On Wed, 2023-11-22 at 08:37 -0500, Stefan Berger wrote: > > On 11/19/23 11:50, Mimi Zohar wrote: > > Instead of relying on the "imaevm_params.algo" global variable, which > > is not concurrency-safe, define and use a local variable. > > > > Update static verify_hash_v2(), verify_hash_v3(), and verify_hash_common() > > function definitions to include a hash algorithm argument. > > > > Similarly update ima_verify_signature2() and ima_calc_hash2() to define > > and use a local hash algorithm variable. > > > > Signed-off-by: Mimi Zohar <[email protected]> > > --- > > src/libimaevm.c | 40 ++++++++++++++++++++++++---------------- > > 1 file changed, 24 insertions(+), 16 deletions(-) > > > > diff --git a/src/libimaevm.c b/src/libimaevm.c > > index 4c9da7a2f06b..18b6a6f27237 100644 > > --- a/src/libimaevm.c > > +++ b/src/libimaevm.c > > @@ -488,6 +488,7 @@ void init_public_keys(const char *keyfiles) > > * (Note: signature_v2_hdr struct does not contain the 'type'.) > > */ > > static int verify_hash_common(void *public_keys, const char *file, > > + const char *hash_algo, > > const unsigned char *hash, > > int size, unsigned char *sig, int siglen) > > { > > @@ -499,7 +500,7 @@ static int verify_hash_common(void *public_keys, const > > char *file, > > const char *st; > > > > if (imaevm_params.verbose > LOG_INFO) { > > - log_info("hash(%s): ", imaevm_params.hash_algo); > > + log_info("hash(%s): ", hash_algo); > > log_dump(hash, size); > > } > > > > @@ -530,7 +531,7 @@ static int verify_hash_common(void *public_keys, const > > char *file, > > if (!EVP_PKEY_verify_init(ctx)) > > goto err; > > st = "EVP_get_digestbyname"; > > - if (!(md = EVP_get_digestbyname(imaevm_params.hash_algo))) > > + if (!(md = EVP_get_digestbyname(hash_algo))) > > goto err; > > st = "EVP_PKEY_CTX_set_signature_md"; > > if (!EVP_PKEY_CTX_set_signature_md(ctx, md)) > > @@ -566,11 +567,12 @@ err: > > * Return: 0 verification good, 1 verification bad, -1 error. > > */ > > static int verify_hash_v2(void *public_keys, const char *file, > > + const char *hash_algo, > > const unsigned char *hash, > > int size, unsigned char *sig, int siglen) > > { > > /* note: signature_v2_hdr does not contain 'type', use sig + 1 */ > > - return verify_hash_common(public_keys, file, hash, size, > > + return verify_hash_common(public_keys, file, hash_algo, hash, size, > > sig + 1, siglen - 1); > > } > > > > @@ -581,19 +583,20 @@ static int verify_hash_v2(void *public_keys, const > > char *file, > > * Return: 0 verification good, 1 verification bad, -1 error. > > */ > > static int verify_hash_v3(void *public_keys, const char *file, > > + const char *hash_algo, > > const unsigned char *hash, > > int size, unsigned char *sig, int siglen) > > { > > unsigned char sigv3_hash[MAX_DIGEST_SIZE]; > > int ret; > > > > - ret = calc_hash_sigv3(sig[0], NULL, hash, sigv3_hash); > > + ret = calc_hash_sigv3(sig[0], hash_algo, hash, sigv3_hash); > > if (ret < 0) > > return ret; > > > > /* note: signature_v2_hdr does not contain 'type', use sig + 1 */ > > - return verify_hash_common(public_keys, file, sigv3_hash, size, > > - sig + 1, siglen - 1); > > + return verify_hash_common(public_keys, file, hash_algo, sigv3_hash, > > + size, sig + 1, siglen - 1); > > } > > > > #define HASH_MAX_DIGESTSIZE 64 /* kernel HASH_MAX_DIGESTSIZE is 64 > > bytes */ > > @@ -636,8 +639,10 @@ int calc_hash_sigv3(enum evm_ima_xattr_type type, > > const char *algo, > > return -EINVAL; > > } > > > > - if (!algo) > > - algo = imaevm_params.hash_algo; > > + if (!algo) { > > + log_err("Hash algorithm unspecified\n"); > > + return -EINVAL; > > + } > > > > if ((hash_algo = imaevm_get_hash_algo(algo)) < 0) { > > log_err("Hash algorithm %s not supported\n", algo); > > @@ -757,10 +762,10 @@ int verify_hash2(void *public_keys, const char *file, > > const char *hash_algo, > > return -1; > > #endif > > } else if (sig[1] == DIGSIG_VERSION_2) { > > - return verify_hash_v2(public_keys, file, hash, size, > > + return verify_hash_v2(public_keys, file, hash_algo, hash, size, > > sig, siglen); > > } else if (sig[1] == DIGSIG_VERSION_3) { > > - return verify_hash_v3(public_keys, file, hash, size, > > + return verify_hash_v3(public_keys, file, hash_algo, hash, size, > > sig, siglen); > > } else > > return -1; > > @@ -774,7 +779,8 @@ int verify_hash2(void *public_keys, const char *file, > > const char *hash_algo, > > int verify_hash(const char *file, const unsigned char *hash, int size, > > unsigned char *sig, int siglen) > > { > > - return verify_hash2(g_public_keys, file, NULL, hash, size, sig, siglen); > > + return verify_hash2(g_public_keys, file, imaevm_params.hash_algo, > > + hash, size, sig, siglen); > > Now you are passing valid parameters into verify_hash2(). Would it not > be possible to drop 4/12?
Just as we can't modify the library verify_hash() definition, I don't think we should be modifying the verify_hash2() defintion either. 04/12 defines and exports the final verify_hash2() definition. -- thanks, Mimi
