| Message ID | 20231119165043.46960-9-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Address non concurrency-safe libimaevm global variables | expand |
On 11/19/23 11:50, Mimi Zohar wrote: > Instead of relying on the "imaevm_params.algo" global variable, which > is not concurrency-safe, define a new library ima_calc_hash2() function > with the hash algorithm as a parameter. > > To avoid library incompatablity, make the existing ima_calc_hash() -> incompatibility > function a wrapper for ima_calc_hash2(). > > Deprecate ima_calc_hash(). Same comment about possible __attribute__((deprecated)). > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > --- > src/imaevm.h | 1 + > src/libimaevm.c | 12 ++++++++---- > 2 files changed, 9 insertions(+), 4 deletions(-) > > diff --git a/src/imaevm.h b/src/imaevm.h > index 1ed2c81d510d..81acd8df41cb 100644 > --- a/src/imaevm.h > +++ b/src/imaevm.h > @@ -237,6 +237,7 @@ extern struct libimaevm_params imaevm_params; > void imaevm_do_hexdump(FILE *fp, const void *ptr, int len, bool cr); > void imaevm_hexdump(const void *ptr, int len); > int ima_calc_hash(const char *file, uint8_t *hash); > +int ima_calc_hash2(const char *file, const char *hash_algo, uint8_t *hash); > int imaevm_get_hash_algo(const char *algo); > RSA *read_pub_key(const char *keyfile, int x509); > EVP_PKEY *read_pub_pkey(const char *keyfile, int x509); > diff --git a/src/libimaevm.c b/src/libimaevm.c > index e64d167a2a8a..4c9da7a2f06b 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > @@ -181,7 +181,7 @@ out: > return err; > } > > -int ima_calc_hash(const char *file, uint8_t *hash) > +int ima_calc_hash2(const char *file, const char *hash_algo, uint8_t *hash) > { > const EVP_MD *md; > struct stat st; > @@ -202,10 +202,9 @@ int ima_calc_hash(const char *file, uint8_t *hash) > goto err; > } > > - md = EVP_get_digestbyname(imaevm_params.hash_algo); > + md = EVP_get_digestbyname(hash_algo); > if (!md) { > - log_err("EVP_get_digestbyname(%s) failed\n", > - imaevm_params.hash_algo); > + log_err("EVP_get_digestbyname(%s) failed\n", hash_algo); > err = 1; > goto err; > } > @@ -246,6 +245,11 @@ err: > return err; > } > > +int ima_calc_hash(const char *file, uint8_t *hash) > +{ > + return ima_calc_hash2(file, imaevm_params.hash_algo, hash); > +} > + > EVP_PKEY *read_pub_pkey(const char *keyfile, int x509) > { > FILE *fp; Rest looks good to me. Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
diff --git a/src/imaevm.h b/src/imaevm.h index 1ed2c81d510d..81acd8df41cb 100644 --- a/src/imaevm.h +++ b/src/imaevm.h @@ -237,6 +237,7 @@ extern struct libimaevm_params imaevm_params; void imaevm_do_hexdump(FILE *fp, const void *ptr, int len, bool cr); void imaevm_hexdump(const void *ptr, int len); int ima_calc_hash(const char *file, uint8_t *hash); +int ima_calc_hash2(const char *file, const char *hash_algo, uint8_t *hash); int imaevm_get_hash_algo(const char *algo); RSA *read_pub_key(const char *keyfile, int x509); EVP_PKEY *read_pub_pkey(const char *keyfile, int x509); diff --git a/src/libimaevm.c b/src/libimaevm.c index e64d167a2a8a..4c9da7a2f06b 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -181,7 +181,7 @@ out: return err; } -int ima_calc_hash(const char *file, uint8_t *hash) +int ima_calc_hash2(const char *file, const char *hash_algo, uint8_t *hash) { const EVP_MD *md; struct stat st; @@ -202,10 +202,9 @@ int ima_calc_hash(const char *file, uint8_t *hash) goto err; } - md = EVP_get_digestbyname(imaevm_params.hash_algo); + md = EVP_get_digestbyname(hash_algo); if (!md) { - log_err("EVP_get_digestbyname(%s) failed\n", - imaevm_params.hash_algo); + log_err("EVP_get_digestbyname(%s) failed\n", hash_algo); err = 1; goto err; } @@ -246,6 +245,11 @@ err: return err; } +int ima_calc_hash(const char *file, uint8_t *hash) +{ + return ima_calc_hash2(file, imaevm_params.hash_algo, hash); +} + EVP_PKEY *read_pub_pkey(const char *keyfile, int x509) { FILE *fp;
Instead of relying on the "imaevm_params.algo" global variable, which is not concurrency-safe, define a new library ima_calc_hash2() function with the hash algorithm as a parameter. To avoid library incompatablity, make the existing ima_calc_hash() function a wrapper for ima_calc_hash2(). Deprecate ima_calc_hash(). Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- src/imaevm.h | 1 + src/libimaevm.c | 12 ++++++++---- 2 files changed, 9 insertions(+), 4 deletions(-)