Re: [ima-evm-utils PATCH 08/12] Define library ima_calc_hash2() function with a hash algorithm parameter

Stefan Berger <stefanb@xxxxxxxxxxxxx> · Wed, 22 Nov 2023 08:26:39 -0500

On 11/19/23 11:50, Mimi Zohar wrote:
Instead of relying on the "imaevm_params.algo" global variable, which
is not concurrency-safe, define a new library ima_calc_hash2() function
with the hash algorithm as a parameter.

To avoid library incompatablity, make the existing ima_calc_hash()

-> incompatibility

function a wrapper for ima_calc_hash2().

Deprecate ima_calc_hash().

Same comment about possible __attribute__((deprecated)).


Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
  src/imaevm.h    |  1 +
  src/libimaevm.c | 12 ++++++++----
  2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/imaevm.h b/src/imaevm.h
index 1ed2c81d510d..81acd8df41cb 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -237,6 +237,7 @@ extern struct libimaevm_params imaevm_params;
  void imaevm_do_hexdump(FILE *fp, const void *ptr, int len, bool cr);
  void imaevm_hexdump(const void *ptr, int len);
  int ima_calc_hash(const char *file, uint8_t *hash);
+int ima_calc_hash2(const char *file, const char *hash_algo, uint8_t *hash);
  int imaevm_get_hash_algo(const char *algo);
  RSA *read_pub_key(const char *keyfile, int x509);
  EVP_PKEY *read_pub_pkey(const char *keyfile, int x509);
diff --git a/src/libimaevm.c b/src/libimaevm.c
index e64d167a2a8a..4c9da7a2f06b 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -181,7 +181,7 @@ out:
  	return err;
  }
  
-int ima_calc_hash(const char *file, uint8_t *hash)
+int ima_calc_hash2(const char *file, const char *hash_algo, uint8_t *hash)
  {
  	const EVP_MD *md;
  	struct stat st;
@@ -202,10 +202,9 @@ int ima_calc_hash(const char *file, uint8_t *hash)
  		goto err;
  	}
  
-	md = EVP_get_digestbyname(imaevm_params.hash_algo);
+	md = EVP_get_digestbyname(hash_algo);
  	if (!md) {
-		log_err("EVP_get_digestbyname(%s) failed\n",
-			imaevm_params.hash_algo);
+		log_err("EVP_get_digestbyname(%s) failed\n", hash_algo);
  		err = 1;
  		goto err;
  	}
@@ -246,6 +245,11 @@ err:
  	return err;
  }
  
+int ima_calc_hash(const char *file, uint8_t *hash)
+{
+	return ima_calc_hash2(file, imaevm_params.hash_algo, hash);
+}
+
  EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
  {
  	FILE *fp;

Rest looks good to me.

Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>







