From: Bruno Meneguele <bmeneg@redhat.com>
To: zohar@linux.ibm.com, Simon.THOBY@viveris.fr, kgold@linux.ibm.com
Cc: linux-integrity@vger.kernel.org, Bruno Meneguele <bmeneg@redhat.com>
Subject: [PATCH v4 ima-evm-utils 2/2] make SHA-256 the default hash algorithm
Date: Fri, 20 Aug 2021 20:00:01 -0300 [thread overview]
Message-ID: <20210820230001.102249-3-bmeneg@redhat.com> (raw)
In-Reply-To: <20210820230001.102249-1-bmeneg@redhat.com>
The SHA-1 algorithm is considered a weak hash algorithm and there has been
some movement within certain distros to drop its support completely or at
least drop it from the default behavior. ima-evm-utils uses it as the
default algorithm in case the user doesn't explicitly ask for another
through the --with-default-hash configuration time option or --hashalgo/-a
runtime option. With that, make SHA-256 the default hash algorithm instead.
Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
---
m4/default-hash-algo.m4 | 2 +-
src/imaevm.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/m4/default-hash-algo.m4 b/m4/default-hash-algo.m4
index a0b98e645fb1..f23bbf7ab3f8 100644
--- a/m4/default-hash-algo.m4
+++ b/m4/default-hash-algo.m4
@@ -7,7 +7,7 @@ AC_DEFUN([AX_DEFAULT_HASH_ALGO], [
AC_ARG_WITH([default_hash],
AS_HELP_STRING([--with-default-hash=ALGORITHM], [specifies the default hash algorithm to be used]),
[HASH_ALGO=$withval],
- [HASH_ALGO=sha1])
+ [HASH_ALGO=sha256])
AC_CHECK_FILE([$CRYPTO_FILE],
[HAVE_CRYPTO_FILE=yes],
diff --git a/src/imaevm.h b/src/imaevm.h
index cc3dfd2e9163..ba7b23907669 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -75,7 +75,7 @@
#define log_errno(fmt, args...) do_log(LOG_ERR, fmt ": errno: %s (%d)\n", ##args, strerror(errno), errno)
#ifndef DEFAULT_HASH_ALGO
-#define DEFAULT_HASH_ALGO "sha1"
+#define DEFAULT_HASH_ALGO "sha256"
#endif
#define DATA_SIZE 4096
--
2.31.1
prev parent reply other threads:[~2021-08-20 23:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-20 22:59 [PATCH v4 ima-evm-utils 0/2] make default hash algorithm dynamic Bruno Meneguele
2021-08-20 23:00 ` [PATCH v4 ima-evm-utils 1/2] set default hash algorithm in configuration time Bruno Meneguele
2021-08-25 21:43 ` Mimi Zohar
2021-08-26 13:35 ` Bruno Meneguele
2021-08-20 23:00 ` Bruno Meneguele [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210820230001.102249-3-bmeneg@redhat.com \
--to=bmeneg@redhat.com \
--cc=Simon.THOBY@viveris.fr \
--cc=kgold@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.