mbox series

[ima-evm-utils,v2,0/2] Fix use of sign_hash via API

Message ID 20210705154950.497359-1-patrick@puiterwijk.org (mailing list archive)
Headers show
Series Fix use of sign_hash via API | expand

Message

Patrick Uiterwijk July 5, 2021, 3:49 p.m. UTC
When using sign_hash, the resulting signature is incorrect if any hash
algorithm other than sha1 is used.
This is because while the sign_hash function has a hashalgo argument,
the sign_hash_v2 function does not actually use this argument for
anything except setting the hash_algo value in the header.
This patch makes sure it uses the algo variable consistently.

Changes since v1:
  - Using sys/xattr.h
  - Removed copyright line for sign_ima

Patrick Uiterwijk (2):
  Fix sign_hash not observing the hashalgo argument
  Add test for using sign_hash API

 src/evmctl.c                | 23 ----------------
 src/libimaevm.c             |  4 +--
 src/utils.c                 | 20 ++++++++++++++
 src/utils.h                 |  1 +
 tests/.gitignore            |  2 ++
 tests/Makefile.am           |  5 ++++
 tests/sign_verify.apitest.c | 55 +++++++++++++++++++++++++++++++++++++
 tests/sign_verify.test      | 30 ++++++++++++++++----
 8 files changed, 109 insertions(+), 31 deletions(-)
 create mode 100644 tests/sign_verify.apitest.c