diff options
| -rw-r--r-- | security/integrity/ima/ima_crypto.c | 43 |
1 files changed, 29 insertions, 14 deletions
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 872c6698067c..e5d3ebf18436 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c | |||
| @@ -39,6 +39,28 @@ int ima_init_crypto(void) | |||
| 39 | return 0; | 39 | return 0; |
| 40 | } | 40 | } |
| 41 | 41 | ||
| 42 | static struct crypto_shash *ima_alloc_tfm(enum hash_algo algo) | ||
| 43 | { | ||
| 44 | struct crypto_shash *tfm = ima_shash_tfm; | ||
| 45 | int rc; | ||
| 46 | |||
| 47 | if (algo != ima_hash_algo && algo < HASH_ALGO__LAST) { | ||
| 48 | tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0); | ||
| 49 | if (IS_ERR(tfm)) { | ||
| 50 | rc = PTR_ERR(tfm); | ||
| 51 | pr_err("Can not allocate %s (reason: %d)\n", | ||
| 52 | hash_algo_name[algo], rc); | ||
| 53 | } | ||
| 54 | } | ||
| 55 | return tfm; | ||
| 56 | } | ||
| 57 | |||
| 58 | static void ima_free_tfm(struct crypto_shash *tfm) | ||
| 59 | { | ||
| 60 | if (tfm != ima_shash_tfm) | ||
| 61 | crypto_free_shash(tfm); | ||
| 62 | } | ||
| 63 | |||
| 42 | /* | 64 | /* |
| 43 | * Calculate the MD5/SHA1 file digest | 65 | * Calculate the MD5/SHA1 file digest |
| 44 | */ | 66 | */ |
| @@ -57,6 +79,8 @@ static int ima_calc_file_hash_tfm(struct file *file, | |||
| 57 | desc.shash.tfm = tfm; | 79 | desc.shash.tfm = tfm; |
| 58 | desc.shash.flags = 0; | 80 | desc.shash.flags = 0; |
| 59 | 81 | ||
| 82 | hash->length = crypto_shash_digestsize(tfm); | ||
| 83 | |||
| 60 | rc = crypto_shash_init(&desc.shash); | 84 | rc = crypto_shash_init(&desc.shash); |
| 61 | if (rc != 0) | 85 | if (rc != 0) |
| 62 | return rc; | 86 | return rc; |
| @@ -98,25 +122,16 @@ out: | |||
| 98 | 122 | ||
| 99 | int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash) | 123 | int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash) |
| 100 | { | 124 | { |
| 101 | struct crypto_shash *tfm = ima_shash_tfm; | 125 | struct crypto_shash *tfm; |
| 102 | int rc; | 126 | int rc; |
| 103 | 127 | ||
| 104 | if (hash->algo != ima_hash_algo && hash->algo < HASH_ALGO__LAST) { | 128 | tfm = ima_alloc_tfm(hash->algo); |
| 105 | tfm = crypto_alloc_shash(hash_algo_name[hash->algo], 0, 0); | 129 | if (IS_ERR(tfm)) |
| 106 | if (IS_ERR(tfm)) { | 130 | return PTR_ERR(tfm); |
| 107 | rc = PTR_ERR(tfm); | ||
| 108 | pr_err("Can not allocate %s (reason: %d)\n", | ||
| 109 | hash_algo_name[hash->algo], rc); | ||
| 110 | return rc; | ||
| 111 | } | ||
| 112 | } | ||
| 113 | |||
| 114 | hash->length = crypto_shash_digestsize(tfm); | ||
| 115 | 131 | ||
| 116 | rc = ima_calc_file_hash_tfm(file, hash, tfm); | 132 | rc = ima_calc_file_hash_tfm(file, hash, tfm); |
| 117 | 133 | ||
| 118 | if (tfm != ima_shash_tfm) | 134 | ima_free_tfm(tfm); |
| 119 | crypto_free_shash(tfm); | ||
| 120 | 135 | ||
| 121 | return rc; | 136 | return rc; |
| 122 | } | 137 | } |