Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> writes: > [Cc'ing Thiago Bauermann] > > On Fri, 2018-04-20 at 13:34 -0700, Matthew Garrett wrote: >> SHA1 is reasonable in HMAC constructs, but it's desirable to be able to >> use stronger hashes in digital signatures. Modify the EVM crypto code so >> the hash type is imported from the digital signature and passed down to >> the hash calculation code, and return the digest size to higher layers >> for validation. > > Currently the code passes just the digest field of the > evm_ima_xattr_data structure to evm_calc_hmac() and evm_calc_hash(). > Instead of passing three fields - hash algorithm, digest size, and > digest - pass a structure. Consider using the existing > ima_digest_data structure. > > My only concern is that Thiago is working in this area of the code. > Thiago, any comments? Thanks for your concern. This is not a problem for me. It will be simple to rebase on top of this patch when I post my patches. -- Thiago Jung Bauermann IBM Linux Technology Center
