dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-27 22:32:31 +02:00
Code Releases Activity

ima-evm-utils: Fix ima_verify for v1 signatures

Browse Source 
Use user supplied key in verify_hash for DIGSIG_VERSION_1.
Otherwise v1 signatures don't pass verification.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov 2019-07-27 01:23:09 +03:00 committed by Mimi Zohar
parent e1bd9c9887
commit d8e7d63feb
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libimaevm.c
View File

@ -612,6 +612,8 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
/* Read pubkey from RSA key */
if (!imaevm_params.keyfile)
key = "/etc/keys/pubkey_evm.pem";
else
key = imaevm_params.keyfile;
return verify_hash_v1(file, hash, size, sig, siglen, key);
} else if (sig[0] == DIGSIG_VERSION_2) {
return verify_hash_v2(file, hash, size, sig, siglen);