Instead of relying on the "imaevm_params.algo" global variable, which
is not concurrency-safe, define a new library ima_calc_hash2() function
with the hash algorithm as a parameter.
To avoid library incompatablity, make the existing ima_calc_hash()
function a wrapper for ima_calc_hash2().
Deprecate ima_calc_hash().
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
src/imaevm.h | 1 +
src/libimaevm.c | 12 ++++++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/imaevm.h b/src/imaevm.h
index 1ed2c81d510d..81acd8df41cb 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -237,6 +237,7 @@ extern struct libimaevm_params imaevm_params;
void imaevm_do_hexdump(FILE *fp, const void *ptr, int len, bool cr);
void imaevm_hexdump(const void *ptr, int len);
int ima_calc_hash(const char *file, uint8_t *hash);
+int ima_calc_hash2(const char *file, const char *hash_algo, uint8_t *hash);
int imaevm_get_hash_algo(const char *algo);
RSA *read_pub_key(const char *keyfile, int x509);
EVP_PKEY *read_pub_pkey(const char *keyfile, int x509);
diff --git a/src/libimaevm.c b/src/libimaevm.c
index e64d167a2a8a..4c9da7a2f06b 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -181,7 +181,7 @@ out:
return err;
}
-int ima_calc_hash(const char *file, uint8_t *hash)
+int ima_calc_hash2(const char *file, const char *hash_algo, uint8_t *hash)
{
const EVP_MD *md;
struct stat st;
@@ -202,10 +202,9 @@ int ima_calc_hash(const char *file, uint8_t *hash)
goto err;
}
- md = EVP_get_digestbyname(imaevm_params.hash_algo);
+ md = EVP_get_digestbyname(hash_algo);
if (!md) {
- log_err("EVP_get_digestbyname(%s) failed\n",
- imaevm_params.hash_algo);
+ log_err("EVP_get_digestbyname(%s) failed\n", hash_algo);
err = 1;
goto err;
}
@@ -246,6 +245,11 @@ err:
return err;
}
+int ima_calc_hash(const char *file, uint8_t *hash)
+{
+ return ima_calc_hash2(file, imaevm_params.hash_algo, hash);
+}
+
EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
{
FILE *fp;
--
2.39.3
