhat.com/show_bug.cgi?id=470111

Description
-----------
In order to pass FIPS CAVS testing and rely upon our kernel module signing infrastructure, we need to be able to
certify our DSA verification implementation in the kernel. To do so, the DSA_verify function needs to be exported, so
that the test infrastructure bits can use it.

Test Status
-----------
With this export, the testing bits that currently reside here...

http://git.engineering.redhat.com/?p=users/jwilson/fips-cavs-kernel-test.git;a=summary

...are now able to pass in FIPS CAVS dsa signature verification test vectors and return pass/fail results.

Upstream Status
---------------
Um, yeah. This is a patch to our not-upstream kernel module signing patches, so not applicable. Although it begs the
question... Are we going to forward-port the module signing patches for RHEL6? And/or try (again) to get them
upstream?

Anyhow, its all GPL code, and nobody else is actually using it, so I went with EXPORT_SYMBOL_GPL over non-GPL.

Please ACK.

diff --git a/crypto/signature/dsa.c b/crypto/signature/dsa.c
index 5b5c736..bd5e954 100644
--- a/crypto/signature/dsa.c
+++ b/crypto/signature/dsa.c
@@ -96,3 +96,4 @@ int DSA_verify(const MPI datahash, const MPI sig[], const MPI pkey[])
 	mpi_free(v);
 	return rc;
 } /* end DSA_verify() */
+EXPORT_SYMBOL_GPL(DSA_verify);