Unlike the user provided list of public keys, we don't know which
default public key file to use until verify_hash(). As a result, the
"Failed to open keyfile" message may be repeated multiple times.
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
src/libimaevm.c | 33 ++++++++++++++++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 472ab53c7b42..793643331f4b 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -296,18 +296,49 @@ err:
return err;
}
+/*
+ * Keep track of missing keyfile names.
+ *
+ * Return 1 for found, return 0 for not found.
+ */
+static int lookup_keyfile_name(const char *keyfile_name)
+{
+ struct keyfile_name_entry {
+ struct keyfile_name_entry *next;
+ char name[];
+ } *entry;
+ static struct keyfile_name_entry *keyfile_names = NULL;
+
+ for (entry = keyfile_names; entry != NULL; entry = entry->next) {
+ if (strcmp(entry->name, keyfile_name) == 0)
+ return 1;
+ }
+
+ entry = malloc(sizeof(struct keyfile_name_entry) +
+ strlen(keyfile_name) + 1);
+ if (entry) {
+ strcpy(entry->name, keyfile_name);
+ entry->next = keyfile_names;
+ keyfile_names = entry;
+ }
+ return 0;
+}
+
EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
{
FILE *fp;
X509 *crt = NULL;
EVP_PKEY *pkey = NULL;
+ int found;
if (!keyfile)
return NULL;
fp = fopen(keyfile, "r");
if (!fp) {
- log_err("Failed to open keyfile: %s\n", keyfile);
+ found = lookup_keyfile_name(keyfile);
+ if (!found)
+ log_err("Failed to open keyfile: %s\n", keyfile);
return NULL;
}
--
2.7.5
