summaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorTomas Winkler2018-10-19 20:23:07 +0200
committerJarkko Sakkinen2018-11-13 12:46:31 +0100
commit95adc6b410b7aa895dcf5ed9cb7dc4a20a3d5c5a (patch)
tree0062d5eafaa2653c41a74382f6f77cb8f4f54334 /security/integrity
parenttpm1: reimplement tpm1_continue_selftest() using tpm_buf (diff)
downloadkernel-qcow2-linux-95adc6b410b7aa895dcf5ed9cb7dc4a20a3d5c5a.tar.gz
kernel-qcow2-linux-95adc6b410b7aa895dcf5ed9cb7dc4a20a3d5c5a.tar.xz
kernel-qcow2-linux-95adc6b410b7aa895dcf5ed9cb7dc4a20a3d5c5a.zip
tpm: use u32 instead of int for PCR index
The TPM specs defines PCR index as a positive number, and there is no reason to use a signed number. It is also a possible security issue as currently no functions check for a negative index, which may become a large number when converted to u32. Adjust the API to use u32 instead of int in all PCR related functions. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/ima/ima_crypto.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index d9e7728027c6..acf2c7df7145 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -643,7 +643,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len,
return calc_buffer_shash(buf, len, hash);
}
-static void __init ima_pcrread(int idx, u8 *pcr)
+static void __init ima_pcrread(u32 idx, u8 *pcr)
{
if (!ima_tpm_chip)
return;
@@ -659,7 +659,8 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest,
struct crypto_shash *tfm)
{
u8 pcr_i[TPM_DIGEST_SIZE];
- int rc, i;
+ int rc;
+ u32 i;
SHASH_DESC_ON_STACK(shash, tfm);
shash->tfm = tfm;