aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDmitry Kasatkin <dmitry.kasatkin@intel.com>2011-12-05 06:17:41 -0500
committerJames Morris <jmorris@namei.org>2011-12-07 18:06:09 -0500
commit88d7ed35085184f15a2af3d9e88d775059b2f307 (patch)
treef02d2530e0f665fea4c5b240404f7767d39f47bf
parentfe0e94c5a7e5335ba0d200e7d3e26e9f80cda4b1 (diff)
evm: key must be set once during initialization
On multi-core systems, setting of the key before every caclculation, causes invalid HMAC calculation for other tfm users, because internal state (ipad, opad) can be invalid before set key call returns. It needs to be set only once during initialization. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/integrity/evm/evm_crypto.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 847a2d7dff17..3b9f5a080e4f 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -52,6 +52,14 @@ static struct shash_desc *init_desc(const char type)
52 *tfm = NULL; 52 *tfm = NULL;
53 return ERR_PTR(rc); 53 return ERR_PTR(rc);
54 } 54 }
55 if (type == EVM_XATTR_HMAC) {
56 rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);
57 if (rc) {
58 crypto_free_shash(*tfm);
59 *tfm = NULL;
60 return ERR_PTR(rc);
61 }
62 }
55 } 63 }
56 64
57 desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm), 65 desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
@@ -62,14 +70,7 @@ static struct shash_desc *init_desc(const char type)
62 desc->tfm = *tfm; 70 desc->tfm = *tfm;
63 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 71 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
64 72
65 if (type == EVM_XATTR_HMAC) {
66 rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);
67 if (rc)
68 goto out;
69 }
70
71 rc = crypto_shash_init(desc); 73 rc = crypto_shash_init(desc);
72out:
73 if (rc) { 74 if (rc) {
74 kfree(desc); 75 kfree(desc);
75 return ERR_PTR(rc); 76 return ERR_PTR(rc);