Make SHA-256 the default hash algorithm

One of the requests from the Crypto team in RHEL-9 was to drop the support for SHA1 as a strong algorithm. For ima-evm-utils it's not quite possible, since it's somewhat dependent on the underlying hardware (TPM version). However, SHA1 was still being used as the default hash algorithm, with that, make SHA256 the default instead. Also, this patch substitutes the patch to solve the memory leak added in the last release to the one accepted in upstream. Related: rhbz#1934949 Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
2021-08-20 11:02:19 -03:00 · 2021-08-20 11:02:19 -03:00 · 360f5af681
commit 360f5af681
parent 3123d8e5ae
3 changed files with 11 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,4 @@
 /ima-evm-utils-*.tar.gz
 /0001-evmctl-fix-memory-leak-with-password-variable.patch
+/0001-evmctl-fix-memory-leak-in-get_password.patch
+/0001-libimaevm-make-SHA-256-the-default-hash-algorithm.patch
--- a/ima-evm-utils.spec
+++ b/ima-evm-utils.spec
@ -1,11 +1,12 @@
 Name:    ima-evm-utils
 Version: 1.3.2
-Release: 6%{?dist}
+Release: 7%{?dist}
 Summary: IMA/EVM support utilities
 License: GPLv2
 Url:     http://linux-ima.sourceforge.net/
 Source:  http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz
-Patch0:  0001-evmctl-fix-memory-leak-with-password-variable.patch
+Patch0:  0001-evmctl-fix-memory-leak-in-get_password.patch
+Patch1:  0001-libimaevm-make-SHA-256-the-default-hash-algorithm.patch

 BuildRequires: asciidoc
 BuildRequires: autoconf
@ -62,6 +63,10 @@ find %{buildroot}%{_libdir} -type f -name "*.la" -print -delete
 %{_libdir}/libimaevm.so

 %changelog
+* Fri Aug 20 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-9
+- Use upstream accepted patch for the memory leak
+- Make SHA-256 the default hash algorithm (rhbz#1934949)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.2-6
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
--- a/3
+++ b/3
@ -1,2 +1,3 @@
-SHA512 (0001-evmctl-fix-memory-leak-with-password-variable.patch) = 138e4a1152ae493ebb1566a9a2fbde69f67aea1a16c99c32e3ea258c35af4897d5023f622372c87315e129e2748d86c570252ef07a2667c3018118d217d04ae2
 SHA512 (ima-evm-utils-1.3.2.tar.gz) = af96935f953fbec8cdd40ba1a24001fae916633df03f9dee1e96775baec0ffea21a7a13798b3e3c3f375fd493a65fe65b5357887890b46cac0c4dcca5a5b79db
+SHA512 (0001-evmctl-fix-memory-leak-in-get_password.patch) = 2c3189571a19b5a1f3334934bcd318403ca766464e2e8c60387da54c0854a27646d5bc156ae9b22c795aa57f833e183697f3208c6c792e4de5e3a6fd4d8fe102
+SHA512 (0001-libimaevm-make-SHA-256-the-default-hash-algorithm.patch) = 271a9bdf8b6841afc03cae9ae5caf262c048cffdc9d3ab2388035eb3c67e4115dd9178aa211b0d0a4796b9d3bd9e08bc851db663d99dec3b7eb0897114f6c7ac