Use enum type instead of hard-coded numbers to improve code readability.
Signed-off-by: Tianjia Zhang <[email protected]>
---
src/libimaevm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index a9419ee..8f2ebcf 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -579,7 +579,7 @@ static int get_hash_algo_from_sig(unsigned char *sig)
{
uint8_t hashalgo;
- if (sig[0] == 1) {
+ if (sig[0] == DIGSIG_VERSION_1) {
hashalgo = ((struct signature_hdr *)sig)->hash;
if (hashalgo >= DIGEST_ALGO_MAX)
@@ -593,7 +593,7 @@ static int get_hash_algo_from_sig(unsigned char *sig)
default:
return -1;
}
- } else if (sig[0] == 2) {
+ } else if (sig[0] == DIGSIG_VERSION_2) {
hashalgo = ((struct signature_v2_hdr *)sig)->hash_algo;
if (hashalgo >= PKEY_HASH__LAST)
return -1;
@@ -625,7 +625,7 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
unsigned char hash[MAX_DIGEST_SIZE];
int hashlen, sig_hash_algo;
- if (sig[0] != 0x03) {
+ if (sig[0] != EVM_IMA_XATTR_DIGSIG) {
log_err("xattr ima has no signature\n");
return -1;
}
--
2.17.1
On Tue, 2020-07-07 at 11:35 +0800, Tianjia Zhang wrote:
> @@ -625,7 +625,7 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
> unsigned char hash[MAX_DIGEST_SIZE];
> int hashlen, sig_hash_algo;
>
> - if (sig[0] != 0x03) {
> + if (sig[0] != EVM_IMA_XATTR_DIGSIG) {
> log_err("xattr ima has no signature\n");
> return -1;
> }
This last hunk didn't apply properly. The error message now includes
the filename. I've fixed this patch. In the future, please post
patches against the next-testing branch.
thanks,
Mimi