From b49e2251a082f308ed66a165856442b2eec3edf0 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 12 Jul 2013 14:52:09 -0400 Subject: [PATCH] Let user specified hash algo take precedence After applying previous patch, we will always get hash algo info from signature and if user specified one on command line, that will be overridden. This is like breaking old behavior. So keep track whether user specified hash algo on command line or not. If user did not specify one then get hash algo info from signature otherwise use the one user provided. Signed-off-by: Vivek Goyal --- src/evmctl.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c index 0682462..af681f8 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -245,6 +245,7 @@ static int sigdump; static int digest; static int digsig; static const char *hash_algo = "sha1"; +static int user_hash_algo; static char *keypass; static int sigfile; static int modsig; @@ -1228,7 +1229,7 @@ static int cmd_verify_evm(struct command *cmd) return verify_evm(file, key); } -static uint8_t get_hash_algo_from_sig(unsigned char *sig) +static int get_hash_algo_from_sig(unsigned char *sig) { uint8_t hashalgo; @@ -1283,14 +1284,17 @@ static int verify_ima(const char *file, const char *key) return -1; } - sig_hash_algo = get_hash_algo_from_sig(sig + 1); - if (sig_hash_algo < 0) { - log_err("Invalid signature\n"); - return -1; - } + /* If user specified an hash algo on command line, let it override */ + if (!user_hash_algo) { + sig_hash_algo = get_hash_algo_from_sig(sig + 1); + if (sig_hash_algo < 0) { + log_err("Invalid signature\n"); + return -1; + } - /* Use hash algorithm as retrieved from signature */ - hash_algo = pkey_hash_algo[sig_hash_algo]; + /* Use hash algorithm as retrieved from signature */ + hash_algo = pkey_hash_algo[sig_hash_algo]; + } hashlen = calc_hash(file, hash); if (hashlen <= 1) @@ -1688,6 +1692,7 @@ int main(int argc, char *argv[]) break; case 'a': hash_algo = optarg; + user_hash_algo = 1; break; case 'p': keypass = optarg;