Re: [PATCH v5 06/11] ima-evm-utils: Start converting find_keyid to use EVP_PKEY API

Mimi Zohar <zohar@xxxxxxxxxxxxx> · Wed, 19 Jun 2019 08:26:30 -0400

On Tue, 2019-06-18 at 16:56 +0300, Vitaly Chikunov wrote:
> New find_keyid_pkey() accepts EVP_PKEY. Old find_keyid() calls
> find_keyid_pkey(), but still return RSA key.
> 
> Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>

With titles starting with "Start converting", it leaves me wondering
whether these patches are bisect safe.  Does this patch make
find_keyid() a wrapper for find_keyid_pkey()?  Do all callers of
find_keyid() continue to work properly?  If so, why are there other
changes in this patch?

If you haven't already, please make sure that after each patch is
applied, the code not only compiles cleanly, but works properly.

Mimi

> ---
>  src/libimaevm.c | 24 ++++++++++++++++++++----
>  1 file changed, 20 insertions(+), 4 deletions(-)
> 
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> index 707b2e9..ae18005 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> @@ -452,11 +452,11 @@ struct public_key_entry {
>  	struct public_key_entry *next;
>  	uint32_t keyid;
>  	char name[9];
> -	RSA *key;
> +	EVP_PKEY *key;
>  };
>  static struct public_key_entry *public_keys = NULL;
> 
> -static RSA *find_keyid(uint32_t keyid)
> +static EVP_PKEY *find_keyid_pkey(uint32_t keyid)
>  {
>  	struct public_key_entry *entry;
> 
> @@ -467,6 +467,22 @@ static RSA *find_keyid(uint32_t keyid)
>  	return NULL;
>  }
> 
> +static RSA *find_keyid(uint32_t keyid)
> +{
> +	EVP_PKEY *pkey;
> +	RSA *key;
> +
> +	pkey = find_keyid_pkey(keyid);
> +	if (!pkey)
> +		return NULL;
> +	key = EVP_PKEY_get0_RSA(pkey);
> +	if (!key) {
> +		log_err("find_keyid: unsupported key type\n");
> +		return NULL;
> +	}
> +	return key;
> +}
> +
>  void init_public_keys(const char *keyfiles)
>  {
>  	struct public_key_entry *entry;
> @@ -489,13 +505,13 @@ void init_public_keys(const char *keyfiles)
>  			break;
>  		}
> 
> -		entry->key = read_pub_key(keyfile, 1);
> +		entry->key = read_pub_pkey(keyfile, 1);
>  		if (!entry->key) {
>  			free(entry);
>  			continue;
>  		}
> 
> -		calc_keyid_v2(&entry->keyid, entry->name, entry->key);
> +		calc_pkeyid_v2(&entry->keyid, entry->name, entry->key);
>  		sprintf(entry->name, "%x", __be32_to_cpup(&entry->keyid));
>  		log_info("key %d: %s %s\n", i++, entry->name, keyfile);
>  		entry->next = public_keys;