From 95adc6b410b7aa895dcf5ed9cb7dc4a20a3d5c5a Mon Sep 17 00:00:00 2001 From: Tomas Winkler Date: Fri, 19 Oct 2018 21:23:07 +0300 Subject: tpm: use u32 instead of int for PCR index The TPM specs defines PCR index as a positive number, and there is no reason to use a signed number. It is also a possible security issue as currently no functions check for a negative index, which may become a large number when converted to u32. Adjust the API to use u32 instead of int in all PCR related functions. Signed-off-by: Tomas Winkler Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- security/integrity/ima/ima_crypto.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'security/integrity/ima/ima_crypto.c') diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index d9e7728027c6..acf2c7df7145 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -643,7 +643,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len, return calc_buffer_shash(buf, len, hash); } -static void __init ima_pcrread(int idx, u8 *pcr) +static void __init ima_pcrread(u32 idx, u8 *pcr) { if (!ima_tpm_chip) return; @@ -659,7 +659,8 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest, struct crypto_shash *tfm) { u8 pcr_i[TPM_DIGEST_SIZE]; - int rc, i; + int rc; + u32 i; SHASH_DESC_ON_STACK(shash, tfm); shash->tfm = tfm; -- cgit v1.2.3