On Fri, Jul 01, 2022 at 04:13:25PM -0400, Mimi Zohar wrote:
> Although the violation digest in the IMA measurement list is always
> zeroes, the size of the digest should be based on the hash algorithm.
> Until recently the hash algorithm was hard coded to sha1. Fix the
> violation digest size included in the IMA measurement list.
>
> This is just a cosmetic which should not affect attestation.
>
> Reported-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
> Fixes: 09091c44cb73 ("ima: use IMA default hash algorithm for integrity violations")
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> ---
> security/integrity/ima/ima_template_lib.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
> index c877f01a5471..67359845c975 100644
> --- a/security/integrity/ima/ima_template_lib.c
> +++ b/security/integrity/ima/ima_template_lib.c
> @@ -326,7 +326,7 @@ static int ima_eventdigest_init_common(const u8 *digest, u32 digestsize,
> * Make room for the digest by increasing the offset of
> * IMA_DIGEST_SIZE.
> */
> - offset += IMA_DIGEST_SIZE;
> + offset += hash_digest_size[hash_algo];
Update the comment as well?
> return ima_write_template_field_data(buffer, offset + digestsize,
> fmt, field_data);
> --
> 2.27.0
>
J.
--
This isn't an office. It's Hell with fluorescent lighting.
