dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-28 06:33:36 +02:00
Code Releases Activity

ima-evm-utils: Remove not needed argument from verify_hash_v2

Browse Source 
Since we now always call verify_hash_v2() with NULL keyfile (assuming
all keys are already loaded into public_keys list), remove keyfile
argument and its handling from verify_hash_v2().

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
[zohar@linux.ibm.com: make verify_hash_v1() and verify_hash_v2() static.]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov 2019-07-19 00:35:09 +03:00 committed by Mimi Zohar
parent 3359563dbe
commit 42d1636f52
1 changed files with 10 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/libimaevm.c
View File

@ -351,7 +351,7 @@ RSA *read_pub_key(const char *keyfile, int x509)
return key; return key;
} }
int verify_hash_v1(const char *file, const unsigned char *hash, int size, static int verify_hash_v1(const char *file, const unsigned char *hash, int size,
unsigned char *sig, int siglen, const char *keyfile) unsigned char *sig, int siglen, const char *keyfile)
{ {
int err, len; int err, len;
@ -452,8 +452,8 @@ void init_public_keys(const char *keyfiles)
/* /*
* Return: 0 verification good, 1 verification bad, -1 error. * Return: 0 verification good, 1 verification bad, -1 error.
*/ */
int verify_hash_v2(const char *file, const unsigned char *hash, int size, static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
unsigned char *sig, int siglen, const char *keyfile) unsigned char *sig, int siglen)
{ {
int ret = -1; int ret = -1;
EVP_PKEY *pkey, *pkey_free = NULL; EVP_PKEY *pkey, *pkey_free = NULL;
@ -467,21 +467,14 @@ int verify_hash_v2(const char *file, const unsigned char *hash, int size,
log_dump(hash, size); log_dump(hash, size);
} }
if (public_keys) { pkey = find_keyid(hdr->keyid);
if (!pkey) {
uint32_t keyid = hdr->keyid; uint32_t keyid = hdr->keyid;
pkey = find_keyid(keyid);
if (!pkey) {
log_err("%s: unknown keyid: %x\n", file, log_err("%s: unknown keyid: %x\n", file,
__be32_to_cpup(&keyid)); __be32_to_cpup(&keyid));
return -1; return -1;
} }
} else {
pkey = read_pub_pkey(keyfile, 1);
if (!pkey)
return -1;
pkey_free = pkey;
}
st = "EVP_PKEY_CTX_new"; st = "EVP_PKEY_CTX_new";
if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
@ -581,7 +574,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
key = "/etc/keys/pubkey_evm.pem"; key = "/etc/keys/pubkey_evm.pem";
return verify_hash_v1(file, hash, size, sig, siglen, key); return verify_hash_v1(file, hash, size, sig, siglen, key);
} else if (sig[0] == DIGSIG_VERSION_2) { } else if (sig[0] == DIGSIG_VERSION_2) {
return verify_hash_v2(file, hash, size, sig, siglen, NULL); return verify_hash_v2(file, hash, size, sig, siglen);
} else } else
return -1; return -1;
} }