On 8/13/20 10:42 AM, Stephen Smalley wrote:
Can we make the algorithm selectable via kernel parameter and/or writing to a new selinuxfs node?diff --git a/security/selinux/measure.c b/security/selinux/measure.c new file mode 100644 index 000000000000..f21b7de4e2ae --- /dev/null +++ b/security/selinux/measure.c @@ -0,0 +1,204 @@ +static int selinux_hash_buffer(void *buf, size_t buf_len, + void **buf_hash, int *buf_hash_len) +{ + struct crypto_shash *tfm; + struct shash_desc *desc = NULL; + void *digest = NULL; + int desc_size; + int digest_size; + int ret = 0; + + tfm = crypto_alloc_shash("sha256", 0, 0); + if (IS_ERR(tfm)) + return PTR_ERR(tfm);
I can add a kernel parameter to select this hash algorithm. -lakshmi
