Fix hash array size in verify_ima()

Now evmctl supports different hash algorithms and sha512 will produce
64 byte digest. verify_ima() still allocates only 20bytes to store hash.
This does not work with larger hashes.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>

diff --git a/src/evmctl.c b/src/evmctl.c
index d0f75ac..eda468b 100644 (file)
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1213,13 +1213,13 @@ static int cmd_verify_evm(struct command *cmd)
 
 static int verify_ima(const char *file, const char *key)
 {
-       unsigned char hash[20];
+       unsigned char hash[64];
        unsigned char sig[1024];
-       int len;
+       int len, hashlen;
 
-       len = calc_hash(file, hash);
-       if (len <= 1)
-               return len;
+       hashlen = calc_hash(file, hash);
+       if (hashlen <= 1)
+               return hashlen;
 
        if (xattr) {
                len = getxattr(file, "security.ima", sig, sizeof(sig));
@@ -1242,7 +1242,7 @@ static int verify_ima(const char *file, const char *key)
                return -1;
        }
 
-       return verify_hash(hash, sizeof(hash), sig + 1, len - 1, key);
+       return verify_hash(hash, hashlen, sig + 1, len - 1, key);
 }
 
 static int cmd_verify_ima(struct command *cmd)