dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-28 06:33:36 +02:00
Code Releases Activity

ima-evm-utils: Namespace some too generic object names

Browse Source 
Prefix `dump', `do_dump', and `params' with `imaevm_' to avoid colliding
with other global symbols.
Also, rename `libevm_' to `libimaevm_`, only used with `params'.
Additionally, rename `dump' into `hexdump'.
Finally, rename `get_hash_algo' to `imaevm_get_hash_algo' as suggested by
Mimi Zohar.

Lines that became too long are split, indent corrected. No code changes.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Bruno E. O. Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov 2019-07-25 17:11:14 +03:00 committed by Mimi Zohar
parent a1b149bda4
commit c317d4618f
3 changed files with 89 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
src/evmctl.c
View File

@ -403,9 +403,10 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
return -1; return -1;
} }
md = EVP_get_digestbyname(params.hash_algo); md = EVP_get_digestbyname(imaevm_params.hash_algo);
if (!md) { if (!md) {
log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); log_err("EVP_get_digestbyname(%s) failed\n",
imaevm_params.hash_algo);
return 1; return 1;
} }
@ -549,7 +550,7 @@ static int sign_evm(const char *file, const char *key)
return len; return len;
assert(len <= sizeof(hash)); assert(len <= sizeof(hash));
len = sign_hash(params.hash_algo, hash, len, key, NULL, sig + 1); len = sign_hash(imaevm_params.hash_algo, hash, len, key, NULL, sig + 1);
if (len <= 1) if (len <= 1)
return len; return len;
assert(len < sizeof(sig)); assert(len < sizeof(sig));
@ -564,8 +565,8 @@ static int sign_evm(const char *file, const char *key)
if (evm_immutable) if (evm_immutable)
sig[1] = 3; /* immutable signature version */ sig[1] = 3; /* immutable signature version */
if (sigdump || params.verbose >= LOG_INFO) if (sigdump || imaevm_params.verbose >= LOG_INFO)
dump(sig, len); imaevm_hexdump(sig, len);
if (xattr) { if (xattr) {
err = lsetxattr(file, xattr_evm, sig, len, 0); err = lsetxattr(file, xattr_evm, sig, len, 0);
@ -582,10 +583,10 @@ static int hash_ima(const char *file)
{ {
unsigned char hash[MAX_DIGEST_SIZE + 2]; /* +2 byte xattr header */ unsigned char hash[MAX_DIGEST_SIZE + 2]; /* +2 byte xattr header */
int len, err, offset; int len, err, offset;
int algo = get_hash_algo(params.hash_algo); int algo = imaevm_get_hash_algo(imaevm_params.hash_algo);
if (algo < 0) { if (algo < 0) {
log_err("Unknown hash algo: %s\n", params.hash_algo); log_err("Unknown hash algo: %s\n", imaevm_params.hash_algo);
return -1; return -1;
} }
if (algo > PKEY_HASH_SHA1) { if (algo > PKEY_HASH_SHA1) {
@ -604,11 +605,11 @@ static int hash_ima(const char *file)
len += offset; len += offset;
if (params.verbose >= LOG_INFO) if (imaevm_params.verbose >= LOG_INFO)
log_info("hash(%s): ", params.hash_algo); log_info("hash(%s): ", imaevm_params.hash_algo);
if (sigdump || params.verbose >= LOG_INFO) if (sigdump || imaevm_params.verbose >= LOG_INFO)
dump(hash, len); imaevm_hexdump(hash, len);
if (xattr) { if (xattr) {
err = lsetxattr(file, xattr_ima, hash, len, 0); err = lsetxattr(file, xattr_ima, hash, len, 0);
@ -632,7 +633,7 @@ static int sign_ima(const char *file, const char *key)
return len; return len;
assert(len <= sizeof(hash)); assert(len <= sizeof(hash));
len = sign_hash(params.hash_algo, hash, len, key, NULL, sig + 1); len = sign_hash(imaevm_params.hash_algo, hash, len, key, NULL, sig + 1);
if (len <= 1) if (len <= 1)
return len; return len;
assert(len < sizeof(sig)); assert(len < sizeof(sig));
@ -641,8 +642,8 @@ static int sign_ima(const char *file, const char *key)
len++; len++;
sig[0] = EVM_IMA_XATTR_DIGSIG; sig[0] = EVM_IMA_XATTR_DIGSIG;
if (sigdump || params.verbose >= LOG_INFO) if (sigdump || imaevm_params.verbose >= LOG_INFO)
dump(sig, len); imaevm_hexdump(sig, len);
if (sigfile) if (sigfile)
bin2file(file, "sig", sig, len); bin2file(file, "sig", sig, len);
@ -722,7 +723,7 @@ static int sign_ima_file(const char *file)
{ {
const char *key; const char *key;
key = params.keyfile ? : "/etc/keys/privkey_evm.pem"; key = imaevm_params.keyfile ? : "/etc/keys/privkey_evm.pem";
return sign_ima(file, key); return sign_ima(file, key);
} }
@ -743,7 +744,7 @@ static int cmd_sign_hash(struct command *cmd)
unsigned char sig[MAX_SIGNATURE_SIZE] = "\x03"; unsigned char sig[MAX_SIGNATURE_SIZE] = "\x03";
int siglen; int siglen;
key = params.keyfile ? : "/etc/keys/privkey_evm.pem"; key = imaevm_params.keyfile ? : "/etc/keys/privkey_evm.pem";
/* support reading hash (eg. output of shasum) */ /* support reading hash (eg. output of shasum) */
while ((len = getline(&line, &line_len, stdin)) > 0) { while ((len = getline(&line, &line_len, stdin)) > 0) {
@ -757,7 +758,7 @@ static int cmd_sign_hash(struct command *cmd)
assert(hashlen / 2 <= sizeof(hash)); assert(hashlen / 2 <= sizeof(hash));
hex2bin(hash, line, hashlen / 2); hex2bin(hash, line, hashlen / 2);
siglen = sign_hash(params.hash_algo, hash, hashlen/2, siglen = sign_hash(imaevm_params.hash_algo, hash, hashlen / 2,
key, NULL, sig + 1); key, NULL, sig + 1);
if (siglen <= 1) if (siglen <= 1)
return siglen; return siglen;
@ -783,7 +784,7 @@ static int sign_evm_path(const char *file)
const char *key; const char *key;
int err; int err;
key = params.keyfile ? : "/etc/keys/privkey_evm.pem"; key = imaevm_params.keyfile ? : "/etc/keys/privkey_evm.pem";
if (digsig) { if (digsig) {
err = sign_ima(file, key); err = sign_ima(file, key);
@ -842,13 +843,13 @@ static int cmd_verify_evm(struct command *cmd)
return -1; return -1;
} }
if (params.keyfile) /* Support multiple public keys */ if (imaevm_params.keyfile) /* Support multiple public keys */
init_public_keys(params.keyfile); init_public_keys(imaevm_params.keyfile);
else /* assume read pubkey from x509 cert */ else /* assume read pubkey from x509 cert */
init_public_keys("/etc/keys/x509_evm.der"); init_public_keys("/etc/keys/x509_evm.der");
err = verify_evm(file); err = verify_evm(file);
if (!err && params.verbose >= LOG_INFO) if (!err && imaevm_params.verbose >= LOG_INFO)
log_info("%s: verification is OK\n", file); log_info("%s: verification is OK\n", file);
return err; return err;
} }
@ -888,8 +889,8 @@ static int cmd_verify_ima(struct command *cmd)
char *file = g_argv[optind++]; char *file = g_argv[optind++];
int err; int err;
if (params.keyfile) /* Support multiple public keys */ if (imaevm_params.keyfile) /* Support multiple public keys */
init_public_keys(params.keyfile); init_public_keys(imaevm_params.keyfile);
else /* assume read pubkey from x509 cert */ else /* assume read pubkey from x509 cert */
init_public_keys("/etc/keys/x509_evm.der"); init_public_keys("/etc/keys/x509_evm.der");
@ -902,7 +903,7 @@ static int cmd_verify_ima(struct command *cmd)
do { do {
err = verify_ima(file); err = verify_ima(file);
if (!err && params.verbose >= LOG_INFO) if (!err && imaevm_params.verbose >= LOG_INFO)
log_info("%s: verification is OK\n", file); log_info("%s: verification is OK\n", file);
} while ((file = g_argv[optind++])); } while ((file = g_argv[optind++]));
return err; return err;
@ -917,15 +918,15 @@ static int cmd_convert(struct command *cmd)
uint8_t keyid[8]; uint8_t keyid[8];
RSA *key; RSA *key;
params.x509 = 0; imaevm_params.x509 = 0;
inkey = g_argv[optind++]; inkey = g_argv[optind++];
if (!inkey) { if (!inkey) {
inkey = params.x509 ? "/etc/keys/x509_evm.der" : inkey = imaevm_params.x509 ? "/etc/keys/x509_evm.der" :
"/etc/keys/pubkey_evm.pem"; "/etc/keys/pubkey_evm.pem";
} }
key = read_pub_key(inkey, params.x509); key = read_pub_key(inkey, imaevm_params.x509);
if (!key) if (!key)
return 1; return 1;
@ -949,7 +950,7 @@ static int cmd_import(struct command *cmd)
inkey = g_argv[optind++]; inkey = g_argv[optind++];
if (!inkey) { if (!inkey) {
inkey = params.x509 ? "/etc/keys/x509_evm.der" : inkey = imaevm_params.x509 ? "/etc/keys/x509_evm.der" :
"/etc/keys/pubkey_evm.pem"; "/etc/keys/pubkey_evm.pem";
} else } else
ring = g_argv[optind++]; ring = g_argv[optind++];
@ -979,8 +980,8 @@ static int cmd_import(struct command *cmd)
} }
} }
if (params.x509) { if (imaevm_params.x509) {
EVP_PKEY *pkey = read_pub_pkey(inkey, params.x509); EVP_PKEY *pkey = read_pub_pkey(inkey, imaevm_params.x509);
if (!pkey) if (!pkey)
return 1; return 1;
@ -992,7 +993,7 @@ static int cmd_import(struct command *cmd)
calc_keyid_v2((uint32_t *)keyid, name, pkey); calc_keyid_v2((uint32_t *)keyid, name, pkey);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
} else { } else {
RSA *key = read_pub_key(inkey, params.x509); RSA *key = read_pub_key(inkey, imaevm_params.x509);
if (!key) if (!key)
return 1; return 1;
@ -1003,7 +1004,8 @@ static int cmd_import(struct command *cmd)
log_info("Importing public key %s from file %s into keyring %d\n", name, inkey, id); log_info("Importing public key %s from file %s into keyring %d\n", name, inkey, id);
id = add_key(params.x509 ? "asymmetric" : "user", params.x509 ? NULL : name, pub, len, id); id = add_key(imaevm_params.x509 ? "asymmetric" : "user",
imaevm_params.x509 ? NULL : name, pub, len, id);
if (id < 0) { if (id < 0) {
log_err("add_key failed\n"); log_err("add_key failed\n");
err = id; err = id;
@ -1011,7 +1013,7 @@ static int cmd_import(struct command *cmd)
log_info("keyid: %d\n", id); log_info("keyid: %d\n", id);
printf("%d\n", id); printf("%d\n", id);
} }
if (params.x509) if (imaevm_params.x509)
free(pub); free(pub);
return err; return err;
} }
@ -1123,9 +1125,10 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
goto out; goto out;
} }
md = EVP_get_digestbyname(params.hash_algo); md = EVP_get_digestbyname(imaevm_params.hash_algo);
if (!md) { if (!md) {
log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); log_err("EVP_get_digestbyname(%s) failed\n",
imaevm_params.hash_algo);
goto out; goto out;
} }
@ -1247,7 +1250,7 @@ static int cmd_hmac_evm(struct command *cmd)
return -1; return -1;
} }
key = params.keyfile ? : "/etc/keys/privkey_evm.pem"; key = imaevm_params.keyfile ? : "/etc/keys/privkey_evm.pem";
if (digsig) { if (digsig) {
err = sign_ima(file, key); err = sign_ima(file, key);
@ -1588,7 +1591,7 @@ void ima_ng_show(struct template_entry *entry)
} }
/* ascii_runtime_measurements */ /* ascii_runtime_measurements */
if (params.verbose > LOG_INFO) { if (imaevm_params.verbose > LOG_INFO) {
log_info("%d ", entry->header.pcr); log_info("%d ", entry->header.pcr);
log_dump_n(entry->header.digest, sizeof(entry->header.digest)); log_dump_n(entry->header.digest, sizeof(entry->header.digest));
log_info(" %s %s", entry->name, algo); log_info(" %s %s", entry->name, algo);
@ -1601,7 +1604,7 @@ void ima_ng_show(struct template_entry *entry)
} }
if (sig) { if (sig) {
if (params.verbose > LOG_INFO) { if (imaevm_params.verbose > LOG_INFO) {
log_info(" "); log_info(" ");
log_dump(sig, sig_len); log_dump(sig, sig_len);
} }
@ -1610,10 +1613,10 @@ void ima_ng_show(struct template_entry *entry)
digest, digest_len); digest, digest_len);
else else
err = ima_verify_signature(path, sig, sig_len, NULL, 0); err = ima_verify_signature(path, sig, sig_len, NULL, 0);
if (!err && params.verbose > LOG_INFO) if (!err && imaevm_params.verbose > LOG_INFO)
log_info("%s: verification is OK\n", path); log_info("%s: verification is OK\n", path);
} else { } else {
if (params.verbose > LOG_INFO) if (imaevm_params.verbose > LOG_INFO)
log_info("\n"); log_info("\n");
} }
@ -1648,8 +1651,8 @@ static int ima_measurement(const char *file)
return -1; return -1;
} }
if (params.keyfile) /* Support multiple public keys */ if (imaevm_params.keyfile) /* Support multiple public keys */
init_public_keys(params.keyfile); init_public_keys(imaevm_params.keyfile);
else /* assume read pubkey from x509 cert */ else /* assume read pubkey from x509 cert */
init_public_keys("/etc/keys/x509_evm.der"); init_public_keys("/etc/keys/x509_evm.der");
@ -1959,7 +1962,7 @@ int main(int argc, char *argv[])
exit(0); exit(0);
break; break;
case 'v': case 'v':
params.verbose++; imaevm_params.verbose++;
break; break;
case 'd': case 'd':
digest = 1; digest = 1;
@ -1973,13 +1976,13 @@ int main(int argc, char *argv[])
sigdump = 1; sigdump = 1;
break; break;
case 'a': case 'a':
params.hash_algo = optarg; imaevm_params.hash_algo = optarg;
break; break;
case 'p': case 'p':
if (optarg) if (optarg)
params.keypass = optarg; imaevm_params.keypass = optarg;
else else
params.keypass = get_password(); imaevm_params.keypass = get_password();
break; break;
case 'f': case 'f':
sigfile = 1; sigfile = 1;
@ -1990,10 +1993,10 @@ int main(int argc, char *argv[])
hmac_flags |= HMAC_FLAG_NO_UUID; hmac_flags |= HMAC_FLAG_NO_UUID;
break; break;
case '1': case '1':
params.x509 = 0; imaevm_params.x509 = 0;
break; break;
case 'k': case 'k':
params.keyfile = optarg; imaevm_params.keyfile = optarg;
break; break;
case 'i': case 'i':
if (evm_portable) if (evm_portable)

16
src/imaevm.h
View File

@ -50,8 +50,10 @@
#include <openssl/rsa.h> #include <openssl/rsa.h>
#ifdef USE_FPRINTF #ifdef USE_FPRINTF
#define do_log(level, fmt, args...) ({ if (level <= params.verbose) fprintf(stderr, fmt, ##args); }) #define do_log(level, fmt, args...) \
#define do_log_dump(level, p, len, cr) ({ if (level <= params.verbose) do_dump(stderr, p, len, cr); }) ({ if (level <= imaevm_params.verbose) fprintf(stderr, fmt, ##args); })
#define do_log_dump(level, p, len, cr) \
({ if (level <= imaevm_params.verbose) imaevm_do_hexdump(stderr, p, len, cr); })
#else #else
#define do_log(level, fmt, args...) syslog(level, fmt, ##args) #define do_log(level, fmt, args...) syslog(level, fmt, ##args)
#define do_log_dump(level, p, len, cr) #define do_log_dump(level, p, len, cr)
@ -188,7 +190,7 @@ struct signature_v2_hdr {
uint8_t sig[0]; /* signature payload */ uint8_t sig[0]; /* signature payload */
} __packed; } __packed;
struct libevm_params { struct libimaevm_params {
int verbose; int verbose;
int x509; int x509;
const char *hash_algo; const char *hash_algo;
@ -204,12 +206,12 @@ struct RSA_ASN1_template {
#define NUM_PCRS 20 #define NUM_PCRS 20
#define DEFAULT_PCR 10 #define DEFAULT_PCR 10
extern struct libevm_params params; extern struct libimaevm_params imaevm_params;
void do_dump(FILE *fp, const void *ptr, int len, bool cr); void imaevm_do_hexdump(FILE *fp, const void *ptr, int len, bool cr);
void dump(const void *ptr, int len); void imaevm_hexdump(const void *ptr, int len);
int ima_calc_hash(const char *file, uint8_t *hash); int ima_calc_hash(const char *file, uint8_t *hash);
int get_hash_algo(const char *algo); int imaevm_get_hash_algo(const char *algo);
RSA *read_pub_key(const char *keyfile, int x509); RSA *read_pub_key(const char *keyfile, int x509);
EVP_PKEY *read_pub_pkey(const char *keyfile, int x509); EVP_PKEY *read_pub_pkey(const char *keyfile, int x509);

44
src/libimaevm.c
View File

@ -81,7 +81,7 @@ const char *const pkey_hash_algo_kern[PKEY_HASH__LAST] = {
[PKEY_HASH_STREEBOG_512] = "streebog512", [PKEY_HASH_STREEBOG_512] = "streebog512",
}; };
struct libevm_params params = { struct libimaevm_params imaevm_params = {
.verbose = LOG_INFO - 1, .verbose = LOG_INFO - 1,
.x509 = 1, .x509 = 1,
.hash_algo = "sha1", .hash_algo = "sha1",
@ -89,7 +89,7 @@ struct libevm_params params = {
static void __attribute__ ((constructor)) libinit(void); static void __attribute__ ((constructor)) libinit(void);
void do_dump(FILE *fp, const void *ptr, int len, bool cr) void imaevm_do_hexdump(FILE *fp, const void *ptr, int len, bool cr)
{ {
int i; int i;
uint8_t *data = (uint8_t *) ptr; uint8_t *data = (uint8_t *) ptr;
@ -100,9 +100,9 @@ void do_dump(FILE *fp, const void *ptr, int len, bool cr)
fprintf(fp, "\n"); fprintf(fp, "\n");
} }
void dump(const void *ptr, int len) void imaevm_hexdump(const void *ptr, int len)
{ {
do_dump(stdout, ptr, len, true); imaevm_do_hexdump(stdout, ptr, len, true);
} }
const char *get_hash_algo_by_id(int algo) const char *get_hash_algo_by_id(int algo)
@ -258,9 +258,10 @@ int ima_calc_hash(const char *file, uint8_t *hash)
goto err; goto err;
} }
md = EVP_get_digestbyname(params.hash_algo); md = EVP_get_digestbyname(imaevm_params.hash_algo);
if (!md) { if (!md) {
log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); log_err("EVP_get_digestbyname(%s) failed\n",
imaevm_params.hash_algo);
err = 1; err = 1;
goto err; goto err;
} }
@ -500,8 +501,8 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
const EVP_MD *md; const EVP_MD *md;
const char *st; const char *st;
if (params.verbose > LOG_INFO) { if (imaevm_params.verbose > LOG_INFO) {
log_info("hash(%s): ", params.hash_algo); log_info("hash(%s): ", imaevm_params.hash_algo);
log_dump(hash, size); log_dump(hash, size);
} }
@ -521,7 +522,7 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
if (!EVP_PKEY_verify_init(ctx)) if (!EVP_PKEY_verify_init(ctx))
goto err; goto err;
st = "EVP_get_digestbyname"; st = "EVP_get_digestbyname";
if (!(md = EVP_get_digestbyname(params.hash_algo))) if (!(md = EVP_get_digestbyname(imaevm_params.hash_algo)))
goto err; goto err;
st = "EVP_PKEY_CTX_set_signature_md"; st = "EVP_PKEY_CTX_set_signature_md";
if (!EVP_PKEY_CTX_set_signature_md(ctx, md)) if (!EVP_PKEY_CTX_set_signature_md(ctx, md))
@ -550,7 +551,7 @@ err:
return ret; return ret;
} }
int get_hash_algo(const char *algo) int imaevm_get_hash_algo(const char *algo)
{ {
int i; int i;
@ -609,7 +610,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
const char *key = NULL; const char *key = NULL;
/* Read pubkey from RSA key */ /* Read pubkey from RSA key */
if (!params.keyfile) if (!imaevm_params.keyfile)
key = "/etc/keys/pubkey_evm.pem"; key = "/etc/keys/pubkey_evm.pem";
return verify_hash_v1(file, hash, size, sig, siglen, key); return verify_hash_v1(file, hash, size, sig, siglen, key);
} else if (sig[0] == DIGSIG_VERSION_2) { } else if (sig[0] == DIGSIG_VERSION_2) {
@ -635,7 +636,7 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
return -1; return -1;
} }
/* Use hash algorithm as retrieved from signature */ /* Use hash algorithm as retrieved from signature */
params.hash_algo = get_hash_algo_by_id(sig_hash_algo); imaevm_params.hash_algo = get_hash_algo_by_id(sig_hash_algo);
/* /*
* Validate the signature based on the digest included in the * Validate the signature based on the digest included in the
@ -707,7 +708,7 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len
id = __be64_to_cpup((__be64 *) keyid); id = __be64_to_cpup((__be64 *) keyid);
sprintf(str, "%llX", (unsigned long long)id); sprintf(str, "%llX", (unsigned long long)id);
if (params.verbose > LOG_INFO) if (imaevm_params.verbose > LOG_INFO)
log_info("keyid-v1: %s\n", str); log_info("keyid-v1: %s\n", str);
} }
@ -735,7 +736,7 @@ void calc_keyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey)
log_debug_dump(keyid, 4); log_debug_dump(keyid, 4);
sprintf(str, "%x", __be32_to_cpup(keyid)); sprintf(str, "%x", __be32_to_cpup(keyid));
if (params.verbose > LOG_INFO) if (imaevm_params.verbose > LOG_INFO)
log_info("keyid: %s\n", str); log_info("keyid: %s\n", str);
X509_PUBKEY_free(pk); X509_PUBKEY_free(pk);
@ -825,7 +826,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
log_info("hash(%s): ", hashalgo); log_info("hash(%s): ", hashalgo);
log_dump(hash, size); log_dump(hash, size);
key = read_priv_key(keyfile, params.keypass); key = read_priv_key(keyfile, imaevm_params.keypass);
if (!key) if (!key)
return -1; return -1;
@ -908,17 +909,17 @@ int sign_hash_v2(const char *algo, const unsigned char *hash, int size, const ch
return -1; return -1;
} }
log_info("hash(%s): ", params.hash_algo); log_info("hash(%s): ", imaevm_params.hash_algo);
log_dump(hash, size); log_dump(hash, size);
pkey = read_priv_pkey(keyfile, params.keypass); pkey = read_priv_pkey(keyfile, imaevm_params.keypass);
if (!pkey) if (!pkey)
return -1; return -1;
hdr = (struct signature_v2_hdr *)sig; hdr = (struct signature_v2_hdr *)sig;
hdr->version = (uint8_t) DIGSIG_VERSION_2; hdr->version = (uint8_t) DIGSIG_VERSION_2;
hdr->hash_algo = get_hash_algo(algo); hdr->hash_algo = imaevm_get_hash_algo(algo);
if (hdr->hash_algo == -1) { if (hdr->hash_algo == -1) {
log_err("sign_hash_v2: hash algo is unknown: %s\n", algo); log_err("sign_hash_v2: hash algo is unknown: %s\n", algo);
return -1; return -1;
@ -934,7 +935,7 @@ int sign_hash_v2(const char *algo, const unsigned char *hash, int size, const ch
if (!EVP_PKEY_sign_init(ctx)) if (!EVP_PKEY_sign_init(ctx))
goto err; goto err;
st = "EVP_get_digestbyname"; st = "EVP_get_digestbyname";
if (!(md = EVP_get_digestbyname(params.hash_algo))) if (!(md = EVP_get_digestbyname(imaevm_params.hash_algo)))
goto err; goto err;
st = "EVP_PKEY_CTX_set_signature_md"; st = "EVP_PKEY_CTX_set_signature_md";
if (!EVP_PKEY_CTX_set_signature_md(ctx, md)) if (!EVP_PKEY_CTX_set_signature_md(ctx, md))
@ -965,9 +966,10 @@ err:
int sign_hash(const char *hashalgo, const unsigned char *hash, int size, const char *keyfile, const char *keypass, unsigned char *sig) int sign_hash(const char *hashalgo, const unsigned char *hash, int size, const char *keyfile, const char *keypass, unsigned char *sig)
{ {
if (keypass) if (keypass)
params.keypass = keypass; imaevm_params.keypass = keypass;
return params.x509 ? sign_hash_v2(hashalgo, hash, size, keyfile, sig) : return imaevm_params.x509 ?
sign_hash_v2(hashalgo, hash, size, keyfile, sig) :
sign_hash_v1(hashalgo, hash, size, keyfile, sig); sign_hash_v1(hashalgo, hash, size, keyfile, sig);
} }