On Mon, 2019-07-29 at 09:18 +0300, Vitaly Chikunov wrote: > Previously for EVM verify you should specify `--hashalgo' option while > for IMA ima_verify you didn't. > > Allow EVM verify to determine hash algo from signature. Vitaly, EVM signatures were originally included with an image, but on first use were replaced with an EVM hmac. Only once the EVM portable and immutable signature support was upstreamed, which is relatively recently, there was a need to support other hash algorithms. Thank you for taking the time to really clean up ima-evm-utils. It's needed some attention for a while now. > Also, this makes two previously static functions to become exportable > and renamed: > > get_hash_algo_from_sig -> imaevm_hash_algo_from_sig > get_hash_algo_by_id -> imaevm_hash_algo_by_id > > This is needed because EVM hash is calculated (in calc_evm_hash) outside > of library. > > imaevm_hash_algo_by_id() will now return NULL if algo is not found. > > Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx> Thanks! Mimi
