From 3299fba40dbf468952e932fc111573dec5ab4a01 Mon Sep 17 00:00:00 2001
From: Dmitry Kasatkin <d.kasatkin@samsung.com>
Date: Fri, 24 Jan 2014 14:48:02 +0200
Subject: [PATCH] Move signature version checking to verify_hash()

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
---
 src/libevm.c | 24 +++++++++++++-----------
 src/libevm.h |  1 +
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/libevm.c b/src/libevm.c
index 257e009..267f7c6 100644
--- a/src/libevm.c
+++ b/src/libevm.c
@@ -460,6 +460,19 @@ int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int sig
 {
 	char *key;
 
+	/* Get signature type from sig header if user did not enforce it */
+	if (!params.user_sig_type) {
+		if (sig[0] == DIGSIG_VERSION_1) {
+			params.verify_hash = verify_hash_v1;
+			/* Read pubkey from RSA key */
+			params.x509 = 0;
+		} else if (sig[0] == DIGSIG_VERSION_2) {
+			params.verify_hash = verify_hash_v2;
+			/* Read pubkey from x509 cert */
+			params.x509 = 1;
+		}
+	}
+
 	/* Determine what key to use for verification*/
 	key = params.keyfile ? : params.x509 ?
 			"/etc/keys/x509_evm.der" :
@@ -493,16 +506,5 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen)
 	if (hashlen <= 1)
 		return hashlen;
 
-	/* Get signature type from sig header if user did not enforce it */
-	if (!params.user_sig_type) {
-		if (sig[1] == DIGSIG_VERSION_1)
-			params.verify_hash = verify_hash_v1;
-		else if (sig[1] == DIGSIG_VERSION_2) {
-			params.verify_hash = verify_hash_v2;
-			/* Read pubkey from x509 cert */
-			params.x509 = 1;
-		}
-	}
-
 	return verify_hash(hash, hashlen, sig + 1, siglen - 1);
 }
diff --git a/src/libevm.h b/src/libevm.h
index 17a522b..91b4d76 100644
--- a/src/libevm.h
+++ b/src/libevm.h
@@ -152,6 +152,7 @@ RSA *read_pub_key(const char *keyfile);
 int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile);
 int verify_hash_v2(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile);
 
+int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen);
 int ima_verify_signature(const char *file, unsigned char *sig, int siglen);
 
 #endif