| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGrbwDRgQShh==Vb_8QWoByKV-HXAwV_CGyAoAzjRrHU9c2KbQ@mail.gmail.com>
Date: Tue, 27 Jan 2026 09:55:06 +0000
From: Dmitry Safonov <dima@...sta.com>
To: Roberto Sassu <roberto.sassu@...weicloud.com>
Cc: Mimi Zohar <zohar@...ux.ibm.com>, Roberto Sassu <roberto.sassu@...wei.com>,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>, Eric Snowberg <eric.snowberg@...cle.com>,
Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>, Silvia Sisinni <silvia.sisinni@...ito.it>,
Enrico Bravi <enrico.bravi@...ito.it>, linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org,
Dmitry Safonov <0x7f454c46@...il.com>
Subject: Re: [PATCH] ima_fs: Avoid creating measurement lists for unsupported
hash algos
On Tue, Jan 27, 2026 at 9:15 AM Roberto Sassu
<roberto.sassu@...weicloud.com> wrote:
>
> On Tue, 2026-01-27 at 03:05 +0000, Dmitry Safonov via B4 Relay wrote:
> > From: Dmitry Safonov <dima@...sta.com>
> >
> > ima_init_crypto() skips initializing ima_algo_array[i] if the alogorithm
>
> Algorithm.
Thanks.
[..]
> > --- a/security/integrity/ima/ima_fs.c
> > +++ b/security/integrity/ima/ima_fs.c
> > @@ -404,6 +404,9 @@ static int __init create_securityfs_measurement_lists(void)
> > char file_name[NAME_MAX + 1];
> > struct dentry *dentry;
> >
> > + if (algo == HASH_ALGO__LAST)
> > + continue;
> > +
> > sprintf(file_name, "ascii_runtime_measurements_%s",
> > hash_algo_name[algo]);
>
> Thanks, but I think we can also print the unsupported digests, since
> they are there. Since we don't have the algorithm name, we can make
> ours like tpm_<algo hex>.
I'm not quite sure what you mean. `algo` here is HASH_ALGO__LAST as
you see by the check added. As it's initialized by
ima_tpm_chip->allocated_banks[i].crypto_id, I presume it's
HASH_ALGO__LAST there as well (didn't check this assumption though).
Do you mean to print hex value of HASH_ALGO__LAST?
> Once this is fixed, you can try to make SHA3_256 supported. Add the
> TPM_ALG_SHA3_256 definition in tpm.h and the mapping in tpm2-cmd.c
> (array tpm2_hash_map).
Yeah, I thought of doing this, asked the related folks and they said
it might be worth if it's a simple/trivial patch. Will try if time
permits, somewhat busy with bug fixes at this moment. This one is just
a fix for read out-of-bounds for -stable (and I managed to forget to
Cc them! hehe).
Going to send v2 with the typo fix and -stable Cc'ed if that sounds good to you.
>
> Thanks
>
> Roberto
[..]
Thanks,
Dmitry
Powered by blists - more mailing lists