From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
Make sure that the function name in the error message corresponds to the
actual function called.
Rename mdlen and hash respectively to siglen and sig. Also, initialize
siglen to the size of sig (MAX_DIGEST_SIZE), as this is recommended in the
documentation of EVP_DigestSignFinal().
Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
---
src/evmctl.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 0ac7930da6f2..91b531c9e01e 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1184,9 +1184,9 @@ static int cmd_setxattr_ima(struct command *cmd)
#define MAX_KEY_SIZE 128
-static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *hash)
+static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *sig)
{
- size_t mdlen;
+ size_t siglen = MAX_DIGEST_SIZE;
EVP_MD_CTX *pctx;
EVP_PKEY *pkey = NULL;
struct stat st;
@@ -1260,7 +1260,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, evmkey, sizeof(evmkey));
if (!pkey) {
- log_err("HMAC_Init() failed\n");
+ log_err("EVP_PKEY_new_mac_key() failed\n");
goto out;
}
@@ -1326,12 +1326,12 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
err = EVP_DigestSignUpdate(pctx, &hmac_misc, hmac_size);
if (err != 1) {
- log_err("HMAC_Update() failed\n");
+ log_err("EVP_DigestSignUpdate() failed\n");
goto out_ctx_cleanup;
}
- err = EVP_DigestSignFinal(pctx, hash, &mdlen);
+ err = EVP_DigestSignFinal(pctx, sig, &siglen);
if (err != 1)
- log_err("HMAC_Final() failed\n");
+ log_err("EVP_DigestSignFinal() failed\n");
out_ctx_cleanup:
EVP_PKEY_free(pkey);
#if OPENSSL_VERSION_NUMBER >= 0x10100000
@@ -1340,7 +1340,7 @@ out_ctx_cleanup:
out:
free(key);
if (err == 1)
- return mdlen;
+ return siglen;
return err;
}
--
2.25.1
