Fix setting correct hash header

'ima_hash -a sha256' and 'sign -a sha256 --imahash' commands did set
incorrect xattr header for hash algos other than sha1.

Fix it.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>

src/evmctl.c

@@ -651,22 +651,33 @@ static int sign_evm(const char *file, const char *key)
 
 static int hash_ima(const char *file)
 {
-	unsigned char hash[65]; /* MAX hash size + 1 */
-	int len, err;
+	unsigned char hash[66]; /* MAX hash size + 2 */
+	int len, err, offset;
+	int algo = get_hash_algo(params.hash_algo);
 
+	if (algo > PKEY_HASH_SHA1) {
+		hash[0] = IMA_XATTR_DIGEST_NG;
+		hash[1] = algo;
+		offset = 2;
+	} else {
 		hash[0] = IMA_XATTR_DIGEST;
-	len = ima_calc_hash(file, hash + 1);
+		offset = 1;
+	}
+
+	len = ima_calc_hash(file, hash + offset);
 	if (len <= 1)
 		return len;
 
+	len += offset;
+
 	if (params.verbose >= LOG_INFO)
 		log_info("hash: ");
 
 	if (sigdump || params.verbose >= LOG_INFO)
-		dump(hash, len + 1);
+		dump(hash, len);
 
 	if (xattr) {
-		err = lsetxattr(file, "security.ima", hash, len + 1, 0);
+		err = lsetxattr(file, "security.ima", hash, len, 0);
 		if (err < 0) {
 			log_err("setxattr failed: %s\n", file);
 			return err;