evm: key must be set once during initialization

On multi-core systems, setting of the key before every caclculation, causes invalid HMAC calculation for other tfm users, because internal state (ipad, opad) can be invalid before set key call returns. It needs to be set only once during initialization. Signed-off-by: N Dmitry Kasatkin <dmitry.kasatkin@intel.com> Acked-by: N Mimi Zohar <zohar@us.ibm.com> Signed-off-by: N James Morris <jmorris@namei.org>

evm: key must be set once during initialization
On multi-core systems, setting of the key before every caclculation, causes invalid HMAC calculation for other tfm users, because internal state (ipad, opad) can be invalid before set key call returns. It needs to be set only once during initialization. Signed-off-by: N Dmitry Kasatkin <dmitry.kasatkin@intel.com> Acked-by: N Mimi Zohar <zohar@us.ibm.com> Signed-off-by: N James Morris <jmorris@namei.org>
88d7ed35 · Dmitry Kasatkin · James Morris · fe0e94c5 · 88d7ed35
隐藏空白更改
内联并排

Showing with 8 addition and 7 deletion

security/integrity/evm/evm_crypto.c security/integrity/evm/evm_crypto.c +8 -7

未找到文件。
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -52,6 +52,14 @@ static struct shash_desc *init_desc(const char type)
 			*tfm = NULL;
 			return ERR_PTR(rc);
 		}
+		if (type == EVM_XATTR_HMAC) {
+			rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);
+			if (rc) {
+				crypto_free_shash(*tfm);
+				*tfm = NULL;
+				return ERR_PTR(rc);
+			}
+		}
 	}

 	desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
@@ -62,14 +70,7 @@ static struct shash_desc *init_desc(const char type)
 	desc->tfm = *tfm;
 	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;

-	if (type == EVM_XATTR_HMAC) {
-		rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);
-		if (rc)
-			goto out;
-	}
-
 	rc = crypto_shash_init(desc);
-out:
 	if (rc) {
 		kfree(desc);
 		return ERR_PTR(rc);