On Fri, Jun 25, 2021 at 08:22:06AM -0400, Mimi Zohar wrote:
> On Tue, 2021-05-11 at 14:56 +0300, Vitaly Chikunov wrote:
> >
> > +/**
> > + * imaevm_read_keyid() - Read 32-bit keyid from the cert file.
> > + * @certfile: File possibly containing certificate in DER/PEM format.
> > + *
> > + * Try to read keyid from Subject Key Identifier (SKID) of certificate.
> > + * Autodetect if cert is in PEM or DER encoding.
> > + *
> > + * Return: 0 on error;
> > + * 32-bit keyid as unsigned integer in host order.
> > + */
> > +uint32_t imaevm_read_keyid(const char *certfile)
> > +{
> > + uint32_t keyid_raw = 0;
> > +
> > + __read_keyid(&keyid_raw, certfile, KEYID_FILE_UNK_CERT);
> > + return ntohl(keyid_raw);
>
> On error, __read_keyid() returns < 0, but the return value isn't
> checked before calling ntohl.
It does not need to be checked, because it also does not change value
pointed by `&keyid_raw' (which is 0 by default). Yes, this is not
mentioned in the `__read_keyid' description. But, otherwise (to change
pointed value on error) would be a bug.
> In either case, is imaevm_params.keyid
> suppose to be big endian byte order?
No, it's in native order. This looked reasonable, since it could be
presented to the user as a hex number.
Thanks,
> If so, the call to htonl in
> sign_hash_v2() would be unnecessary.
>
> thanks,
>
> Mimi
