diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-05-03 11:50:52 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-05-03 11:50:52 -0400 |
| commit | 0302e28dee643932ee7b3c112ebccdbb9f8ec32c (patch) | |
| tree | 405d4cb3f772ef069ed7f291adc4b74a4e73346e /security/apparmor/crypto.c | |
| parent | 89c9fea3c8034cdb2fd745f551cde0b507fd6893 (diff) | |
| parent | 8979b02aaf1d6de8d52cc143aa4da961ed32e5a2 (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
IMA:
- provide ">" and "<" operators for fowner/uid/euid rules
KEYS:
- add a system blacklist keyring
- add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction
functionality to userland via keyctl()
LSM:
- harden LSM API with __ro_after_init
- add prlmit security hook, implement for SELinux
- revive security_task_alloc hook
TPM:
- implement contextual TPM command 'spaces'"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits)
tpm: Fix reference count to main device
tpm_tis: convert to using locality callbacks
tpm: fix handling of the TPM 2.0 event logs
tpm_crb: remove a cruft constant
keys: select CONFIG_CRYPTO when selecting DH / KDF
apparmor: Make path_max parameter readonly
apparmor: fix parameters so that the permission test is bypassed at boot
apparmor: fix invalid reference to index variable of iterator line 836
apparmor: use SHASH_DESC_ON_STACK
security/apparmor/lsm.c: set debug messages
apparmor: fix boolreturn.cocci warnings
Smack: Use GFP_KERNEL for smk_netlbl_mls().
smack: fix double free in smack_parse_opts_str()
KEYS: add SP800-56A KDF support for DH
KEYS: Keyring asymmetric key restrict method with chaining
KEYS: Restrict asymmetric key linkage using a specific keychain
KEYS: Add a lookup_restriction function for the asymmetric key type
KEYS: Add KEYCTL_RESTRICT_KEYRING
KEYS: Consistent ordering for __key_link_begin and restrict check
KEYS: Add an optional lookup_restriction hook to key_type
...
Diffstat (limited to 'security/apparmor/crypto.c')
| -rw-r--r-- | security/apparmor/crypto.c | 32 |
1 files changed, 13 insertions, 19 deletions
diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c index de8dc78b6144..136f2a047836 100644 --- a/security/apparmor/crypto.c +++ b/security/apparmor/crypto.c | |||
| @@ -31,10 +31,7 @@ unsigned int aa_hash_size(void) | |||
| 31 | 31 | ||
| 32 | char *aa_calc_hash(void *data, size_t len) | 32 | char *aa_calc_hash(void *data, size_t len) |
| 33 | { | 33 | { |
| 34 | struct { | 34 | SHASH_DESC_ON_STACK(desc, apparmor_tfm); |
| 35 | struct shash_desc shash; | ||
| 36 | char ctx[crypto_shash_descsize(apparmor_tfm)]; | ||
| 37 | } desc; | ||
| 38 | char *hash = NULL; | 35 | char *hash = NULL; |
| 39 | int error = -ENOMEM; | 36 | int error = -ENOMEM; |
| 40 | 37 | ||
| @@ -45,16 +42,16 @@ char *aa_calc_hash(void *data, size_t len) | |||
| 45 | if (!hash) | 42 | if (!hash) |
| 46 | goto fail; | 43 | goto fail; |
| 47 | 44 | ||
| 48 | desc.shash.tfm = apparmor_tfm; | 45 | desc->tfm = apparmor_tfm; |
| 49 | desc.shash.flags = 0; | 46 | desc->flags = 0; |
| 50 | 47 | ||
| 51 | error = crypto_shash_init(&desc.shash); | 48 | error = crypto_shash_init(desc); |
| 52 | if (error) | 49 | if (error) |
| 53 | goto fail; | 50 | goto fail; |
| 54 | error = crypto_shash_update(&desc.shash, (u8 *) data, len); | 51 | error = crypto_shash_update(desc, (u8 *) data, len); |
| 55 | if (error) | 52 | if (error) |
| 56 | goto fail; | 53 | goto fail; |
| 57 | error = crypto_shash_final(&desc.shash, hash); | 54 | error = crypto_shash_final(desc, hash); |
| 58 | if (error) | 55 | if (error) |
| 59 | goto fail; | 56 | goto fail; |
| 60 | 57 | ||
| @@ -69,10 +66,7 @@ fail: | |||
| 69 | int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, | 66 | int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, |
| 70 | size_t len) | 67 | size_t len) |
| 71 | { | 68 | { |
| 72 | struct { | 69 | SHASH_DESC_ON_STACK(desc, apparmor_tfm); |
| 73 | struct shash_desc shash; | ||
| 74 | char ctx[crypto_shash_descsize(apparmor_tfm)]; | ||
| 75 | } desc; | ||
| 76 | int error = -ENOMEM; | 70 | int error = -ENOMEM; |
| 77 | __le32 le32_version = cpu_to_le32(version); | 71 | __le32 le32_version = cpu_to_le32(version); |
| 78 | 72 | ||
| @@ -86,19 +80,19 @@ int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, | |||
| 86 | if (!profile->hash) | 80 | if (!profile->hash) |
| 87 | goto fail; | 81 | goto fail; |
| 88 | 82 | ||
| 89 | desc.shash.tfm = apparmor_tfm; | 83 | desc->tfm = apparmor_tfm; |
| 90 | desc.shash.flags = 0; | 84 | desc->flags = 0; |
| 91 | 85 | ||
| 92 | error = crypto_shash_init(&desc.shash); | 86 | error = crypto_shash_init(desc); |
| 93 | if (error) | 87 | if (error) |
| 94 | goto fail; | 88 | goto fail; |
| 95 | error = crypto_shash_update(&desc.shash, (u8 *) &le32_version, 4); | 89 | error = crypto_shash_update(desc, (u8 *) &le32_version, 4); |
| 96 | if (error) | 90 | if (error) |
| 97 | goto fail; | 91 | goto fail; |
| 98 | error = crypto_shash_update(&desc.shash, (u8 *) start, len); | 92 | error = crypto_shash_update(desc, (u8 *) start, len); |
| 99 | if (error) | 93 | if (error) |
| 100 | goto fail; | 94 | goto fail; |
| 101 | error = crypto_shash_final(&desc.shash, profile->hash); | 95 | error = crypto_shash_final(desc, profile->hash); |
| 102 | if (error) | 96 | if (error) |
| 103 | goto fail; | 97 | goto fail; |
| 104 | 98 | ||