diff options
| -rw-r--r-- | security/integrity/ima/ima.h | 3 | ||||
| -rw-r--r-- | security/integrity/ima/ima_api.c | 1 | ||||
| -rw-r--r-- | security/integrity/ima/ima_crypto.c | 17 |
3 files changed, 15 insertions, 6 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index bf03c6a16cc8..a21cf706d213 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h | |||
| @@ -97,7 +97,8 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, | |||
| 97 | const char *op, struct inode *inode, | 97 | const char *op, struct inode *inode, |
| 98 | const unsigned char *filename); | 98 | const unsigned char *filename); |
| 99 | int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash); | 99 | int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash); |
| 100 | int ima_calc_field_array_hash(struct ima_field_data *field_data, int num_fields, | 100 | int ima_calc_field_array_hash(struct ima_field_data *field_data, |
| 101 | struct ima_template_desc *desc, int num_fields, | ||
| 101 | struct ima_digest_data *hash); | 102 | struct ima_digest_data *hash); |
| 102 | int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); | 103 | int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); |
| 103 | void ima_add_violation(struct file *file, const unsigned char *filename, | 104 | void ima_add_violation(struct file *file, const unsigned char *filename, |
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 0e7540863fc2..80374842fe0b 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c | |||
| @@ -94,6 +94,7 @@ int ima_store_template(struct ima_template_entry *entry, | |||
| 94 | /* this function uses default algo */ | 94 | /* this function uses default algo */ |
| 95 | hash.hdr.algo = HASH_ALGO_SHA1; | 95 | hash.hdr.algo = HASH_ALGO_SHA1; |
| 96 | result = ima_calc_field_array_hash(&entry->template_data[0], | 96 | result = ima_calc_field_array_hash(&entry->template_data[0], |
| 97 | entry->template_desc, | ||
| 97 | num_fields, &hash.hdr); | 98 | num_fields, &hash.hdr); |
| 98 | if (result < 0) { | 99 | if (result < 0) { |
| 99 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, | 100 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, |
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 676e0292dfec..fdf60def52e9 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c | |||
| @@ -140,6 +140,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash) | |||
| 140 | * Calculate the hash of template data | 140 | * Calculate the hash of template data |
| 141 | */ | 141 | */ |
| 142 | static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data, | 142 | static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data, |
| 143 | struct ima_template_desc *td, | ||
| 143 | int num_fields, | 144 | int num_fields, |
| 144 | struct ima_digest_data *hash, | 145 | struct ima_digest_data *hash, |
| 145 | struct crypto_shash *tfm) | 146 | struct crypto_shash *tfm) |
| @@ -160,9 +161,13 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data, | |||
| 160 | return rc; | 161 | return rc; |
| 161 | 162 | ||
| 162 | for (i = 0; i < num_fields; i++) { | 163 | for (i = 0; i < num_fields; i++) { |
| 163 | rc = crypto_shash_update(&desc.shash, | 164 | if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) { |
| 164 | (const u8 *) &field_data[i].len, | 165 | rc = crypto_shash_update(&desc.shash, |
| 165 | sizeof(field_data[i].len)); | 166 | (const u8 *) &field_data[i].len, |
| 167 | sizeof(field_data[i].len)); | ||
| 168 | if (rc) | ||
| 169 | break; | ||
| 170 | } | ||
| 166 | rc = crypto_shash_update(&desc.shash, field_data[i].data, | 171 | rc = crypto_shash_update(&desc.shash, field_data[i].data, |
| 167 | field_data[i].len); | 172 | field_data[i].len); |
| 168 | if (rc) | 173 | if (rc) |
| @@ -175,7 +180,8 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data, | |||
| 175 | return rc; | 180 | return rc; |
| 176 | } | 181 | } |
| 177 | 182 | ||
| 178 | int ima_calc_field_array_hash(struct ima_field_data *field_data, int num_fields, | 183 | int ima_calc_field_array_hash(struct ima_field_data *field_data, |
| 184 | struct ima_template_desc *desc, int num_fields, | ||
| 179 | struct ima_digest_data *hash) | 185 | struct ima_digest_data *hash) |
| 180 | { | 186 | { |
| 181 | struct crypto_shash *tfm; | 187 | struct crypto_shash *tfm; |
| @@ -185,7 +191,8 @@ int ima_calc_field_array_hash(struct ima_field_data *field_data, int num_fields, | |||
| 185 | if (IS_ERR(tfm)) | 191 | if (IS_ERR(tfm)) |
| 186 | return PTR_ERR(tfm); | 192 | return PTR_ERR(tfm); |
| 187 | 193 | ||
| 188 | rc = ima_calc_field_array_hash_tfm(field_data, num_fields, hash, tfm); | 194 | rc = ima_calc_field_array_hash_tfm(field_data, desc, num_fields, |
| 195 | hash, tfm); | ||
| 189 | 196 | ||
| 190 | ima_free_tfm(tfm); | 197 | ima_free_tfm(tfm); |
| 191 | 198 | ||