On 1/4/24 14:05, Mimi Zohar wrote:
Instead of relying on a global static "public_keys" variable, which is
not concurrency-safe, update static library function definitions to
include it as a parameter, define new library functions with it as
a parameter, and deprecate existing functions.
Define imaevm_init_public_keys(), imaevm_verify_hash(), and
ima_verify_signature2() functions. Update static function definitions
to include "public_keys".
To avoid library incompatibility, make the existing functions -
init_public_keys(), verify_hash(), ima_verify_signature() - wrappers
for the new function versions.
Deprecate init_public_keys(), verify_hash(), ima_verify_signature()
functions.
Allow suppressing just the libimevm deprecate warnings by enabling
IMAEVM_SUPPRESS_DEPRECATED.
e.g. configure CFLAGS="-DIMAEVM_SUPPRESS_DEPRECATED"
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
src/imaevm.h | 21 +++++++++++--
src/libimaevm.c | 82 ++++++++++++++++++++++++++++++++++++-------------
2 files changed, 78 insertions(+), 25 deletions(-)
@@ -710,8 +729,9 @@ int imaevm_hash_algo_from_sig(unsigned char *sig)
return -1;
}
-int verify_hash(const char *file, const unsigned char *hash, int size,
- unsigned char *sig, int siglen)
+int imaevm_verify_hash(void *public_keys, const char *file,
Replace void with struct public_key_entry.
With this nit fixed:
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
