[PATCH v3 2/4] integrity: Check that algo parameter is within valid range

Thu Apr 16 15:40:37 UTC 2026

Check that the algo parameter passed to calc_file_id_hash is within valid
range. Do this in asymmetric_verify_v3 since this value will also be passed
to a hashless signature verification function from here.

Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
---
 security/integrity/digsig_asymmetric.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index a791ad43b3fb..ed171a627d18 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -139,7 +139,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
 /*
  * calc_file_id_hash - calculate the hash of the ima_file_id struct data
  * @type: xattr type [enum evm_ima_xattr_type]
- * @algo: hash algorithm [enum hash_algo]
+ * @algo: hash algorithm [enum hash_algo]; caller must ensure valid value
  * @digest: pointer to the digest to be hashed
  * @hash: (out) pointer to the hash
  *
@@ -187,6 +187,9 @@ int asymmetric_verify_v3(struct key *keyring, const char *sig, int siglen,
 	struct ima_max_digest_data hash;
 	int rc;
 
+	if (algo >= HASH_ALGO__LAST)
+		return -ENOPKG;
+
 	rc = calc_file_id_hash(hdr->type, algo, data, &hash);
 	if (rc)
 		return -EINVAL;
-- 
2.53.0


