Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-12 07:01:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

evm: key must be set once during initialization

Browse Source 
On multi-core systems, setting of the key before every caclculation,
causes invalid HMAC calculation for other tfm users, because internal
state (ipad, opad) can be invalid before set key call returns.
It needs to be set only once during initialization.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Dmitry Kasatkin 2011-12-05 13:17:41 +02:00
parent 511585a28e
commit d21b594518
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
security/integrity/evm/evm_crypto.c
View File

@ -41,6 +41,12 @@ static struct shash_desc *init_desc(void)
hmac_tfm = NULL;
return ERR_PTR(rc);
}
rc = crypto_shash_setkey(hmac_tfm, evmkey, evmkey_len);
if (rc) {
crypto_free_shash(hmac_tfm);
hmac_tfm = NULL;
return ERR_PTR(rc);
}
}
desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(hmac_tfm),
@ -51,11 +57,7 @@ static struct shash_desc *init_desc(void)
desc->tfm = hmac_tfm;
desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
rc = crypto_shash_setkey(hmac_tfm, evmkey, evmkey_len);
if (rc)
goto out;
rc = crypto_shash_init(desc);
out:
if (rc) {
kfree(desc);
return ERR_PTR(rc);