Commit 88d7ed35 authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by James Morris

evm: key must be set once during initialization

On multi-core systems, setting of the key before every caclculation,
causes invalid HMAC calculation for other tfm users, because internal
state (ipad, opad) can be invalid before set key call returns.
It needs to be set only once during initialization.
Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: default avatarMimi Zohar <zohar@us.ibm.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent fe0e94c5
...@@ -52,6 +52,14 @@ static struct shash_desc *init_desc(const char type) ...@@ -52,6 +52,14 @@ static struct shash_desc *init_desc(const char type)
*tfm = NULL; *tfm = NULL;
return ERR_PTR(rc); return ERR_PTR(rc);
} }
if (type == EVM_XATTR_HMAC) {
rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);
if (rc) {
crypto_free_shash(*tfm);
*tfm = NULL;
return ERR_PTR(rc);
}
}
} }
desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm), desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
...@@ -62,14 +70,7 @@ static struct shash_desc *init_desc(const char type) ...@@ -62,14 +70,7 @@ static struct shash_desc *init_desc(const char type)
desc->tfm = *tfm; desc->tfm = *tfm;
desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
if (type == EVM_XATTR_HMAC) {
rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);
if (rc)
goto out;
}
rc = crypto_shash_init(desc); rc = crypto_shash_init(desc);
out:
if (rc) { if (rc) {
kfree(desc); kfree(desc);
return ERR_PTR(rc); return ERR_PTR(rc);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment