dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-27 22:32:31 +02:00
Code Releases Activity

ima-evm-utils: Remove not needed argument from verify_hash_v2

Browse Source 
Since we now always call verify_hash_v2() with NULL keyfile (assuming
all keys are already loaded into public_keys list), remove keyfile
argument and its handling from verify_hash_v2().

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
[zohar@linux.ibm.com: make verify_hash_v1() and verify_hash_v2() static.]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov 2019-07-19 00:35:09 +03:00 committed by Mimi Zohar
parent 3359563dbe
commit 42d1636f52
1 changed files with 10 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/libimaevm.c
View File

@ -351,8 +351,8 @@ RSA *read_pub_key(const char *keyfile, int x509)
return key;
}
int verify_hash_v1(const char *file, const unsigned char *hash, int size,
unsigned char *sig, int siglen, const char *keyfile)
static int verify_hash_v1(const char *file, const unsigned char *hash, int size,
unsigned char *sig, int siglen, const char *keyfile)
{
int err, len;
SHA_CTX ctx;
@ -452,8 +452,8 @@ void init_public_keys(const char *keyfiles)
/*
* Return: 0 verification good, 1 verification bad, -1 error.
*/
int verify_hash_v2(const char *file, const unsigned char *hash, int size,
unsigned char *sig, int siglen, const char *keyfile)
static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
unsigned char *sig, int siglen)
{
int ret = -1;
EVP_PKEY *pkey, *pkey_free = NULL;
@ -467,20 +467,13 @@ int verify_hash_v2(const char *file, const unsigned char *hash, int size,
log_dump(hash, size);
}
if (public_keys) {
pkey = find_keyid(hdr->keyid);
if (!pkey) {
uint32_t keyid = hdr->keyid;
pkey = find_keyid(keyid);
if (!pkey) {
log_err("%s: unknown keyid: %x\n", file,
__be32_to_cpup(&keyid));
return -1;
}
} else {
pkey = read_pub_pkey(keyfile, 1);
if (!pkey)
return -1;
pkey_free = pkey;
log_err("%s: unknown keyid: %x\n", file,
__be32_to_cpup(&keyid));
return -1;
}
st = "EVP_PKEY_CTX_new";
@ -581,7 +574,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
key = "/etc/keys/pubkey_evm.pem";
return verify_hash_v1(file, hash, size, sig, siglen, key);
} else if (sig[0] == DIGSIG_VERSION_2) {
return verify_hash_v2(file, hash, size, sig, siglen, NULL);
return verify_hash_v2(file, hash, size, sig, siglen);
} else
return -1;
}