On Tue, 2021-05-11 at 14:56 +0300, Vitaly Chikunov wrote:
>
> +/**
> + * imaevm_read_keyid() - Read 32-bit keyid from the cert file.
> + * @certfile: File possibly containing certificate in DER/PEM format.
> + *
> + * Try to read keyid from Subject Key Identifier (SKID) of certificate.
> + * Autodetect if cert is in PEM or DER encoding.
> + *
> + * Return: 0 on error;
> + * 32-bit keyid as unsigned integer in host order.
> + */
> +uint32_t imaevm_read_keyid(const char *certfile)
> +{
> + uint32_t keyid_raw = 0;
> +
> + __read_keyid(&keyid_raw, certfile, KEYID_FILE_UNK_CERT);
> + return ntohl(keyid_raw);
On error, __read_keyid() returns < 0, but the return value isn't
checked before calling ntohl. In either case, is imaevm_params.keyid
suppose to be big endian byte order? If so, the call to htonl in
sign_hash_v2() would be unnecessary.
thanks,
Mimi
