Since we now always call verify_hash_v2() with NULL keyfile (assuming
all keys are already loaded into public_keys list), remove keyfile
argument and its handling from verify_hash_v2().
Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>
---
src/libimaevm.c | 21 +++++++--------------
1 file changed, 7 insertions(+), 14 deletions(-)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 97b7167..b153f1b 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -453,7 +453,7 @@ void init_public_keys(const char *keyfiles)
* Return: 0 verification good, 1 verification bad, -1 error.
*/
int verify_hash_v2(const char *file, const unsigned char *hash, int size,
- unsigned char *sig, int siglen, const char *keyfile)
+ unsigned char *sig, int siglen)
{
int ret = -1;
EVP_PKEY *pkey, *pkey_free = NULL;
@@ -467,20 +467,13 @@ int verify_hash_v2(const char *file, const unsigned char *hash, int size,
log_dump(hash, size);
}
- if (public_keys) {
+ pkey = find_keyid(hdr->keyid);
+ if (!pkey) {
uint32_t keyid = hdr->keyid;
- pkey = find_keyid(keyid);
- if (!pkey) {
- log_err("%s: unknown keyid: %x\n", file,
- __be32_to_cpup(&keyid));
- return -1;
- }
- } else {
- pkey = read_pub_pkey(keyfile, 1);
- if (!pkey)
- return -1;
- pkey_free = pkey;
+ log_err("%s: unknown keyid: %x\n", file,
+ __be32_to_cpup(&keyid));
+ return -1;
}
st = "EVP_PKEY_CTX_new";
@@ -581,7 +574,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
key = "/etc/keys/pubkey_evm.pem";
return verify_hash_v1(file, hash, size, sig, siglen, key);
} else if (sig[0] == DIGSIG_VERSION_2) {
- return verify_hash_v2(file, hash, size, sig, siglen, NULL);
+ return verify_hash_v2(file, hash, size, sig, siglen);
} else
return -1;
}
--
2.11.0
