diff options
author | Mimi Zohar <zohar@linux.ibm.com> | 2022-04-14 22:46:39 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2022-05-01 22:38:10 +0200 |
commit | 644664627d21648735adfa733956f94064d3417d (patch) | |
tree | b2a92325bb33c3cbde6e19d78f53b2504e2b9ad1 /security | |
parent | ima: remove the IMA_TEMPLATE Kconfig option (diff) | |
download | linux-644664627d21648735adfa733956f94064d3417d.tar.xz linux-644664627d21648735adfa733956f94064d3417d.zip |
ima: fix 'd-ng' comments and documentation
Initially the 'd-ng' template field did not prefix the digest with either
"md5" or "sha1" hash algorithms. Prior to being upstreamed this changed,
but the comments and documentation were not updated. Fix the comments
and documentation.
Fixes: 4d7aeee73f53 ("ima: define new template ima-ng and template fields d-ng and n-ng")
Reported-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/ima/ima_template_lib.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 7155d17a3b75..e9d65f6fe2ae 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -271,9 +271,11 @@ static int ima_eventdigest_init_common(const u8 *digest, u32 digestsize, /* * digest formats: * - DATA_FMT_DIGEST: digest - * - DATA_FMT_DIGEST_WITH_ALGO: [<hash algo>] + ':' + '\0' + digest, - * where <hash algo> is provided if the hash algorithm is not - * SHA1 or MD5 + * - DATA_FMT_DIGEST_WITH_ALGO: <hash algo> + ':' + '\0' + digest, + * + * where 'DATA_FMT_DIGEST' is the original digest format ('d') + * with a hash size limitation of 20 bytes, + * where <hash algo> is the hash_algo_name[] string. */ u8 buffer[CRYPTO_MAX_ALG_NAME + 2 + IMA_MAX_DIGEST_SIZE] = { 0 }; enum data_formats fmt = DATA_FMT_DIGEST; |