summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitry Kasatkin <dmitry.kasatkin@intel.com>2011-12-05 15:17:41 +0400
committerDmitry Kasatkin <dmitry.kasatkin@intel.com>2011-12-20 19:45:45 +0400
commitd21b59451886cb82448302f8d6f9ac87c3bd56cf (patch)
treef2842dca9ee3c2c3febbe2f6984bb2c5e2a34c28
parent511585a28e5b5fd1cac61e601e42efc4c5dd64b5 (diff)
downloadlinux-d21b59451886cb82448302f8d6f9ac87c3bd56cf.tar.xz
evm: key must be set once during initialization
On multi-core systems, setting of the key before every caclculation, causes invalid HMAC calculation for other tfm users, because internal state (ipad, opad) can be invalid before set key call returns. It needs to be set only once during initialization. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/integrity/evm/evm_crypto.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 5dd5b140242c..4ad657d88097 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -41,6 +41,12 @@ static struct shash_desc *init_desc(void)
hmac_tfm = NULL;
return ERR_PTR(rc);
}
+ rc = crypto_shash_setkey(hmac_tfm, evmkey, evmkey_len);
+ if (rc) {
+ crypto_free_shash(hmac_tfm);
+ hmac_tfm = NULL;
+ return ERR_PTR(rc);
+ }
}
desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(hmac_tfm),
@@ -51,11 +57,7 @@ static struct shash_desc *init_desc(void)
desc->tfm = hmac_tfm;
desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
- rc = crypto_shash_setkey(hmac_tfm, evmkey, evmkey_len);
- if (rc)
- goto out;
rc = crypto_shash_init(desc);
-out:
if (rc) {
kfree(desc);
return ERR_PTR(rc);