On Fri, 2022-07-01 at 23:41 +0100, Jonathan McDowell wrote:
> On Fri, Jul 01, 2022 at 04:13:25PM -0400, Mimi Zohar wrote:
> > Although the violation digest in the IMA measurement list is always
> > zeroes, the size of the digest should be based on the hash algorithm.
> > Until recently the hash algorithm was hard coded to sha1. Fix the
> > violation digest size included in the IMA measurement list.
> >
> > This is just a cosmetic which should not affect attestation.
> >
> > Reported-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
> > Fixes: 09091c44cb73 ("ima: use IMA default hash algorithm for integrity violations")
> > Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> > ---
> > security/integrity/ima/ima_template_lib.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
> > index c877f01a5471..67359845c975 100644
> > --- a/security/integrity/ima/ima_template_lib.c
> > +++ b/security/integrity/ima/ima_template_lib.c
> > @@ -326,7 +326,7 @@ static int ima_eventdigest_init_common(const u8 *digest, u32 digestsize,
> > * Make room for the digest by increasing the offset of
> > * IMA_DIGEST_SIZE.
> > */
> > - offset += IMA_DIGEST_SIZE;
> > + offset += hash_digest_size[hash_algo];
>
> Update the comment as well?
Yes, of course. Thank you for catching it!
Mimi
>
> > return ima_write_template_field_data(buffer, offset + digestsize,
> > fmt, field_data);
> > --
> > 2.27.0
> >
>
> J.
>
