diff options
author | Dmitry Kasatkin <dmitry.kasatkin@nokia.com> | 2011-05-06 11:34:14 +0300 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-07-18 12:29:48 -0400 |
commit | 6d38ca01c0c2d6c2e46ec1984db9ada6bad6ca26 (patch) | |
tree | 6084a84cd87d18c261d62dc816d48335ce602447 /crypto/aead.c | |
parent | 2960e6cb5f7c662b8edb6b0d2edc72095b4f5672 (diff) |
evm: evm_verify_hmac must not return INTEGRITY_UNKNOWN
If EVM is not supported or enabled, evm_verify_hmac() returns
INTEGRITY_UNKNOWN, which ima_appraise_measurement() ignores and sets
the appraisal status based solely on the security.ima verification.
evm_verify_hmac() also returns INTEGRITY_UNKNOWN for other failures, such
as temporary failures like -ENOMEM, resulting in possible attack vectors.
This patch changes the default return code for temporary/unexpected
failures, like -ENOMEM, from INTEGRITY_UNKNOWN to INTEGRITY_FAIL, making
evm_verify_hmac() fail safe.
As a result, failures need to be re-evaluated in order to catch both
temporary errors, such as the -ENOMEM, as well as errors that have been
resolved in fix mode.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'crypto/aead.c')
0 files changed, 0 insertions, 0 deletions