Replace calling init_public_keys() with the init_public_keys2() version.
Similarly replace verify_hash() with the verify_hash2() version.
Update the static function verify_evm() definition to include a
"public_keys" parameter.
Free the local public keys list.
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
src/evmctl.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index bf1f8f07e9ca..f796edfce5f1 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -905,7 +905,7 @@ static int cmd_sign_evm(struct command *cmd)
return do_cmd(cmd, sign_evm_path);
}
-static int verify_evm(const char *file)
+static int verify_evm(void *public_keys, const char *file)
{
unsigned char hash[MAX_DIGEST_SIZE];
unsigned char sig[MAX_SIGNATURE_SIZE];
@@ -945,12 +945,14 @@ static int verify_evm(const char *file)
return mdlen;
assert(mdlen <= sizeof(hash));
- return verify_hash(file, hash, mdlen, sig, len);
+ return verify_hash2(public_keys, file, imaevm_params.hash_algo,
+ hash, mdlen, sig, len);
}
static int cmd_verify_evm(struct command *cmd)
{
char *file = g_argv[optind++];
+ void *public_keys = NULL;
int err;
if (!file) {
@@ -961,14 +963,17 @@ static int cmd_verify_evm(struct command *cmd)
if (imaevm_params.x509) {
if (imaevm_params.keyfile) /* Support multiple public keys */
- init_public_keys(imaevm_params.keyfile);
+ init_public_keys2(imaevm_params.keyfile, &public_keys);
else /* assume read pubkey from x509 cert */
- init_public_keys("/etc/keys/x509_evm.der");
+ init_public_keys2("/etc/keys/x509_evm.der",
+ &public_keys);
}
- err = verify_evm(file);
+ err = verify_evm(public_keys, file);
if (!err && imaevm_params.verbose >= LOG_INFO)
log_info("%s: verification is OK\n", file);
+
+ free_public_keys(public_keys);
return err;
}
--
2.39.3
