diff for duplicates of <1496114943.3841.480.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index ed70759..370c900 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -49,10 +49,10 @@ On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > + int found = 0, not_found = 0; > + int i, j; > + -> + if (count <= 0 || digests = NULL) +> + if (count <= 0 || digests == NULL) > + return -EINVAL; > + -> + sha1_only = (count = 1 && digests[0].alg_id = TPM2_ALG_SHA1); +> + sha1_only = (count == 1 && digests[0].alg_id == TPM2_ALG_SHA1); > + > + if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) > + return sha1_only ? 1 : -EINVAL; @@ -63,24 +63,24 @@ On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > + for (i = 0; i < ARRAY_SIZE(chip->active_banks) && > + chip->active_banks[i] != TPM2_ALG_ERROR; i++) { > + for (j = 0; j < count; j++) { -> + if (digests[j].alg_id = chip->active_banks[i]) { +> + if (digests[j].alg_id == chip->active_banks[i]) { > + found++; > + break; > + } > + } > + -> + if (j = count) { +> + if (j == count) { > + dev_dbg(&chip->dev, "%s: missing algorithm 0x%X\n", > + __func__, chip->active_banks[i]); > + not_found++; > + } > + } > + -> + if (not_found = 0 && found != count) +> + if (not_found == 0 && found != count) > + dev_dbg(&chip->dev, > + "%s: duplicate or unsupported algorithm\n", __func__); > + -> + return (not_found = 0 && found = count) ? 1 : -EINVAL; +> + return (not_found == 0 && found == count) ? 1 : -EINVAL; > +} > + > +/** @@ -105,7 +105,7 @@ On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > int i; > > chip = tpm_chip_find_get(chip_num); -> if (chip = NULL) +> if (chip == NULL) > return -ENODEV; > > - if (chip->flags & TPM_CHIP_FLAG_TPM2) { @@ -117,10 +117,10 @@ On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: This rejects the TPM extend, if ANY of the algorithms are unknown. Suppose that the standards were updated, TPM vendors add support for the new algorithm, but the kernel has not been updated to reflect the -new algorithms supported. As the measurement hash already been added +new algorithms supported. ?As the measurement hash already been added to the IMA measurement list, verifying the measurement list against a TPM quote will fail, not just for the unknown algorithm, but for all -algorithms. Something is very broken with this approach. +algorithms. ?Something is very broken with this approach. Mimi @@ -212,6 +212,6 @@ Mimi > static inline int tpm_pcr_algorithms(u32 chip_num, int count, -- -To unsubscribe from this list: send the line "unsubscribe keyrings" in -the body of a message to majordomo@vger.kernel.org +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 038978e..2c17076 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,8 +1,8 @@ "ref\020170505142152.29795-1-roberto.sassu@huawei.com\0" "ref\020170505142152.29795-4-roberto.sassu@huawei.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [Linux-ima-devel] [PATCH v2 3/5] tpm: pass multiple digests to tpm_pcr_extend()\0" - "Date\0Tue, 30 May 2017 03:29:03 +0000\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[Linux-ima-devel] [PATCH v2 3/5] tpm: pass multiple digests to tpm_pcr_extend()\0" + "Date\0Mon, 29 May 2017 23:29:03 -0400\0" "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" @@ -57,10 +57,10 @@ "> +\tint found = 0, not_found = 0;\n" "> +\tint i, j;\n" "> +\n" - "> +\tif (count <= 0 || digests = NULL)\n" + "> +\tif (count <= 0 || digests == NULL)\n" "> +\t\treturn -EINVAL;\n" "> +\n" - "> +\tsha1_only = (count = 1 && digests[0].alg_id = TPM2_ALG_SHA1);\n" + "> +\tsha1_only = (count == 1 && digests[0].alg_id == TPM2_ALG_SHA1);\n" "> +\n" "> +\tif (!(chip->flags & TPM_CHIP_FLAG_TPM2))\n" "> +\t\treturn sha1_only ? 1 : -EINVAL;\n" @@ -71,24 +71,24 @@ "> +\tfor (i = 0; i < ARRAY_SIZE(chip->active_banks) &&\n" "> +\t chip->active_banks[i] != TPM2_ALG_ERROR; i++) {\n" "> +\t\tfor (j = 0; j < count; j++) {\n" - "> +\t\t\tif (digests[j].alg_id = chip->active_banks[i]) {\n" + "> +\t\t\tif (digests[j].alg_id == chip->active_banks[i]) {\n" "> +\t\t\t\tfound++;\n" "> +\t\t\t\tbreak;\n" "> +\t\t\t}\n" "> +\t\t}\n" "> +\n" - "> +\t\tif (j = count) {\n" + "> +\t\tif (j == count) {\n" "> +\t\t\tdev_dbg(&chip->dev, \"%s: missing algorithm 0x%X\\n\",\n" "> +\t\t\t\t__func__, chip->active_banks[i]);\n" "> +\t\t\tnot_found++;\n" "> +\t\t}\n" "> +\t}\n" "> +\n" - "> +\tif (not_found = 0 && found != count)\n" + "> +\tif (not_found == 0 && found != count)\n" "> +\t\tdev_dbg(&chip->dev,\n" "> +\t\t\t\"%s: duplicate or unsupported algorithm\\n\", __func__);\n" "> +\n" - "> +\treturn (not_found = 0 && found = count) ? 1 : -EINVAL;\n" + "> +\treturn (not_found == 0 && found == count) ? 1 : -EINVAL;\n" "> +}\n" "> +\n" "> +/**\n" @@ -113,7 +113,7 @@ "> \tint i;\n" "> \n" "> \tchip = tpm_chip_find_get(chip_num);\n" - "> \tif (chip = NULL)\n" + "> \tif (chip == NULL)\n" "> \t\treturn -ENODEV;\n" "> \n" "> -\tif (chip->flags & TPM_CHIP_FLAG_TPM2) {\n" @@ -125,10 +125,10 @@ "This rejects the TPM extend, if ANY of the algorithms are unknown.\n" "Suppose that the standards were updated, TPM vendors add support for\n" "the new algorithm, but the kernel has not been updated to reflect the\n" - "new algorithms supported. \302\240As the measurement hash already been added\n" + "new algorithms supported. ?As the measurement hash already been added\n" "to the IMA measurement list, verifying the measurement list against a\n" "TPM quote will fail, not just for the unknown algorithm, but for all\n" - "algorithms. \302\240Something is very broken with this approach.\n" + "algorithms. ?Something is very broken with this approach.\n" "\n" "Mimi\n" "\n" @@ -220,8 +220,8 @@ "> static inline int tpm_pcr_algorithms(u32 chip_num, int count,\n" "\n" "--\n" - "To unsubscribe from this list: send the line \"unsubscribe keyrings\" in\n" - "the body of a message to majordomo@vger.kernel.org\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" More majordomo info at http://vger.kernel.org/majordomo-info.html -9688b895634593fab6f0087cbd9b85ae23ba4120a3e5fd0f4bf6bd5152d85c26 +1717f2dbb1e80d8a59d621c80d860f4d20bf4dd7f1f3848260ba74b3e3785659
diff --git a/a/1.txt b/N2/1.txt index ed70759..d5399bf 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -49,10 +49,10 @@ On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > + int found = 0, not_found = 0; > + int i, j; > + -> + if (count <= 0 || digests = NULL) +> + if (count <= 0 || digests == NULL) > + return -EINVAL; > + -> + sha1_only = (count = 1 && digests[0].alg_id = TPM2_ALG_SHA1); +> + sha1_only = (count == 1 && digests[0].alg_id == TPM2_ALG_SHA1); > + > + if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) > + return sha1_only ? 1 : -EINVAL; @@ -63,24 +63,24 @@ On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > + for (i = 0; i < ARRAY_SIZE(chip->active_banks) && > + chip->active_banks[i] != TPM2_ALG_ERROR; i++) { > + for (j = 0; j < count; j++) { -> + if (digests[j].alg_id = chip->active_banks[i]) { +> + if (digests[j].alg_id == chip->active_banks[i]) { > + found++; > + break; > + } > + } > + -> + if (j = count) { +> + if (j == count) { > + dev_dbg(&chip->dev, "%s: missing algorithm 0x%X\n", > + __func__, chip->active_banks[i]); > + not_found++; > + } > + } > + -> + if (not_found = 0 && found != count) +> + if (not_found == 0 && found != count) > + dev_dbg(&chip->dev, > + "%s: duplicate or unsupported algorithm\n", __func__); > + -> + return (not_found = 0 && found = count) ? 1 : -EINVAL; +> + return (not_found == 0 && found == count) ? 1 : -EINVAL; > +} > + > +/** @@ -105,7 +105,7 @@ On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > int i; > > chip = tpm_chip_find_get(chip_num); -> if (chip = NULL) +> if (chip == NULL) > return -ENODEV; > > - if (chip->flags & TPM_CHIP_FLAG_TPM2) { @@ -211,7 +211,11 @@ Mimi > } > static inline int tpm_pcr_algorithms(u32 chip_num, int count, --- -To unsubscribe from this list: send the line "unsubscribe keyrings" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html + +------------------------------------------------------------------------------ +Check out the vibrant tech community on one of the world's most +engaging tech sites, Slashdot.org! http://sdm.link/slashdot +_______________________________________________ +tpmdd-devel mailing list +tpmdd-devel@lists.sourceforge.net +https://lists.sourceforge.net/lists/listinfo/tpmdd-devel diff --git a/a/content_digest b/N2/content_digest index 038978e..71ead2a 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,9 +1,15 @@ "ref\020170505142152.29795-1-roberto.sassu@huawei.com\0" "ref\020170505142152.29795-4-roberto.sassu@huawei.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" + "ref\020170505142152.29795-4-roberto.sassu-hv44wF8Li93QT0dZR+AlfA@public.gmane.org\0" + "From\0Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>\0" "Subject\0Re: [Linux-ima-devel] [PATCH v2 3/5] tpm: pass multiple digests to tpm_pcr_extend()\0" - "Date\0Tue, 30 May 2017 03:29:03 +0000\0" - "To\0linux-security-module@vger.kernel.org\0" + "Date\0Mon, 29 May 2017 23:29:03 -0400\0" + "To\0Roberto Sassu <roberto.sassu-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>" + " tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org\0" + "Cc\0linux-ima-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org" + linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org + keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org + " linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org\0" "\00:1\0" "b\0" "On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:\n" @@ -57,10 +63,10 @@ "> +\tint found = 0, not_found = 0;\n" "> +\tint i, j;\n" "> +\n" - "> +\tif (count <= 0 || digests = NULL)\n" + "> +\tif (count <= 0 || digests == NULL)\n" "> +\t\treturn -EINVAL;\n" "> +\n" - "> +\tsha1_only = (count = 1 && digests[0].alg_id = TPM2_ALG_SHA1);\n" + "> +\tsha1_only = (count == 1 && digests[0].alg_id == TPM2_ALG_SHA1);\n" "> +\n" "> +\tif (!(chip->flags & TPM_CHIP_FLAG_TPM2))\n" "> +\t\treturn sha1_only ? 1 : -EINVAL;\n" @@ -71,24 +77,24 @@ "> +\tfor (i = 0; i < ARRAY_SIZE(chip->active_banks) &&\n" "> +\t chip->active_banks[i] != TPM2_ALG_ERROR; i++) {\n" "> +\t\tfor (j = 0; j < count; j++) {\n" - "> +\t\t\tif (digests[j].alg_id = chip->active_banks[i]) {\n" + "> +\t\t\tif (digests[j].alg_id == chip->active_banks[i]) {\n" "> +\t\t\t\tfound++;\n" "> +\t\t\t\tbreak;\n" "> +\t\t\t}\n" "> +\t\t}\n" "> +\n" - "> +\t\tif (j = count) {\n" + "> +\t\tif (j == count) {\n" "> +\t\t\tdev_dbg(&chip->dev, \"%s: missing algorithm 0x%X\\n\",\n" "> +\t\t\t\t__func__, chip->active_banks[i]);\n" "> +\t\t\tnot_found++;\n" "> +\t\t}\n" "> +\t}\n" "> +\n" - "> +\tif (not_found = 0 && found != count)\n" + "> +\tif (not_found == 0 && found != count)\n" "> +\t\tdev_dbg(&chip->dev,\n" "> +\t\t\t\"%s: duplicate or unsupported algorithm\\n\", __func__);\n" "> +\n" - "> +\treturn (not_found = 0 && found = count) ? 1 : -EINVAL;\n" + "> +\treturn (not_found == 0 && found == count) ? 1 : -EINVAL;\n" "> +}\n" "> +\n" "> +/**\n" @@ -113,7 +119,7 @@ "> \tint i;\n" "> \n" "> \tchip = tpm_chip_find_get(chip_num);\n" - "> \tif (chip = NULL)\n" + "> \tif (chip == NULL)\n" "> \t\treturn -ENODEV;\n" "> \n" "> -\tif (chip->flags & TPM_CHIP_FLAG_TPM2) {\n" @@ -219,9 +225,13 @@ "> }\n" "> static inline int tpm_pcr_algorithms(u32 chip_num, int count,\n" "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe keyrings\" in\n" - "the body of a message to majordomo@vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + "\n" + "------------------------------------------------------------------------------\n" + "Check out the vibrant tech community on one of the world's most\n" + "engaging tech sites, Slashdot.org! http://sdm.link/slashdot\n" + "_______________________________________________\n" + "tpmdd-devel mailing list\n" + "tpmdd-devel@lists.sourceforge.net\n" + https://lists.sourceforge.net/lists/listinfo/tpmdd-devel -9688b895634593fab6f0087cbd9b85ae23ba4120a3e5fd0f4bf6bd5152d85c26 +1f1a6166010c77c8824a6f8e3021b61d587d2a2b5c84c8417673c92db9a6c55c
diff --git a/a/1.txt b/N3/1.txt index ed70759..dd9c7e7 100644 --- a/a/1.txt +++ b/N3/1.txt @@ -49,10 +49,10 @@ On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > + int found = 0, not_found = 0; > + int i, j; > + -> + if (count <= 0 || digests = NULL) +> + if (count <= 0 || digests == NULL) > + return -EINVAL; > + -> + sha1_only = (count = 1 && digests[0].alg_id = TPM2_ALG_SHA1); +> + sha1_only = (count == 1 && digests[0].alg_id == TPM2_ALG_SHA1); > + > + if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) > + return sha1_only ? 1 : -EINVAL; @@ -63,24 +63,24 @@ On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > + for (i = 0; i < ARRAY_SIZE(chip->active_banks) && > + chip->active_banks[i] != TPM2_ALG_ERROR; i++) { > + for (j = 0; j < count; j++) { -> + if (digests[j].alg_id = chip->active_banks[i]) { +> + if (digests[j].alg_id == chip->active_banks[i]) { > + found++; > + break; > + } > + } > + -> + if (j = count) { +> + if (j == count) { > + dev_dbg(&chip->dev, "%s: missing algorithm 0x%X\n", > + __func__, chip->active_banks[i]); > + not_found++; > + } > + } > + -> + if (not_found = 0 && found != count) +> + if (not_found == 0 && found != count) > + dev_dbg(&chip->dev, > + "%s: duplicate or unsupported algorithm\n", __func__); > + -> + return (not_found = 0 && found = count) ? 1 : -EINVAL; +> + return (not_found == 0 && found == count) ? 1 : -EINVAL; > +} > + > +/** @@ -105,7 +105,7 @@ On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > int i; > > chip = tpm_chip_find_get(chip_num); -> if (chip = NULL) +> if (chip == NULL) > return -ENODEV; > > - if (chip->flags & TPM_CHIP_FLAG_TPM2) { @@ -210,8 +210,3 @@ Mimi > return -ENODEV; > } > static inline int tpm_pcr_algorithms(u32 chip_num, int count, - --- -To unsubscribe from this list: send the line "unsubscribe keyrings" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N3/content_digest index 038978e..2e9139f 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -2,8 +2,13 @@ "ref\020170505142152.29795-4-roberto.sassu@huawei.com\0" "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" "Subject\0Re: [Linux-ima-devel] [PATCH v2 3/5] tpm: pass multiple digests to tpm_pcr_extend()\0" - "Date\0Tue, 30 May 2017 03:29:03 +0000\0" - "To\0linux-security-module@vger.kernel.org\0" + "Date\0Mon, 29 May 2017 23:29:03 -0400\0" + "To\0Roberto Sassu <roberto.sassu@huawei.com>" + " tpmdd-devel@lists.sourceforge.net\0" + "Cc\0linux-ima-devel@lists.sourceforge.net" + linux-security-module@vger.kernel.org + keyrings@vger.kernel.org + " linux-kernel@vger.kernel.org\0" "\00:1\0" "b\0" "On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:\n" @@ -57,10 +62,10 @@ "> +\tint found = 0, not_found = 0;\n" "> +\tint i, j;\n" "> +\n" - "> +\tif (count <= 0 || digests = NULL)\n" + "> +\tif (count <= 0 || digests == NULL)\n" "> +\t\treturn -EINVAL;\n" "> +\n" - "> +\tsha1_only = (count = 1 && digests[0].alg_id = TPM2_ALG_SHA1);\n" + "> +\tsha1_only = (count == 1 && digests[0].alg_id == TPM2_ALG_SHA1);\n" "> +\n" "> +\tif (!(chip->flags & TPM_CHIP_FLAG_TPM2))\n" "> +\t\treturn sha1_only ? 1 : -EINVAL;\n" @@ -71,24 +76,24 @@ "> +\tfor (i = 0; i < ARRAY_SIZE(chip->active_banks) &&\n" "> +\t chip->active_banks[i] != TPM2_ALG_ERROR; i++) {\n" "> +\t\tfor (j = 0; j < count; j++) {\n" - "> +\t\t\tif (digests[j].alg_id = chip->active_banks[i]) {\n" + "> +\t\t\tif (digests[j].alg_id == chip->active_banks[i]) {\n" "> +\t\t\t\tfound++;\n" "> +\t\t\t\tbreak;\n" "> +\t\t\t}\n" "> +\t\t}\n" "> +\n" - "> +\t\tif (j = count) {\n" + "> +\t\tif (j == count) {\n" "> +\t\t\tdev_dbg(&chip->dev, \"%s: missing algorithm 0x%X\\n\",\n" "> +\t\t\t\t__func__, chip->active_banks[i]);\n" "> +\t\t\tnot_found++;\n" "> +\t\t}\n" "> +\t}\n" "> +\n" - "> +\tif (not_found = 0 && found != count)\n" + "> +\tif (not_found == 0 && found != count)\n" "> +\t\tdev_dbg(&chip->dev,\n" "> +\t\t\t\"%s: duplicate or unsupported algorithm\\n\", __func__);\n" "> +\n" - "> +\treturn (not_found = 0 && found = count) ? 1 : -EINVAL;\n" + "> +\treturn (not_found == 0 && found == count) ? 1 : -EINVAL;\n" "> +}\n" "> +\n" "> +/**\n" @@ -113,7 +118,7 @@ "> \tint i;\n" "> \n" "> \tchip = tpm_chip_find_get(chip_num);\n" - "> \tif (chip = NULL)\n" + "> \tif (chip == NULL)\n" "> \t\treturn -ENODEV;\n" "> \n" "> -\tif (chip->flags & TPM_CHIP_FLAG_TPM2) {\n" @@ -217,11 +222,6 @@ "> +\t\t\t\t struct tpm2_digest *digests) {\n" "> \treturn -ENODEV;\n" "> }\n" - "> static inline int tpm_pcr_algorithms(u32 chip_num, int count,\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe keyrings\" in\n" - "the body of a message to majordomo@vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + > static inline int tpm_pcr_algorithms(u32 chip_num, int count, -9688b895634593fab6f0087cbd9b85ae23ba4120a3e5fd0f4bf6bd5152d85c26 +f93a53a74c656f8263846caf2cb2948fb900be5058f6f139f045a602f2fa51ca
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.