diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-16 01:54:12 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-16 01:54:12 -0400 |
| commit | f91e654474d413201ae578820fb63f8a811f6c4e (patch) | |
| tree | 7f32d5757381b3371dbf095510622472c7d3aa43 /include/linux | |
| parent | c715ebeb0303b196f17376f189ae4e168d98b563 (diff) | |
| parent | 3dd0f18c70d94ca2432c78c5735744429f071b0b (diff) | |
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris:
"This adds support for EVM signatures based on larger digests, contains
a new audit record AUDIT_INTEGRITY_POLICY_RULE to differentiate the
IMA policy rules from the IMA-audit messages, addresses two deadlocks
due to either loading or searching for crypto algorithms, and cleans
up the audit messages"
* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
EVM: fix return value check in evm_write_xattrs()
integrity: prevent deadlock during digsig verification.
evm: Allow non-SHA1 digital signatures
evm: Don't deadlock if a crypto algorithm is unavailable
integrity: silence warning when CONFIG_SECURITYFS is not enabled
ima: Differentiate auditing policy rules from "audit" actions
ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
ima: Use audit_log_format() rather than audit_log_string()
ima: Call audit_log_string() rather than logging it untrusted
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/crypto.h | 5 | ||||
| -rw-r--r-- | include/linux/integrity.h | 13 |
2 files changed, 18 insertions, 0 deletions
diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 6eb06101089f..e8839d3a7559 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h | |||
| @@ -113,6 +113,11 @@ | |||
| 113 | #define CRYPTO_ALG_OPTIONAL_KEY 0x00004000 | 113 | #define CRYPTO_ALG_OPTIONAL_KEY 0x00004000 |
| 114 | 114 | ||
| 115 | /* | 115 | /* |
| 116 | * Don't trigger module loading | ||
| 117 | */ | ||
| 118 | #define CRYPTO_NOLOAD 0x00008000 | ||
| 119 | |||
| 120 | /* | ||
| 116 | * Transform masks and values (for crt_flags). | 121 | * Transform masks and values (for crt_flags). |
| 117 | */ | 122 | */ |
| 118 | #define CRYPTO_TFM_NEED_KEY 0x00000001 | 123 | #define CRYPTO_TFM_NEED_KEY 0x00000001 |
diff --git a/include/linux/integrity.h b/include/linux/integrity.h index 858d3f4a2241..54c853ec2fd1 100644 --- a/include/linux/integrity.h +++ b/include/linux/integrity.h | |||
| @@ -44,4 +44,17 @@ static inline void integrity_load_keys(void) | |||
| 44 | } | 44 | } |
| 45 | #endif /* CONFIG_INTEGRITY */ | 45 | #endif /* CONFIG_INTEGRITY */ |
| 46 | 46 | ||
| 47 | #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS | ||
| 48 | |||
| 49 | extern int integrity_kernel_module_request(char *kmod_name); | ||
| 50 | |||
| 51 | #else | ||
| 52 | |||
| 53 | static inline int integrity_kernel_module_request(char *kmod_name) | ||
| 54 | { | ||
| 55 | return 0; | ||
| 56 | } | ||
| 57 | |||
| 58 | #endif /* CONFIG_INTEGRITY_ASYMMETRIC_KEYS */ | ||
| 59 | |||
| 47 | #endif /* _LINUX_INTEGRITY_H */ | 60 | #endif /* _LINUX_INTEGRITY_H */ |