ima-evm-utils: Release version 1.2.1

This release contains a few bug fixes:
autoconf, keys for v1 signature verification, return code error, and
openssl version.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

.gitignore

@@ -45,6 +45,7 @@ cscope.*
 ncscope.*
 
 # Generated documentation
+*.1
 *.8
 *.5
 manpage.links

ChangeLog

@@ -1,3 +1,51 @@
+
+2019-07-24  Mimi Zohar <zohar@linux.ibm.com>
+
+	version 1.2 new features:
+	* Generate EVM signatures based on the specified hash algorithm
+	* include "security.apparmor" in EVM signature
+	* Add support for writing & verifying "user.xxxx" xattrs for testing
+	* Support Strebog/Gost hash functions
+	* Add OpenSSL engine support
+	* Use of EVP_PKEY OpenSSL API to generate/verify v2 signatures
+	* Support verifying multiple signatures at once
+	* Support new template "buf" field and warn about other unknown fields
+	* Improve OpenSSL error reporting
+	* Support reading TPM 2.0 PCRs using tsspcrread
+
+	Bug fixes and code cleanup:
+	* Update manpage stylesheet detection
+	* Fix xattr.h include file
+	* On error when reading TPM PCRs, don't log gargabe
+	* Properly return keyid string to calc_keyid_v1/v2 callers, caused by
+	  limiting keyid output to verbose mode
+	* Fix hash buffer overflow caused by EVM support for larger hashes,
+	  defined MAX_DIGEST_SIZE and MAX_SIGNATURE_SIZE, and added "asserts".
+	* Linked with libcrypto instead of OpenSSL
+	* Updated Autotools, replacing INCLUDES with AM_CPPFLAGS
+	* Include new "hash-info.gen" in tar
+	* Log the hash algorithm, not just the hash value
+	* Fixed memory leaks in: EV_MD_CTX, init_public_keys
+	* Fixed other warnings/bugs discovered by clang, coverity
+	* Remove indirect calls in verify_hash() to improve code readability
+	* Don't fallback to using sha1
+	* Namespace some too generic object names
+	* Make functions/arrays static if possible
+
+
+2018-01-28  Mimi Zohar <zohar@us.ibm.com>
+
+	version 1.1
+	* Support the new openssl 1.1 api
+	* Support for validating multiple pcrs
+	* Verify the measurement list signature based on the list digest
+	* Verify the "ima-sig" measurement list using multiple keys
+	* Fixed parsing the measurement template data field length
+	* Portable & immutable EVM signatures (new format)
+	* Multiple fixes that have been lingering in the next branch. Some
+	  are for experimental features that are not yet supported in the
+	  kernel.
+
 2014-07-30  Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
 
 	version 1.0

Makefile.am

@@ -23,9 +23,6 @@ rpm: $(tarname)
 	cp $(tarname) $(SRCS)/
 	rpmbuild -ba --nodeps $(SPEC)
 
-# requires asciidoc, xslproc, docbook-xsl
-MANPAGE_DOCBOOK_XSL = /usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl
-
 evmctl.1.html: README
 	@asciidoc -o $@ $<
 

README

@@ -26,12 +26,12 @@ COMMANDS
  --version
  help <command>
  import [--rsa] pubkey keyring
- sign [-r] [--imahash | --imasig ] [--key key] [--pass password] file
+ sign [-r] [--imahash | --imasig ] [--portable] [--key key] [--pass password] file
  verify file
  ima_sign [--sigfile] [--key key] [--pass password] file
  ima_verify file
  ima_hash file
- ima_measurement file
+ ima_measurement [--key "key1, key2, ..."] [--list] file
  ima_fix [-t fdsxm] path
  sign_hash [--key key] [--pass password]
  hmac [--imahash | --imasig ] file
@@ -44,8 +44,10 @@ OPTIONS
   -s, --imasig       make IMA signature
   -d, --imahash      make IMA hash
   -f, --sigfile      store IMA signature in .sig file instead of xattr
+      --xattr-user   store xattrs in user namespace (for testing purposes)
       --rsa          use RSA key type and signing scheme v1
   -k, --key          path to signing key (default: /etc/keys/{privkey,pubkey}_evm.pem)
+  -o, --portable     generate portable EVM signatures
   -p, --pass         password for encrypted signing key
   -r, --recursive    recurse into directories (sign)
   -t, --type         file types to fix 'fdsxm' (f: file, d: directory, s: block/char/symlink)
@@ -56,6 +58,7 @@ OPTIONS
       --smack        use extra SMACK xattrs for EVM
       --m32          force EVM hmac/signature for 32 bit target system
       --m64          force EVM hmac/signature for 64 bit target system
+      --engine e     preload OpenSSL engine e (such as: gost)
   -v                 increase verbosity level
   -h, --help         display this help and exit
 
@@ -95,7 +98,8 @@ Kernel configuration option CONFIG_EVM_ATTR_FSUUID controls whether to include
 filesystem UUID into HMAC and enabled by default. Therefore evmctl also includes
 fsuuid by default. Providing '--uuid' option without parameter allows to disable
 usage of fs uuid. Providing '--uuid=UUID' option with parameter allows to use
-custom UUID.
+custom UUID. Providing the '--portable' option will disable usage of the fs uuid
+and also the inode number and generation.
 
 Kernel configuration option CONFIG_EVM_EXTRA_SMACK_XATTRS controls whether to
 include additional SMACK extended attributes into HMAC. They are following:
@@ -142,7 +146,7 @@ EVM encrypted key is used for EVM HMAC calculation:
     keyctl pipe `keyctl search @u user kmk` > /etc/keys/kmk
 
     # create the EVM encrypted key
-    keyctl add encrypted evm-key "new user:kmk 32" @u
+    keyctl add encrypted evm-key "new user:kmk 64" @u
     keyctl pipe `keyctl search @u encrypted evm-key` >/etc/keys/evm-key
 
 

build-static.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+gcc -static -o evmctl.static -include config.h src/evmctl.c src/libimaevm.c -lcrypto -lkeyutils -ldl
+

configure.ac

@@ -1,12 +1,13 @@
 # autoconf script
 
 AC_PREREQ([2.65])
-AC_INIT(ima-evm-utils, 1.0, dmitry.kasatkin@huawei.com)
+AC_INIT(ima-evm-utils, 1.2.1, zohar@linux.ibm.com)
 AM_INIT_AUTOMAKE
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])
- 
+
 AC_CANONICAL_HOST
+AC_USE_SYSTEM_EXTENSIONS
 
 # Checks for programs.
 AC_PROG_CC
@@ -24,15 +25,30 @@ LT_INIT
 # Checks for header files.
 AC_HEADER_STDC
 
-PKG_CHECK_MODULES(OPENSSL, [ openssl >= 0.9.8 ])
-AC_SUBST(OPENSSL_CFLAGS)
-AC_SUBST(OPENSSL_LIBS)
+PKG_CHECK_MODULES(LIBCRYPTO, [libcrypto >= 0.9.8 ])
+AC_SUBST(KERNEL_HEADERS)
 AC_CHECK_HEADER(unistd.h)
 AC_CHECK_HEADERS(openssl/conf.h)
 
-AC_CHECK_HEADERS(attr/xattr.h, , [AC_MSG_ERROR([attr/xattr.h header not found. You need the libattr development package.])])
+AC_CHECK_PROG(TSSPCRREAD, [tsspcrread], yes, no)
+if test "x$TSSPCRREAD" = "xyes"; then
+	AC_DEFINE(HAVE_TSSPCRREAD, 1, [Define to 1 if you have tsspcrread binary installed])
+fi
+
+AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])])
 AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You need the libkeyutils development package.])])
 
+AC_ARG_WITH(kernel_headers, [AS_HELP_STRING([--with-kernel-headers=PATH],
+	    [specifies the Linux kernel-headers package location or kernel root directory you want to use])],
+	    [KERNEL_HEADERS="$withval"],
+	    [KERNEL_HEADERS=/lib/modules/$(uname -r)/source])
+
+AC_ARG_ENABLE([openssl_conf],
+	      [AS_HELP_STRING([--disable-openssl-conf], [disable loading of openssl config by evmctl])],
+	      [if test "$enable_openssl_conf" = "no"; then
+		AC_DEFINE(DISABLE_OPENSSL_CONF, 1, [Define to disable loading of openssl config by evmctl.])
+	      fi], [enable_openssl_conf=yes])
+
 #debug support - yes for a while
 PKG_ARG_ENABLE(debug, "yes", DEBUG, [Enable Debug support])
 if test $pkg_cv_enable_debug = yes; then
@@ -41,6 +57,8 @@ else
 	CFLAGS="$CFLAGS -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer"
 fi
 
+EVMCTL_MANPAGE_DOCBOOK_XSL
+
 # for gcov
 #CFLAGS="$CFLAGS -Wall -fprofile-arcs -ftest-coverage"
 #CXXFLAGS="$CXXFLAGS -Wall -fprofile-arcs -ftest-coverage"
@@ -56,7 +74,8 @@ AC_OUTPUT
 # Give some feedback
 echo
 echo
-echo	"Configuration:"		
-echo	"	debug:	$pkg_cv_enable_debug"
+echo	"Configuration:"
+echo	"          debug: $pkg_cv_enable_debug"
+echo	"   openssl-conf: $enable_openssl_conf"
+echo	"     tsspcrread: $TSSPCRREAD"
 echo
-

m4/manpage-docbook-xsl.m4

@@ -0,0 +1,28 @@
+dnl Copyright (c) 2018 Petr Vorel <pvorel@suse.cz>
+dnl Find docbook manpage stylesheet
+
+AC_DEFUN([EVMCTL_MANPAGE_DOCBOOK_XSL], [
+	AC_PATH_PROGS(XMLCATALOG, xmlcatalog)
+	AC_ARG_WITH([xml-catalog],
+		AC_HELP_STRING([--with-xml-catalog=CATALOG],
+				[path to xml catalog to use]),,
+				[with_xml_catalog=/etc/xml/catalog])
+	XML_CATALOG_FILE="$with_xml_catalog"
+	AC_SUBST([XML_CATALOG_FILE])
+	AC_MSG_CHECKING([for XML catalog ($XML_CATALOG_FILE)])
+	if test -f "$XML_CATALOG_FILE"; then
+		have_xmlcatalog_file=yes
+		AC_MSG_RESULT([found])
+	else
+		AC_MSG_RESULT([not found])
+	fi
+	if test "x${XMLCATALOG}" != "x" -a "x$have_xmlcatalog_file" = "xyes"; then
+		DOCBOOK_XSL_URI="http://docbook.sourceforge.net/release/xsl/current"
+		DOCBOOK_XSL_PATH="manpages/docbook.xsl"
+		MANPAGE_DOCBOOK_XSL=$(${XMLCATALOG} ${XML_CATALOG_FILE} ${DOCBOOK_XSL_URI}/${DOCBOOK_XSL_PATH} | sed -n 's|^file:/\+|/|p;q')
+	fi
+	if test "x${MANPAGE_DOCBOOK_XSL}" = "x"; then
+		MANPAGE_DOCBOOK_XSL="/usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl"
+	fi
+	AC_SUBST(MANPAGE_DOCBOOK_XSL)
+])

packaging/ima-evm-utils.spec

@@ -1,5 +1,5 @@
 Name:		ima-evm-utils
-Version:	1.0
+Version:	1.2.1
 Release:	1%{?dist}
 Summary:	ima-evm-utils - IMA/EVM control utility
 Group:		System/Libraries
@@ -11,7 +11,6 @@ BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires:    autoconf
 BuildRequires:    automake
 BuildRequires:    openssl-devel
-BuildRequires:    libattr-devel
 BuildRequires:    keyutils-libs-devel
 
 %description

packaging/ima-evm-utils.spec.in

@@ -11,7 +11,6 @@ BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires:    autoconf
 BuildRequires:    automake
 BuildRequires:    openssl-devel
-BuildRequires:    libattr-devel
 BuildRequires:    keyutils-libs-devel
 
 %description

src/.gitignore

@@ -0,0 +1 @@
+hash_info.h

src/Makefile.am

@@ -1,22 +1,28 @@
 lib_LTLIBRARIES = libimaevm.la
 
 libimaevm_la_SOURCES = libimaevm.c
-libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS)
+libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
 # current[:revision[:age]]
 # result: [current-age].age.revision
-libimaevm_la_LDFLAGS = -version-info 0:0:0
-libimaevm_la_LIBADD =  $(OPENSSL_LIBS)
+libimaevm_la_LDFLAGS = -version-info 1:0:0
+libimaevm_la_LIBADD =  $(LIBCRYPTO_LIBS)
 
 include_HEADERS = imaevm.h
 
+nodist_libimaevm_la_SOURCES = hash_info.h
+BUILT_SOURCES = hash_info.h
+EXTRA_DIST = hash_info.gen
+hash_info.h: Makefile
+	$(srcdir)/hash_info.gen $(KERNEL_HEADERS) >$@
+
 bin_PROGRAMS = evmctl
 
 evmctl_SOURCES = evmctl.c
-evmctl_CPPFLAGS = $(OPENSSL_CFLAGS)
+evmctl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
 evmctl_LDFLAGS = $(LDFLAGS_READLINE)
-evmctl_LDADD =  $(OPENSSL_LIBS) -lkeyutils libimaevm.la
+evmctl_LDADD =  $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la
 
-INCLUDES = -I$(top_srcdir) -include config.h
+AM_CPPFLAGS = -I$(top_srcdir) -include config.h
 
+CLEANFILES = hash_info.h
 DISTCLEANFILES = @DISTCLEANFILES@
-

src/hash_info.gen

@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# Generate hash_info.h from kernel headers
+#
+# Copyright (C) 2018 <vt@altlinux.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+KERNEL_HEADERS=$1
+HASH_INFO_H=uapi/linux/hash_info.h
+HASH_INFO=$KERNEL_HEADERS/include/$HASH_INFO_H
+
+# Allow to specify kernel-headers past include/
+if [ ! -e $HASH_INFO ]; then
+  HASH_INFO2=$KERNEL_HEADERS/$HASH_INFO_H
+  if [ -e $HASH_INFO2 ]; then
+    HASH_INFO=$HASH_INFO2
+  fi
+fi
+
+if [ ! -e $HASH_INFO ]; then
+  echo "/* $HASH_INFO is not found */"
+  HASH_INFO=/dev/null
+else
+  echo "/* $HASH_INFO is found */"
+fi
+
+echo "enum hash_algo {"
+grep HASH_ALGO_.*, $HASH_INFO
+printf "\tHASH_ALGO__LAST\n"
+echo "};"
+
+echo "const char *const hash_algo_name[HASH_ALGO__LAST] = {"
+sed -n 's/HASH_ALGO_\(.*\),/\1 \L\1\E/p' $HASH_INFO | \
+  while read a b; do
+    # Normalize text hash name: if it contains underscore between
+    # digits replace it with a dash, other underscores are removed.
+    b=$(echo "$b" | sed "s/\([0-9]\)_\([0-9]\)/\1-\2/g;s/_//g")
+    printf '\t%-26s = "%s",\n' "[HASH_ALGO_$a]" "$b"
+  done
+echo "};"

src/imaevm.h

@@ -50,8 +50,10 @@
 #include <openssl/rsa.h>
 
 #ifdef USE_FPRINTF
-#define do_log(level, fmt, args...)	({ if (level <= params.verbose) fprintf(stderr, fmt, ##args); })
-#define do_log_dump(level, p, len, cr)	({ if (level <= params.verbose) do_dump(stderr, p, len, cr); })
+#define do_log(level, fmt, args...)	\
+	({ if (level <= imaevm_params.verbose) fprintf(stderr, fmt, ##args); })
+#define do_log_dump(level, p, len, cr)	\
+	({ if (level <= imaevm_params.verbose) imaevm_do_hexdump(stderr, p, len, cr); })
 #else
 #define do_log(level, fmt, args...)	syslog(level, fmt, ##args)
 #define do_log_dump(level, p, len, cr)
@@ -75,6 +77,9 @@
 #define	DATA_SIZE	4096
 #define SHA1_HASH_LEN   20
 
+#define MAX_DIGEST_SIZE		64
+#define MAX_SIGNATURE_SIZE	1024
+
 #define __packed __attribute__((packed))
 
 enum evm_ima_xattr_type {
@@ -82,6 +87,7 @@ enum evm_ima_xattr_type {
 	EVM_XATTR_HMAC,
 	EVM_IMA_XATTR_DIGSIG,
 	IMA_XATTR_DIGEST_NG,
+	EVM_XATTR_PORTABLE_DIGSIG,
 };
 
 struct h_misc {
@@ -148,6 +154,7 @@ struct signature_hdr {
 	char mpi[0];
 } __packed;
 
+/* reflect enum hash_algo from include/uapi/linux/hash_info.h */
 enum pkey_hash_algo {
 	PKEY_HASH_MD4,
 	PKEY_HASH_MD5,
@@ -157,6 +164,18 @@ enum pkey_hash_algo {
 	PKEY_HASH_SHA384,
 	PKEY_HASH_SHA512,
 	PKEY_HASH_SHA224,
+	PKEY_HASH_RIPE_MD_128,
+	PKEY_HASH_RIPE_MD_256,
+	PKEY_HASH_RIPE_MD_320,
+	PKEY_HASH_WP_256,
+	PKEY_HASH_WP_384,
+	PKEY_HASH_WP_512,
+	PKEY_HASH_TGR_128,
+	PKEY_HASH_TGR_160,
+	PKEY_HASH_TGR_192,
+	PKEY_HASH_SM3_256,
+	PKEY_HASH_STREEBOG_256,
+	PKEY_HASH_STREEBOG_512,
 	PKEY_HASH__LAST
 };
 
@@ -171,10 +190,7 @@ struct signature_v2_hdr {
 	uint8_t sig[0];		/* signature payload */
 } __packed;
 
-
-typedef int (*verify_hash_fn_t)(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile);
-
-struct libevm_params {
+struct libimaevm_params {
 	int verbose;
 	int x509;
 	const char *hash_algo;
@@ -187,22 +203,25 @@ struct RSA_ASN1_template {
 	size_t size;
 };
 
-extern const struct RSA_ASN1_template RSA_ASN1_templates[PKEY_HASH__LAST];
-extern struct libevm_params params;
+#define	NUM_PCRS 20
+#define DEFAULT_PCR 10
 
-void do_dump(FILE *fp, const void *ptr, int len, bool cr);
-void dump(const void *ptr, int len);
-int get_filesize(const char *filename);
+extern struct libimaevm_params imaevm_params;
+
+void imaevm_do_hexdump(FILE *fp, const void *ptr, int len, bool cr);
+void imaevm_hexdump(const void *ptr, int len);
 int ima_calc_hash(const char *file, uint8_t *hash);
-int get_hash_algo(const char *algo);
+int imaevm_get_hash_algo(const char *algo);
 RSA *read_pub_key(const char *keyfile, int x509);
+EVP_PKEY *read_pub_pkey(const char *keyfile, int x509);
 
 void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len);
-void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key);
+void calc_keyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey);
 int key2bin(RSA *key, unsigned char *pub);
 
 int sign_hash(const char *algo, const unsigned char *hash, int size, const char *keyfile, const char *keypass, unsigned char *sig);
-int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen);
-int ima_verify_signature(const char *file, unsigned char *sig, int siglen);
+int verify_hash(const char *file, const unsigned char *hash, int size, unsigned char *sig, int siglen);
+int ima_verify_signature(const char *file, unsigned char *sig, int siglen, unsigned char *digest, int digestlen);
+void init_public_keys(const char *keyfiles);
 
 #endif

src/libimaevm.c

@@ -49,15 +49,20 @@
 #include <dirent.h>
 #include <string.h>
 #include <stdio.h>
+#include <assert.h>
+#include <ctype.h>
 
+#include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/err.h>
 
 #include "imaevm.h"
+#include "hash_info.h"
 
-const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
+/* Names that are primary for OpenSSL. */
+static const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
 	[PKEY_HASH_MD4]		= "md4",
 	[PKEY_HASH_MD5]		= "md5",
 	[PKEY_HASH_SHA1]	= "sha1",
@@ -66,66 +71,17 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
 	[PKEY_HASH_SHA384]	= "sha384",
 	[PKEY_HASH_SHA512]	= "sha512",
 	[PKEY_HASH_SHA224]	= "sha224",
+	[PKEY_HASH_STREEBOG_256] = "md_gost12_256",
+	[PKEY_HASH_STREEBOG_512] = "md_gost12_512",
 };
 
-/*
- * Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2].
- */
-static const uint8_t RSA_digest_info_MD5[] = {
-	0x30, 0x20, 0x30, 0x0C, 0x06, 0x08,
-	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* OID */
-	0x05, 0x00, 0x04, 0x10
+/* Names that are primary for the kernel. */
+static const char *const pkey_hash_algo_kern[PKEY_HASH__LAST] = {
+	[PKEY_HASH_STREEBOG_256] = "streebog256",
+	[PKEY_HASH_STREEBOG_512] = "streebog512",
 };
 
-static const uint8_t RSA_digest_info_SHA1[] = {
-	0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
-	0x2B, 0x0E, 0x03, 0x02, 0x1A,
-	0x05, 0x00, 0x04, 0x14
-};
-
-static const uint8_t RSA_digest_info_RIPE_MD_160[] = {
-	0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
-	0x2B, 0x24, 0x03, 0x02, 0x01,
-	0x05, 0x00, 0x04, 0x14
-};
-
-static const uint8_t RSA_digest_info_SHA224[] = {
-	0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
-	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
-	0x05, 0x00, 0x04, 0x1C
-};
-
-static const uint8_t RSA_digest_info_SHA256[] = {
-	0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
-	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
-	0x05, 0x00, 0x04, 0x20
-};
-
-static const uint8_t RSA_digest_info_SHA384[] = {
-	0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
-	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
-	0x05, 0x00, 0x04, 0x30
-};
-
-static const uint8_t RSA_digest_info_SHA512[] = {
-	0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
-	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
-	0x05, 0x00, 0x04, 0x40
-};
-
-const struct RSA_ASN1_template RSA_ASN1_templates[PKEY_HASH__LAST] = {
-#define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) }
-	[PKEY_HASH_MD5]		= _(MD5),
-	[PKEY_HASH_SHA1]	= _(SHA1),
-	[PKEY_HASH_RIPE_MD_160]	= _(RIPE_MD_160),
-	[PKEY_HASH_SHA256]	= _(SHA256),
-	[PKEY_HASH_SHA384]	= _(SHA384),
-	[PKEY_HASH_SHA512]	= _(SHA512),
-	[PKEY_HASH_SHA224]	= _(SHA224),
-#undef _
-};
-
-struct libevm_params params = {
+struct libimaevm_params imaevm_params = {
 	.verbose = LOG_INFO - 1,
 	.x509 = 1,
 	.hash_algo = "sha1",
@@ -133,7 +89,7 @@ struct libevm_params params = {
 
 static void __attribute__ ((constructor)) libinit(void);
 
-void do_dump(FILE *fp, const void *ptr, int len, bool cr)
+void imaevm_do_hexdump(FILE *fp, const void *ptr, int len, bool cr)
 {
 	int i;
 	uint8_t *data = (uint8_t *) ptr;
@@ -144,25 +100,32 @@ void do_dump(FILE *fp, const void *ptr, int len, bool cr)
 		fprintf(fp, "\n");
 }
 
-void dump(const void *ptr, int len)
+void imaevm_hexdump(const void *ptr, int len)
 {
-	do_dump(stdout, ptr, len, true);
+	imaevm_do_hexdump(stdout, ptr, len, true);
 }
 
-int get_filesize(const char *filename)
+static const char *get_hash_algo_by_id(int algo)
 {
-	struct stat stats;
-	/*  Need to know the file length */
-	stat(filename, &stats);
-	return (int)stats.st_size;
+	if (algo < PKEY_HASH__LAST)
+		return pkey_hash_algo[algo];
+	if (algo < HASH_ALGO__LAST)
+		return hash_algo_name[algo];
+
+	log_err("digest %d not found\n", algo);
+	return "unknown";
 }
 
-static inline off_t get_fdsize(int fd)
+/* Output all remaining openssl error messages. */
+static void output_openssl_errors(void)
 {
-	struct stat stats;
-	/*  Need to know the file length */
-	fstat(fd, &stats);
-	return stats.st_size;
+	while (ERR_peek_error()) {
+		char buf[256];
+		/* buf must be at least 256 bytes long according to man */
+
+		ERR_error_string(ERR_get_error(), buf);
+		log_err("openssl: %s\n", buf);
+	}
 }
 
 static int add_file_hash(const char *file, EVP_MD_CTX *ctx)
@@ -171,6 +134,7 @@ static int add_file_hash(const char *file, EVP_MD_CTX *ctx)
 	int err = -1, bs = DATA_SIZE;
 	off_t size, len;
 	FILE *fp;
+	struct stat stats;
 
 	fp = fopen(file, "r");
 	if (!fp) {
@@ -184,7 +148,12 @@ static int add_file_hash(const char *file, EVP_MD_CTX *ctx)
 		goto out;
 	}
 
-	for (size = get_fdsize(fileno(fp)); size; size -= len) {
+	if (fstat(fileno(fp), &stats) == -1) {
+		log_err("Failed to fstat: %s (%s)\n", file, strerror(errno));
+		goto out;
+	}
+
+	for (size = stats.st_size; size; size -= len) {
 		len = MIN(size, bs);
 		if (!fread(data, len, 1, fp)) {
 			if (ferror(fp)) {
@@ -214,6 +183,7 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
 	DIR *dir;
 	unsigned long long ino, off;
 	unsigned int type;
+	int result = 0;
 
 	dir = opendir(file);
 	if (!dir) {
@@ -233,13 +203,15 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
 		err |= EVP_DigestUpdate(ctx, &type, sizeof(type));
 		if (!err) {
 			log_err("EVP_DigestUpdate() failed\n");
-			return 1;
+			output_openssl_errors();
+			result = 1;
+			break;
 		}
 	}
 
 	closedir(dir);
 
-	return 0;
+	return result;
 }
 
 static int add_link_hash(const char *path, EVP_MD_CTX *ctx)
@@ -269,67 +241,85 @@ int ima_calc_hash(const char *file, uint8_t *hash)
 {
 	const EVP_MD *md;
 	struct stat st;
-	EVP_MD_CTX ctx;
+	EVP_MD_CTX *pctx;
 	unsigned int mdlen;
 	int err;
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+	EVP_MD_CTX ctx;
+	pctx = &ctx;
+#else
+	pctx = EVP_MD_CTX_new();
+#endif
 
 	/*  Need to know the file length */
 	err = lstat(file, &st);
 	if (err < 0) {
 		log_err("Failed to stat: %s\n", file);
-		return err;
+		goto err;
 	}
 
-	md = EVP_get_digestbyname(params.hash_algo);
+	md = EVP_get_digestbyname(imaevm_params.hash_algo);
 	if (!md) {
-		log_err("EVP_get_digestbyname() failed\n");
-		return 1;
+		log_err("EVP_get_digestbyname(%s) failed\n",
+			imaevm_params.hash_algo);
+		err = 1;
+		goto err;
 	}
 
-	err = EVP_DigestInit(&ctx, md);
+	err = EVP_DigestInit(pctx, md);
 	if (!err) {
 		log_err("EVP_DigestInit() failed\n");
-		return 1;
+		err = 1;
+		goto err;
 	}
 
 	switch (st.st_mode & S_IFMT) {
 	case S_IFREG:
-		err = add_file_hash(file, &ctx);
+		err = add_file_hash(file, pctx);
 		break;
 	case S_IFDIR:
-		err = add_dir_hash(file, &ctx);
+		err = add_dir_hash(file, pctx);
 		break;
 	case S_IFLNK:
-		err = add_link_hash(file, &ctx);
+		err = add_link_hash(file, pctx);
 		break;
 	case S_IFIFO: case S_IFSOCK:
 	case S_IFCHR: case S_IFBLK:
-		err = add_dev_hash(&st, &ctx);
+		err = add_dev_hash(&st, pctx);
 		break;
 	default:
 		log_errno("Unsupported file type");
-		return -1;
+		err = -1;
+		goto err;
 	}
 
 	if (err)
-		return err;
+		goto err;
 
-	err = EVP_DigestFinal(&ctx, hash, &mdlen);
+	err = EVP_DigestFinal(pctx, hash, &mdlen);
 	if (!err) {
 		log_err("EVP_DigestFinal() failed\n");
-		return 1;
+		err = 1;
+		goto err;
 	}
-
-	return mdlen;
+	err = mdlen;
+err:
+	if (err == 1)
+		output_openssl_errors();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+	EVP_MD_CTX_free(pctx);
+#endif
+	return err;
 }
 
-RSA *read_pub_key(const char *keyfile, int x509)
+EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
 {
 	FILE *fp;
-	RSA *key = NULL;
-	X509 *crt = NULL;
 	EVP_PKEY *pkey = NULL;
 
+	if (!keyfile)
+		return NULL;
+
 	fp = fopen(keyfile, "r");
 	if (!fp) {
 		log_err("Failed to open keyfile: %s\n", keyfile);
@@ -337,34 +327,54 @@ RSA *read_pub_key(const char *keyfile, int x509)
 	}
 
 	if (x509) {
-		crt = d2i_X509_fp(fp, NULL);
+		X509 *crt = d2i_X509_fp(fp, NULL);
+
 		if (!crt) {
-			log_err("d2i_X509_fp() failed\n");
+			log_err("Failed to d2i_X509_fp key file: %s\n",
+				keyfile);
 			goto out;
 		}
 		pkey = X509_extract_key(crt);
+		X509_free(crt);
 		if (!pkey) {
-			log_err("X509_extract_key() failed\n");
+			log_err("Failed to X509_extract_key key file: %s\n",
+				keyfile);
 			goto out;
 		}
-		key = EVP_PKEY_get1_RSA(pkey);
 	} else {
-		key = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL);
+		pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
+		if (!pkey)
+			log_err("Failed to PEM_read_PUBKEY key file: %s\n",
+				keyfile);
 	}
 
-	if (!key)
-		log_err("PEM_read_RSA_PUBKEY() failed\n");
-
 out:
-	if (pkey)
-		EVP_PKEY_free(pkey);
-	if (crt)
-		X509_free(crt);
+	if (!pkey)
+		output_openssl_errors();
 	fclose(fp);
+	return pkey;
+}
+
+RSA *read_pub_key(const char *keyfile, int x509)
+{
+	EVP_PKEY *pkey;
+	RSA *key;
+
+	pkey = read_pub_pkey(keyfile, x509);
+	if (!pkey)
+		return NULL;
+	key = EVP_PKEY_get1_RSA(pkey);
+	EVP_PKEY_free(pkey);
+	if (!key) {
+		log_err("read_pub_key: unsupported key type\n");
+		output_openssl_errors();
+		return NULL;
+	}
 	return key;
 }
 
-int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile)
+static int verify_hash_v1(const char *file, const unsigned char *hash, int size,
+			  unsigned char *sig, int siglen, const char *keyfile)
 {
 	int err, len;
 	SHA_CTX ctx;
@@ -373,7 +383,7 @@ int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int
 	unsigned char sighash[20];
 	struct signature_hdr *hdr = (struct signature_hdr *)sig;
 
-	log_info("hash: ");
+	log_info("hash-v1: ");
 	log_dump(hash, size);
 
 	key = read_pub_key(keyfile, 0);
@@ -390,76 +400,179 @@ int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int
 	err = RSA_public_decrypt(siglen - sizeof(*hdr) - 2, sig + sizeof(*hdr) + 2, out, key, RSA_PKCS1_PADDING);
 	RSA_free(key);
 	if (err < 0) {
-		log_err("RSA_public_decrypt() failed: %d\n", err);
+		log_err("%s: RSA_public_decrypt() failed: %d\n", file, err);
+		output_openssl_errors();
 		return 1;
 	}
 
 	len = err;
 
 	if (len != sizeof(sighash) || memcmp(out, sighash, len) != 0) {
-		log_err("Verification failed: %d\n", err);
+		log_err("%s: verification failed: %d\n", file, err);
 		return -1;
-	} else {
-		/*log_info("Verification is OK\n");*/
-		printf("Verification is OK\n");
 	}
 
 	return 0;
 }
 
-int verify_hash_v2(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile)
+struct public_key_entry {
+	struct public_key_entry *next;
+	uint32_t keyid;
+	char name[9];
+	EVP_PKEY *key;
+};
+static struct public_key_entry *public_keys = NULL;
+
+static EVP_PKEY *find_keyid(uint32_t keyid)
 {
-	int err, len;
-	unsigned char out[1024];
-	RSA *key;
-	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
-	const struct RSA_ASN1_template *asn1;
+	struct public_key_entry *entry, *tail = public_keys;
+	int i = 1;
 
-	log_info("hash: ");
-	log_dump(hash, size);
-
-	key = read_pub_key(keyfile, 1);
-	if (!key)
-		return 1;
-
-	err = RSA_public_decrypt(siglen - sizeof(*hdr), sig + sizeof(*hdr), out, key, RSA_PKCS1_PADDING);
-	RSA_free(key);
-	if (err < 0) {
-		log_err("RSA_public_decrypt() failed: %d\n", err);
-		return 1;
+	for (entry = public_keys; entry != NULL; entry = entry->next) {
+		if (entry->keyid == keyid)
+			return entry->key;
+		i++;
+		tail = entry;
 	}
 
-	len = err;
-
-	asn1 = &RSA_ASN1_templates[hdr->hash_algo];
-
-	if (len < asn1->size || memcmp(out, asn1->data, asn1->size)) {
-		log_err("Verification failed: %d\n", err);
-		return -1;
+	/* add unknown keys to list */
+	entry = calloc(1, sizeof(struct public_key_entry));
+	if (!entry) {
+		perror("calloc");
+		return 0;
 	}
-
-	len -= asn1->size;
-
-	if (len != size || memcmp(out + asn1->size, hash, len)) {
-		log_err("Verification failed: %d\n", err);
-		return -1;
-	}
-
-	/*log_info("Verification is OK\n");*/
-	printf("Verification is OK\n");
-
+	entry->keyid = keyid;
+	if (tail)
+		tail->next = entry;
+	else
+		public_keys = entry;
+	log_err("key %d: %x (unknown keyid)\n", i, __be32_to_cpup(&keyid));
 	return 0;
 }
 
-int get_hash_algo(const char *algo)
+void init_public_keys(const char *keyfiles)
+{
+	struct public_key_entry *entry;
+	char *tmp_keyfiles, *keyfiles_free;
+	char *keyfile;
+	int i = 1;
+
+	tmp_keyfiles = strdup(keyfiles);
+	keyfiles_free = tmp_keyfiles;
+
+	while ((keyfile = strsep(&tmp_keyfiles, ", \t")) != NULL) {
+		if (!keyfile)
+			break;
+		if ((*keyfile == '\0') || (*keyfile == ' ') ||
+		    (*keyfile == '\t'))
+			continue;
+
+		entry = malloc(sizeof(struct public_key_entry));
+		if (!entry) {
+			perror("malloc");
+			break;
+		}
+
+		entry->key = read_pub_pkey(keyfile, 1);
+		if (!entry->key) {
+			free(entry);
+			continue;
+		}
+
+		calc_keyid_v2(&entry->keyid, entry->name, entry->key);
+		sprintf(entry->name, "%x", __be32_to_cpup(&entry->keyid));
+		log_info("key %d: %s %s\n", i++, entry->name, keyfile);
+		entry->next = public_keys;
+		public_keys = entry;
+	}
+	free(keyfiles_free);
+}
+
+/*
+ * Return: 0 verification good, 1 verification bad, -1 error.
+ */
+static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
+			  unsigned char *sig, int siglen)
+{
+	int ret = -1;
+	EVP_PKEY *pkey, *pkey_free = NULL;
+	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
+	EVP_PKEY_CTX *ctx;
+	const EVP_MD *md;
+	const char *st;
+
+	if (imaevm_params.verbose > LOG_INFO) {
+		log_info("hash(%s): ", imaevm_params.hash_algo);
+		log_dump(hash, size);
+	}
+
+	pkey = find_keyid(hdr->keyid);
+	if (!pkey) {
+		uint32_t keyid = hdr->keyid;
+
+		log_info("%s: verification failed: unknown keyid %x\n",
+			 file, __be32_to_cpup(&keyid));
+		return -1;
+	}
+
+	st = "EVP_PKEY_CTX_new";
+	if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
+		goto err;
+	st = "EVP_PKEY_verify_init";
+	if (!EVP_PKEY_verify_init(ctx))
+		goto err;
+	st = "EVP_get_digestbyname";
+	if (!(md = EVP_get_digestbyname(imaevm_params.hash_algo)))
+		goto err;
+	st = "EVP_PKEY_CTX_set_signature_md";
+	if (!EVP_PKEY_CTX_set_signature_md(ctx, md))
+		goto err;
+	st = "EVP_PKEY_verify";
+	ret = EVP_PKEY_verify(ctx, sig + sizeof(*hdr),
+			      siglen - sizeof(*hdr), hash, size);
+	if (ret == 1)
+		ret = 0;
+	else if (ret == 0) {
+		log_err("%s: verification failed: %d (%s)\n",
+			file, ret, ERR_reason_error_string(ERR_get_error()));
+		output_openssl_errors();
+		ret = 1;
+	}
+err:
+	if (ret < 0 || ret > 1) {
+		log_err("%s: verification failed: %d (%s) in %s\n",
+			file, ret, ERR_reason_error_string(ERR_peek_error()),
+			st);
+		output_openssl_errors();
+		ret = -1;
+	}
+	EVP_PKEY_CTX_free(ctx);
+	EVP_PKEY_free(pkey_free);
+	return ret;
+}
+
+int imaevm_get_hash_algo(const char *algo)
 {
 	int i;
 
+	/* first iterate over builtin algorithms */
 	for (i = 0; i < PKEY_HASH__LAST; i++)
-		if (!strcmp(algo, pkey_hash_algo[i]))
+		if (pkey_hash_algo[i] &&
+		    !strcmp(algo, pkey_hash_algo[i]))
 			return i;
 
-	return PKEY_HASH_SHA1;
+	for (i = 0; i < PKEY_HASH__LAST; i++)
+		if (pkey_hash_algo_kern[i] &&
+		    !strcmp(algo, pkey_hash_algo_kern[i]))
+			return i;
+
+	/* iterate over algorithms provided by kernel-headers */
+	for (i = 0; i < HASH_ALGO__LAST; i++)
+		if (hash_algo_name[i] &&
+		    !strcmp(algo, hash_algo_name[i]))
+			return i;
+
+	return -1;
 }
 
 static int get_hash_algo_from_sig(unsigned char *sig)
@@ -489,39 +602,33 @@ static int get_hash_algo_from_sig(unsigned char *sig)
 		return -1;
 }
 
-int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen)
+int verify_hash(const char *file, const unsigned char *hash, int size, unsigned char *sig,
+		int siglen)
 {
-	const char *key;
-	int x509;
-	verify_hash_fn_t verify_hash;
-
 	/* Get signature type from sig header */
 	if (sig[0] == DIGSIG_VERSION_1) {
-		verify_hash = verify_hash_v1;
+		const char *key = NULL;
+
 		/* Read pubkey from RSA key */
-		x509 = 0;
+		if (!imaevm_params.keyfile)
+			key = "/etc/keys/pubkey_evm.pem";
+		else
+			key = imaevm_params.keyfile;
+		return verify_hash_v1(file, hash, size, sig, siglen, key);
 	} else if (sig[0] == DIGSIG_VERSION_2) {
-		verify_hash = verify_hash_v2;
-		/* Read pubkey from x509 cert */
-		x509 = 1;
+		return verify_hash_v2(file, hash, size, sig, siglen);
 	} else
 		return -1;
-
-	/* Determine what key to use for verification*/
-	key = params.keyfile ? : x509 ?
-			"/etc/keys/x509_evm.der" :
-			"/etc/keys/pubkey_evm.pem";
-
-	return verify_hash(hash, size, sig, siglen, key);
 }
 
-int ima_verify_signature(const char *file, unsigned char *sig, int siglen)
+int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
+			 unsigned char *digest, int digestlen)
 {
-	unsigned char hash[64];
+	unsigned char hash[MAX_DIGEST_SIZE];
 	int hashlen, sig_hash_algo;
 
 	if (sig[0] != 0x03) {
-		log_err("security.ima has no signature\n");
+		log_err("xattr ima has no signature\n");
 		return -1;
 	}
 
@@ -531,13 +638,21 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen)
 		return -1;
 	}
 	/* Use hash algorithm as retrieved from signature */
-	params.hash_algo = pkey_hash_algo[sig_hash_algo];
+	imaevm_params.hash_algo = get_hash_algo_by_id(sig_hash_algo);
+
+	/*
+	 * Validate the signature based on the digest included in the
+	 * measurement list, not by calculating the local file digest.
+	 */
+	if (digestlen > 0)
+	    return verify_hash(file, digest, digestlen, sig + 1, siglen - 1);
 
 	hashlen = ima_calc_hash(file, hash);
 	if (hashlen <= 1)
 		return hashlen;
+	assert(hashlen <= sizeof(hash));
 
-	return verify_hash(hash, hashlen, sig + 1, siglen - 1);
+	return verify_hash(file, hash, hashlen, sig + 1, siglen - 1);
 }
 
 /*
@@ -547,6 +662,14 @@ int key2bin(RSA *key, unsigned char *pub)
 {
 	int len, b, offset = 0;
 	struct pubkey_hdr *pkh = (struct pubkey_hdr *)pub;
+	const BIGNUM *n, *e;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+	n = key->n;
+	e = key->e;
+#else
+	RSA_get0_key(key, &n, &e, NULL);
+#endif
 
 	/* add key header */
 	pkh->version = 1;
@@ -556,18 +679,18 @@ int key2bin(RSA *key, unsigned char *pub)
 
 	offset += sizeof(*pkh);
 
-	len = BN_num_bytes(key->n);
-	b = BN_num_bits(key->n);
+	len = BN_num_bytes(n);
+	b = BN_num_bits(n);
 	pub[offset++] = b >> 8;
 	pub[offset++] = b & 0xff;
-	BN_bn2bin(key->n, &pub[offset]);
+	BN_bn2bin(n, &pub[offset]);
 	offset += len;
 
-	len = BN_num_bytes(key->e);
-	b = BN_num_bits(key->e);
+	len = BN_num_bytes(e);
+	b = BN_num_bits(e);
 	pub[offset++] = b >> 8;
 	pub[offset++] = b & 0xff;
-	BN_bn2bin(key->e, &pub[offset]);
+	BN_bn2bin(e, &pub[offset]);
 	offset += len;
 
 	return offset;
@@ -584,53 +707,79 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len
 	memcpy(keyid, sha1 + 12, 8);
 	log_debug("keyid: ");
 	log_debug_dump(keyid, 8);
-
 	id = __be64_to_cpup((__be64 *) keyid);
 	sprintf(str, "%llX", (unsigned long long)id);
-	log_info("keyid: %s\n", str);
+
+	if (imaevm_params.verbose > LOG_INFO)
+		log_info("keyid-v1: %s\n", str);
 }
 
-void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
+/*
+ * Calculate keyid of the public_key part of EVP_PKEY
+ */
+void calc_keyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey)
 {
-	uint8_t sha1[SHA_DIGEST_LENGTH];
-	unsigned char *pkey = NULL;
+	X509_PUBKEY *pk = NULL;
+	const unsigned char *public_key = NULL;
 	int len;
 
-	len = i2d_RSAPublicKey(key, &pkey);
+	/* This is more generic than i2d_PublicKey() */
+	if (X509_PUBKEY_set(&pk, pkey) &&
+	    X509_PUBKEY_get0_param(NULL, &public_key, &len, NULL, pk)) {
+		uint8_t sha1[SHA_DIGEST_LENGTH];
 
-	SHA1(pkey, len, sha1);
+		SHA1(public_key, len, sha1);
+		/* sha1[12 - 19] is exactly keyid from gpg file */
+		memcpy(keyid, sha1 + 16, 4);
+	} else
+		*keyid = 0;
 
-	/* sha1[12 - 19] is exactly keyid from gpg file */
-	memcpy(keyid, sha1 + 16, 4);
 	log_debug("keyid: ");
 	log_debug_dump(keyid, 4);
-
 	sprintf(str, "%x", __be32_to_cpup(keyid));
-	log_info("keyid: %s\n", str);
 
-	free(pkey);
+	if (imaevm_params.verbose > LOG_INFO)
+		log_info("keyid: %s\n", str);
+
+	X509_PUBKEY_free(pk);
 }
 
-static RSA *read_priv_key(const char *keyfile, const char *keypass)
+static EVP_PKEY *read_priv_pkey(const char *keyfile, const char *keypass)
 {
 	FILE *fp;
-	RSA *key;
+	EVP_PKEY *pkey;
 
 	fp = fopen(keyfile, "r");
 	if (!fp) {
 		log_err("Failed to open keyfile: %s\n", keyfile);
 		return NULL;
 	}
-	ERR_load_crypto_strings();
-	key = PEM_read_RSAPrivateKey(fp, NULL, NULL, (void *)keypass);
-	if (!key) {
-		char str[256];
-
-		ERR_error_string(ERR_get_error(), str);
-		log_err("PEM_read_RSAPrivateKey() failed: %s\n", str);
+	pkey = PEM_read_PrivateKey(fp, NULL, NULL, (void *)keypass);
+	if (!pkey) {
+		log_err("Failed to PEM_read_PrivateKey key file: %s\n",
+			keyfile);
+		output_openssl_errors();
 	}
 
 	fclose(fp);
+	return pkey;
+}
+
+static RSA *read_priv_key(const char *keyfile, const char *keypass)
+{
+	EVP_PKEY *pkey;
+	RSA *key;
+
+	pkey = read_priv_pkey(keyfile, keypass);
+	if (!pkey)
+		return NULL;
+	key = EVP_PKEY_get1_RSA(pkey);
+	EVP_PKEY_free(pkey);
+	if (!key) {
+		log_err("read_priv_key: unsupported key type\n");
+		output_openssl_errors();
+		return NULL;
+	}
 	return key;
 }
 
@@ -645,7 +794,8 @@ static int get_hash_algo_v1(const char *algo)
 	return -1;
 }
 
-int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, const char *keyfile, unsigned char *sig)
+static int sign_hash_v1(const char *hashalgo, const unsigned char *hash,
+			int size, const char *keyfile, unsigned char *sig)
 {
 	int len = -1, hashalgo_idx;
 	SHA_CTX ctx;
@@ -676,10 +826,10 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
 		return -1;
 	}
 
-	log_info("hash: ");
+	log_info("hash(%s): ", hashalgo);
 	log_dump(hash, size);
 
-	key = read_priv_key(keyfile, params.keypass);
+	key = read_priv_key(keyfile, imaevm_params.keypass);
 	if (!key)
 		return -1;
 
@@ -712,6 +862,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
 	len = RSA_private_encrypt(sizeof(sighash), sighash, sig + sizeof(*hdr) + 2, key, RSA_PKCS1_PADDING);
 	if (len < 0) {
 		log_err("RSA_private_encrypt() failed: %d\n", len);
+		output_openssl_errors();
 		goto out;
 	}
 
@@ -719,20 +870,28 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
 	blen = (uint16_t *) (sig + sizeof(*hdr));
 	*blen = __cpu_to_be16(len << 3);
 	len += sizeof(*hdr) + 2;
-	log_info("evm/ima signature: %d bytes\n", len);
+	log_info("evm/ima signature-v1: %d bytes\n", len);
 out:
 	RSA_free(key);
 	return len;
 }
 
-int sign_hash_v2(const char *algo, const unsigned char *hash, int size, const char *keyfile, unsigned char *sig)
+/*
+ * @sig is assumed to be of (MAX_SIGNATURE_SIZE - 1) size
+ * Return: -1 signing error, >0 length of signature
+ */
+static int sign_hash_v2(const char *algo, const unsigned char *hash,
+			int size, const char *keyfile, unsigned char *sig)
 {
 	struct signature_v2_hdr *hdr;
 	int len = -1;
-	RSA *key;
+	EVP_PKEY *pkey;
 	char name[20];
-	unsigned char *buf;
-	const struct RSA_ASN1_template *asn1;
+	EVP_PKEY_CTX *ctx = NULL;
+	const EVP_MD *md;
+	size_t sigsize;
+	const char *st;
+	uint32_t keyid;
 
 	if (!hash) {
 		log_err("sign_hash_v2: hash is null\n");
@@ -754,43 +913,56 @@ int sign_hash_v2(const char *algo, const unsigned char *hash, int size, const ch
 		return -1;
 	}
 
-	log_info("hash: ");
+	log_info("hash(%s): ", imaevm_params.hash_algo);
 	log_dump(hash, size);
 
-	key = read_priv_key(keyfile, params.keypass);
-	if (!key)
+	pkey = read_priv_pkey(keyfile, imaevm_params.keypass);
+	if (!pkey)
 		return -1;
 
 	hdr = (struct signature_v2_hdr *)sig;
 	hdr->version = (uint8_t) DIGSIG_VERSION_2;
 
-	hdr->hash_algo = get_hash_algo(algo);
-
-	calc_keyid_v2(&hdr->keyid, name, key);
-
-	asn1 = &RSA_ASN1_templates[hdr->hash_algo];
-
-	buf = malloc(size + asn1->size);
-	if (!buf)
-		goto out;
-
-	memcpy(buf, asn1->data, asn1->size);
-	memcpy(buf + asn1->size, hash, size);
-	len = RSA_private_encrypt(size + asn1->size, buf, hdr->sig,
-				  key, RSA_PKCS1_PADDING);
-	if (len < 0) {
-		log_err("RSA_private_encrypt() failed: %d\n", len);
-		goto out;
+	hdr->hash_algo = imaevm_get_hash_algo(algo);
+	if (hdr->hash_algo == -1) {
+		log_err("sign_hash_v2: hash algo is unknown: %s\n", algo);
+		return -1;
 	}
 
+	calc_keyid_v2(&keyid, name, pkey);
+	hdr->keyid = keyid;
+
+	st = "EVP_PKEY_CTX_new";
+	if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
+		goto err;
+	st = "EVP_PKEY_sign_init";
+	if (!EVP_PKEY_sign_init(ctx))
+		goto err;
+	st = "EVP_get_digestbyname";
+	if (!(md = EVP_get_digestbyname(imaevm_params.hash_algo)))
+		goto err;
+	st = "EVP_PKEY_CTX_set_signature_md";
+	if (!EVP_PKEY_CTX_set_signature_md(ctx, md))
+		goto err;
+	st = "EVP_PKEY_sign";
+	sigsize = MAX_SIGNATURE_SIZE - sizeof(struct signature_v2_hdr) - 1;
+	if (!EVP_PKEY_sign(ctx, hdr->sig, &sigsize, hash, size))
+		goto err;
+	len = (int)sigsize;
+
 	/* we add bit length of the signature to make it gnupg compatible */
 	hdr->sig_size = __cpu_to_be16(len);
 	len += sizeof(*hdr);
 	log_info("evm/ima signature: %d bytes\n", len);
-out:
-	if (buf)
-		free(buf);
-	RSA_free(key);
+
+err:
+	if (len == -1) {
+		log_err("sign_hash_v2: signing failed: (%s) in %s\n",
+			ERR_reason_error_string(ERR_peek_error()), st);
+		output_openssl_errors();
+	}
+	EVP_PKEY_CTX_free(ctx);
+	EVP_PKEY_free(pkey);
 	return len;
 }
 
@@ -798,14 +970,23 @@ out:
 int sign_hash(const char *hashalgo, const unsigned char *hash, int size, const char *keyfile, const char *keypass, unsigned char *sig)
 {
 	if (keypass)
-		params.keypass = keypass;
+		imaevm_params.keypass = keypass;
 
-	return params.x509 ? sign_hash_v2(hashalgo, hash, size, keyfile, sig) :
-			     sign_hash_v1(hashalgo, hash, size, keyfile, sig);
+	return imaevm_params.x509 ?
+		sign_hash_v2(hashalgo, hash, size, keyfile, sig) :
+		sign_hash_v1(hashalgo, hash, size, keyfile, sig);
 }
 
 static void libinit()
 {
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	OpenSSL_add_all_algorithms();
+	OPENSSL_add_all_algorithms_conf();
+#else
+
+	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
+			    OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
 	ERR_load_crypto_strings();
+#endif
 }