diff options
author | Tomas Winkler <tomas.winkler@intel.com> | 2018-10-19 21:23:07 +0300 |
---|---|---|
committer | Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> | 2018-11-13 13:46:31 +0200 |
commit | 95adc6b410b7aa895dcf5ed9cb7dc4a20a3d5c5a (patch) | |
tree | 0062d5eafaa2653c41a74382f6f77cb8f4f54334 /security | |
parent | c82e59541a226504a3fe45eb4efca70836548da6 (diff) | |
download | linux-95adc6b410b7aa895dcf5ed9cb7dc4a20a3d5c5a.tar.gz linux-95adc6b410b7aa895dcf5ed9cb7dc4a20a3d5c5a.tar.bz2 linux-95adc6b410b7aa895dcf5ed9cb7dc4a20a3d5c5a.zip |
tpm: use u32 instead of int for PCR index
The TPM specs defines PCR index as a positive number, and there is
no reason to use a signed number. It is also a possible security
issue as currently no functions check for a negative index,
which may become a large number when converted to u32.
Adjust the API to use u32 instead of int in all PCR related
functions.
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/ima/ima_crypto.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index d9e7728027c6..acf2c7df7145 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -643,7 +643,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len, return calc_buffer_shash(buf, len, hash); } -static void __init ima_pcrread(int idx, u8 *pcr) +static void __init ima_pcrread(u32 idx, u8 *pcr) { if (!ima_tpm_chip) return; @@ -659,7 +659,8 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest, struct crypto_shash *tfm) { u8 pcr_i[TPM_DIGEST_SIZE]; - int rc, i; + int rc; + u32 i; SHASH_DESC_ON_STACK(shash, tfm); shash->tfm = tfm; |