Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 88d7ed35 authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by James Morris
Browse files

evm: key must be set once during initialization 



On multi-core systems, setting of the key before every caclculation,
causes invalid HMAC calculation for other tfm users, because internal
state (ipad, opad) can be invalid before set key call returns.
It needs to be set only once during initialization.

Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: default avatarMimi Zohar <zohar@us.ibm.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent fe0e94c5

security/integrity/evm/evm_crypto.c

+8 −7
Original line number Diff line number Diff line
@@ -52,6 +52,14 @@ static struct shash_desc *init_desc(const char type) 
			*tfm = NULL;

			return ERR_PTR(rc);

		}

		if (type == EVM_XATTR_HMAC) {

			rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);

			if (rc) {

				crypto_free_shash(*tfm);

				*tfm = NULL;

				return ERR_PTR(rc);

			}

		}

	}



	desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
@@ -62,14 +70,7 @@ static struct shash_desc *init_desc(const char type) 
	desc->tfm = *tfm;

	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;



	if (type == EVM_XATTR_HMAC) {

		rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);

		if (rc)

			goto out;

	}



	rc = crypto_shash_init(desc);

out:

	if (rc) {

		kfree(desc);

		return ERR_PTR(rc);