projects / platform / upstream / ima-evm-utils.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ff5f07e)
Remove user_sig_type flag
authorDmitry Kasatkin <d.kasatkin@samsung.com>
Fri, 24 Jan 2014 12:54:59 +0000 (14:54 +0200)
committerDmitry Kasatkin <d.kasatkin@samsung.com>
Fri, 24 Jan 2014 12:54:59 +0000 (14:54 +0200)
Always use signature type from signature header - like kernel does.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
src/evmctl.c patch | blob | history
src/libevm.c patch | blob | history
src/libevm.h patch | blob | history

diff --git a/src/evmctl.c b/src/evmctl.c
index 6682012..a36853b 100644 (file)
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1613,7 +1613,6 @@ int main(int argc, char *argv[])
                        params.x509 = 1;
                        sign_hash = sign_hash_v2;
                        params.verify_hash = verify_hash_v2;
-                       params.user_sig_type = 1;
                        break;
                case 'k':
                        params.keyfile = optarg;
diff --git a/src/libevm.c b/src/libevm.c
index 267f7c6..0c41736 100644 (file)
--- a/src/libevm.c
+++ b/src/libevm.c
@@ -460,18 +460,17 @@ int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int sig
 {
        char *key;
 
-       /* Get signature type from sig header if user did not enforce it */
-       if (!params.user_sig_type) {
-               if (sig[0] == DIGSIG_VERSION_1) {
-                       params.verify_hash = verify_hash_v1;
-                       /* Read pubkey from RSA key */
-                       params.x509 = 0;
-               } else if (sig[0] == DIGSIG_VERSION_2) {
-                       params.verify_hash = verify_hash_v2;
-                       /* Read pubkey from x509 cert */
-                       params.x509 = 1;
-               }
-       }
+       /* Get signature type from sig header */
+       if (sig[0] == DIGSIG_VERSION_1) {
+               params.verify_hash = verify_hash_v1;
+               /* Read pubkey from RSA key */
+               params.x509 = 0;
+       } else if (sig[0] == DIGSIG_VERSION_2) {
+               params.verify_hash = verify_hash_v2;
+               /* Read pubkey from x509 cert */
+               params.x509 = 1;
+       } else
+               return -1;
 
        /* Determine what key to use for verification*/
        key = params.keyfile ? : params.x509 ?
diff --git a/src/libevm.h b/src/libevm.h
index 91b4d76..2eee090 100644 (file)
--- a/src/libevm.h
+++ b/src/libevm.h
@@ -129,7 +129,6 @@ struct libevm_params {
        int verbose;
        const char *hash_algo;
        int user_hash_algo;
-       int user_sig_type;
        int x509;
        char *keyfile;
        verify_hash_fn_t verify_hash;
Domain: Security / Uncategorized;