Stefan, On Tue, May 04, 2021 at 08:51:03AM -0400, Stefan Berger wrote: > > @@ -932,8 +932,10 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash, > > return -1; > > } > > - calc_keyid_v2(&keyid, name, pkey); > > - hdr->keyid = keyid; > > + if (imaevm_params.keyid) > > + hdr->keyid = htonl(imaevm_params.keyid); > > > Nit: Since existing code uses __be32_to_cpup I would use __cpu_to_be32 here. That __be32_to_cpup usage is highly dubious. Perhaps, it should be converted to some user-space and standard functions like be32toh(3). Even in the kernel you should use be32_to_cpup, not __be32_to_cpup. The "__" prefix is for a reason. Thanks, > > > > + else > > + calc_keyid_v2(&hdr->keyid, name, pkey); > > st = "EVP_PKEY_CTX_new"; > > if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) > > diff --git a/tests/sign_verify.test b/tests/sign_verify.test > > index 288e133..2c21812 100755 > > --- a/tests/sign_verify.test > > +++ b/tests/sign_verify.test > > @@ -359,6 +359,7 @@ sign_verify rsa1024 sha256 0x0301 --rsa > > sign_verify rsa1024 md5 0x030201:K:0080 > > sign_verify rsa1024 sha1 0x030202:K:0080 > > sign_verify rsa1024 sha224 0x030207:K:0080 > > +expect_pass check_sign TYPE=ima KEY=rsa1024 ALG=sha256 PREFIX=0x030204aabbccdd0080 OPTS=--keyid=aabbccdd > > sign_verify rsa1024 sha256 0x030204:K:0080 > > try_different_keys > > try_different_sigs > > > Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
