On Fri, 2019-07-19 at 00:35 +0300, Vitaly Chikunov wrote:
> Since we now always call verify_hash_v2() with NULL keyfile (assuming
> all keys are already loaded into public_keys list), remove keyfile
> argument and its handling from verify_hash_v2().
>
> Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>
Thanks!
> ---
> src/libimaevm.c | 21 +++++++--------------
> 1 file changed, 7 insertions(+), 14 deletions(-)
>
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> index 97b7167..b153f1b 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> @@ -453,7 +453,7 @@ void init_public_keys(const char *keyfiles)
> * Return: 0 verification good, 1 verification bad, -1 error.
> */
> int verify_hash_v2(const char *file, const unsigned char *hash, int size,
> - unsigned char *sig, int siglen, const char *keyfile)
> + unsigned char *sig, int siglen)
> {
While making this change, could we also make both this and
verify_hash_v1() functions static? Should I make the change?
Mimi
> int ret = -1;
> EVP_PKEY *pkey, *pkey_free = NULL;
> @@ -467,20 +467,13 @@ int verify_hash_v2(const char *file, const unsigned char *hash, int size,
> log_dump(hash, size);
> }
>
> - if (public_keys) {
> + pkey = find_keyid(hdr->keyid);
> + if (!pkey) {
> uint32_t keyid = hdr->keyid;
>
> - pkey = find_keyid(keyid);
> - if (!pkey) {
> - log_err("%s: unknown keyid: %x\n", file,
> - __be32_to_cpup(&keyid));
> - return -1;
> - }
> - } else {
> - pkey = read_pub_pkey(keyfile, 1);
> - if (!pkey)
> - return -1;
> - pkey_free = pkey;
> + log_err("%s: unknown keyid: %x\n", file,
> + __be32_to_cpup(&keyid));
> + return -1;
> }
>
> st = "EVP_PKEY_CTX_new";
> @@ -581,7 +574,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
> key = "/etc/keys/pubkey_evm.pem";
> return verify_hash_v1(file, hash, size, sig, siglen, key);
> } else if (sig[0] == DIGSIG_VERSION_2) {
> - return verify_hash_v2(file, hash, size, sig, siglen, NULL);
> + return verify_hash_v2(file, hash, size, sig, siglen);
> } else
> return -1;
> }
