From: Patrick Uiterwijk <patrick@puiterwijk.org>
To: linux-integrity@vger.kernel.org, zohar@linux.ibm.com
Cc: pbrobinson@redhat.com, patrick@puiterwijk.org
Subject: [PATCH ima-evm-utils v2 1/2] Fix sign_hash not observing the hashalgo argument
Date: Mon, 5 Jul 2021 17:49:49 +0200 [thread overview]
Message-ID: <20210705154950.497359-2-patrick@puiterwijk.org> (raw)
In-Reply-To: <20210705154950.497359-1-patrick@puiterwijk.org>
This fixes sign_hash not using the correct algorithm for creating the
signature, by ensuring it uses the passed in variable value.
Fixes: 07e623b60848 ("ima-evm-utils: Convert sign_hash_v2 to EVP_PKEY API").
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
src/libimaevm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 06f1063..2856270 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -913,7 +913,7 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
return -1;
}
- log_info("hash(%s): ", imaevm_params.hash_algo);
+ log_info("hash(%s): ", algo);
log_dump(hash, size);
pkey = read_priv_pkey(keyfile, imaevm_params.keypass);
@@ -939,7 +939,7 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
if (!EVP_PKEY_sign_init(ctx))
goto err;
st = "EVP_get_digestbyname";
- if (!(md = EVP_get_digestbyname(imaevm_params.hash_algo)))
+ if (!(md = EVP_get_digestbyname(algo)))
goto err;
st = "EVP_PKEY_CTX_set_signature_md";
if (!EVP_PKEY_CTX_set_signature_md(ctx, md))
--
2.31.1
next prev parent reply other threads:[~2021-07-05 15:58 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-06 9:43 [PATCH 0/2] ima-evm-utils: Fix use of sign_hash via API Patrick Uiterwijk
2021-01-06 9:43 ` [PATCH 1/2] Fix sign_hash not observing the hashalgo argument Patrick Uiterwijk
2021-01-07 12:24 ` Mimi Zohar
2021-01-07 13:08 ` Vitaly Chikunov
2021-01-07 13:15 ` Vitaly Chikunov
2021-01-07 14:55 ` Mimi Zohar
2021-01-07 15:13 ` Patrick Uiterwijk
2021-01-06 9:43 ` [PATCH 2/2] Add test for using sign_hash API Patrick Uiterwijk
2021-01-07 12:25 ` Mimi Zohar
2021-01-07 12:53 ` Vitaly Chikunov
2021-01-07 15:08 ` Patrick Uiterwijk
2021-07-05 15:49 ` [PATCH ima-evm-utils v2 0/2] Fix use of sign_hash via API Patrick Uiterwijk
2021-07-05 15:49 ` Patrick Uiterwijk [this message]
2021-07-05 15:49 ` [PATCH ima-evm-utils v2 2/2] Add test for using sign_hash API Patrick Uiterwijk
2021-07-06 15:53 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210705154950.497359-2-patrick@puiterwijk.org \
--to=patrick@puiterwijk.org \
--cc=linux-integrity@vger.kernel.org \
--cc=pbrobinson@redhat.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.