From: Vitaly Chikunov <vt@altlinux.org>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org
Subject: [PATCH 2/3] ima-evm-utils: Remove not needed argument from verify_hash_v2
Date: Fri, 19 Jul 2019 00:35:09 +0300 [thread overview]
Message-ID: <20190718213510.10829-2-vt@altlinux.org> (raw)
In-Reply-To: <20190718213510.10829-1-vt@altlinux.org>
Since we now always call verify_hash_v2() with NULL keyfile (assuming
all keys are already loaded into public_keys list), remove keyfile
argument and its handling from verify_hash_v2().
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
src/libimaevm.c | 21 +++++++--------------
1 file changed, 7 insertions(+), 14 deletions(-)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 97b7167..b153f1b 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -453,7 +453,7 @@ void init_public_keys(const char *keyfiles)
* Return: 0 verification good, 1 verification bad, -1 error.
*/
int verify_hash_v2(const char *file, const unsigned char *hash, int size,
- unsigned char *sig, int siglen, const char *keyfile)
+ unsigned char *sig, int siglen)
{
int ret = -1;
EVP_PKEY *pkey, *pkey_free = NULL;
@@ -467,20 +467,13 @@ int verify_hash_v2(const char *file, const unsigned char *hash, int size,
log_dump(hash, size);
}
- if (public_keys) {
+ pkey = find_keyid(hdr->keyid);
+ if (!pkey) {
uint32_t keyid = hdr->keyid;
- pkey = find_keyid(keyid);
- if (!pkey) {
- log_err("%s: unknown keyid: %x\n", file,
- __be32_to_cpup(&keyid));
- return -1;
- }
- } else {
- pkey = read_pub_pkey(keyfile, 1);
- if (!pkey)
- return -1;
- pkey_free = pkey;
+ log_err("%s: unknown keyid: %x\n", file,
+ __be32_to_cpup(&keyid));
+ return -1;
}
st = "EVP_PKEY_CTX_new";
@@ -581,7 +574,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
key = "/etc/keys/pubkey_evm.pem";
return verify_hash_v1(file, hash, size, sig, siglen, key);
} else if (sig[0] == DIGSIG_VERSION_2) {
- return verify_hash_v2(file, hash, size, sig, siglen, NULL);
+ return verify_hash_v2(file, hash, size, sig, siglen);
} else
return -1;
}
--
2.11.0
next prev parent reply other threads:[~2019-07-18 21:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-18 21:35 [PATCH 1/3] ima-evm-utils: Remove indirect call to subfunctions in verify_hash Vitaly Chikunov
2019-07-18 21:35 ` Vitaly Chikunov [this message]
2019-07-18 23:23 ` [PATCH 2/3] ima-evm-utils: Remove not needed argument from verify_hash_v2 Mimi Zohar
2019-07-18 23:26 ` Vitaly Chikunov
2019-07-18 21:35 ` [PATCH 3/3] ima-evm-utils: Improve OpenSSL error reporting Vitaly Chikunov
2019-07-18 23:23 ` Mimi Zohar
2019-07-18 23:24 ` [PATCH 1/3] ima-evm-utils: Remove indirect call to subfunctions in verify_hash Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190718213510.10829-2-vt@altlinux.org \
--to=vt@altlinux.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).