dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-07-01 21:31:14 +02:00
Code Releases Activity

Read keyid from the cert appended to the key file

Browse Source 
Allow to have certificate appended to the private key of `--key'
specified (PEM) file (for v2 signing) to facilitate reading of keyid
from the associated cert. This will allow users to have private and
public key as a single file and avoid the need of manually specifying
keyid. There is no check that public key form the cert matches
associated private key.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov
2021-07-16 18:16:02 +03:00
committed by Mimi Zohar
parent 0e7a00e26b
commit 40621b2259
4 changed files with 35 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/libimaevm.c
View File

@ -976,8 +976,12 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
if (imaevm_params.keyid)
keyid = htonl(imaevm_params.keyid);
else
calc_keyid_v2(&keyid, name, pkey);
else {
int keyid_read_failed = read_keyid_from_cert(&keyid, keyfile, false);
if (keyid_read_failed)
calc_keyid_v2(&keyid, name, pkey);
}
hdr->keyid = keyid;
st = "EVP_PKEY_CTX_new";