[PATCH] ima: check return value of crypto_shash_final() in boot aggregate

[Roberto Sassu]

On Sat, 2026-01-31 at 18:40 -0800, Daniel Hodges wrote:
> The return value of crypto_shash_final() is not checked in
> ima_calc_boot_aggregate_tfm(). If the hash finalization fails, the
> function returns success and a corrupted boot aggregate digest could
> be used for IMA measurements.
> 
> Capture the return value and propagate any error to the caller.
> 
> Fixes: 76bb28f6126f ("ima: use new crypto_shash API instead of old crypto_hash")
> Signed-off-by: Daniel Hodges <hodgesd at meta.com>

Reviewed-by: Roberto Sassu <roberto.sassu at huawei.com>

Thanks

Roberto

> ---
>  security/integrity/ima/ima_crypto.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
> index 6f5696d999d0..8ae7821a65c2 100644
> --- a/security/integrity/ima/ima_crypto.c
> +++ b/security/integrity/ima/ima_crypto.c
> @@ -825,21 +825,21 @@ static int ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id,
>  	 * non-SHA1 boot_aggregate digests to avoid ambiguity.
>  	 */
>  	if (alg_id != TPM_ALG_SHA1) {
>  		for (i = TPM_PCR8; i < TPM_PCR10; i++) {
>  			ima_pcrread(i, &d);
>  			rc = crypto_shash_update(shash, d.digest,
>  						crypto_shash_digestsize(tfm));
>  		}
>  	}
>  	if (!rc)
> -		crypto_shash_final(shash, digest);
> +		rc = crypto_shash_final(shash, digest);
>  	return rc;
>  }
>  
>  int ima_calc_boot_aggregate(struct ima_digest_data *hash)
>  {
>  	struct crypto_shash *tfm;
>  	u16 crypto_id, alg_id;
>  	int rc, i, bank_idx = -1;
>  
>  	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {