Each tima a new unknown key is encountered, emit a message of the format
"key #: <keyid> unknown". The individual files using unknown keys are
then only logged in verbose mode.
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
src/libimaevm.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 43eb4ef2412c..d2194a6ca0f8 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
static EVP_PKEY *find_keyid(uint32_t keyid)
{
- struct public_key_entry *entry;
+ struct public_key_entry *entry, *tail = public_keys;
+ int i = 1;
for (entry = public_keys; entry != NULL; entry = entry->next) {
if (entry->keyid == keyid)
return entry->key;
+ i++;
+ tail = entry;
}
- return NULL;
+
+ /* add unknown keys to list */
+ entry = calloc(1, sizeof(struct public_key_entry));
+ if (!entry) {
+ perror("calloc");
+ return 0;
+ }
+ entry->keyid = keyid;
+ tail->next = entry;
+ log_err("key %d: %x unknown\n", i, __be32_to_cpup(&keyid));
+ return 0;
}
void init_public_keys(const char *keyfiles)
@@ -470,8 +483,8 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
pkey = find_keyid(keyid);
if (!pkey) {
- log_err("%s: unknown keyid: %x\n",
- file, __be32_to_cpup(&keyid));
+ log_info("%s: unknown keyid: %x\n",
+ file, __be32_to_cpup(&keyid));
return -1;
}
--
2.7.5
