On Tue, 2018-04-17 at 15:56 -0700, Matthew Garrett wrote:
> @@ -1033,7 +1041,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> goto out;
> }
>
> - err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL);
> + md = EVP_get_digestbyname(params.hash_algo);
HMAC is still limited to sha1.
> + if (!md) {
> + log_err("EVP_get_digestbyname() failed\n");
> + goto out;
> + }
> +
> + err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL);
> if (err) {
> log_err("HMAC_Init() failed\n");
> goto out;
