Replace calling init_public_keys() with the imaevm_init_public_keys() version. Similarly replace verify_hash() with the imaevm_verify_hash() version. Update the static function verify_evm() definition to include a "public_keys" parameter. Free the local public keys list. Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> --- src/evmctl.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c index 3ae79262efbb..06cdffdd3755 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -905,7 +905,7 @@ static int cmd_sign_evm(struct command *cmd) return do_cmd(cmd, sign_evm_path); } -static int verify_evm(const char *file) +static int verify_evm(void *public_keys, const char *file) { unsigned char hash[MAX_DIGEST_SIZE]; unsigned char sig[MAX_SIGNATURE_SIZE]; @@ -945,12 +945,14 @@ static int verify_evm(const char *file) return mdlen; assert(mdlen <= sizeof(hash)); - return verify_hash(file, hash, mdlen, sig, len); + return imaevm_verify_hash(public_keys, file, imaevm_params.hash_algo, + hash, mdlen, sig, len); } static int cmd_verify_evm(struct command *cmd) { char *file = g_argv[optind++]; + void *public_keys = NULL; int err; if (!file) { @@ -961,14 +963,22 @@ static int cmd_verify_evm(struct command *cmd) if (imaevm_params.x509) { if (imaevm_params.keyfile) /* Support multiple public keys */ - init_public_keys(imaevm_params.keyfile); + err = imaevm_init_public_keys(imaevm_params.keyfile, + &public_keys); else /* assume read pubkey from x509 cert */ - init_public_keys("/etc/keys/x509_evm.der"); + err = imaevm_init_public_keys("/etc/keys/x509_evm.der", + &public_keys); + if (err < 0) { + log_info("Failed loading public keys"); + return err; + } } - err = verify_evm(file); + err = verify_evm(public_keys, file); if (!err && imaevm_params.verbose >= LOG_INFO) log_info("%s: verification is OK\n", file); + + imaevm_free_public_keys(public_keys); return err; } -- 2.39.3