1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
From: Marc Kleine-Budde <mkl@pengutronix.de>
Date: Sat, 26 Mar 2016 22:58:07 +0100
Subject: [PATCH] evmctl, libimaevm: use EVP_MAX_MD_SIZE for hash size instead
of open coding it
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
---
src/evmctl.c | 10 +++++-----
src/libimaevm.c | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index de53be37b69b..b0f3b6362528 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -495,7 +495,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
static int sign_evm(const char *file, const char *key)
{
- unsigned char hash[20];
+ unsigned char hash[EVP_MAX_MD_SIZE];
unsigned char sig[1024];
int len, err;
@@ -533,7 +533,7 @@ static int sign_evm(const char *file, const char *key)
static int hash_ima(const char *file)
{
- unsigned char hash[66]; /* MAX hash size + 2 */
+ unsigned char hash[EVP_MAX_MD_SIZE + 2]; /* MAX hash size + 2 */
int len, err, offset;
int algo = get_hash_algo(params.hash_algo);
@@ -571,7 +571,7 @@ static int hash_ima(const char *file)
static int sign_ima(const char *file, const char *key)
{
- unsigned char hash[64];
+ unsigned char hash[EVP_MAX_MD_SIZE];
unsigned char sig[1024];
int len, err;
@@ -751,7 +751,7 @@ static int cmd_sign_evm(struct command *cmd)
static int verify_evm(const char *file)
{
- unsigned char hash[20];
+ unsigned char hash[EVP_MAX_MD_SIZE];
unsigned char sig[1024];
int len;
@@ -1119,7 +1119,7 @@ out:
static int hmac_evm(const char *file, const char *key)
{
- unsigned char hash[20];
+ unsigned char hash[EVP_MAX_MD_SIZE];
unsigned char sig[1024];
int len, err;
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 6fa0ed4a1c74..8fc23be08bd7 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -590,7 +590,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
unsigned char *digest, int digestlen)
{
- unsigned char hash[64];
+ unsigned char hash[EVP_MAX_MD_SIZE];
int hashlen, sig_hash_algo;
if (sig[0] != 0x03) {
|