Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / shift / mainline / d21b59451886cb82448302f8d6f9ac87c3bd56cf^! / .
commitd21b59451886cb82448302f8d6f9ac87c3bd56cf[log] [tgz]
authorDmitry Kasatkin <dmitry.kasatkin@intel.com>Mon Dec 05 13:17:41 2011 +0200
committerDmitry Kasatkin <dmitry.kasatkin@intel.com>Tue Dec 20 17:45:45 2011 +0200
treef2842dca9ee3c2c3febbe2f6984bb2c5e2a34c28
parent511585a28e5b5fd1cac61e601e42efc4c5dd64b5 [diff]
evm: key must be set once during initialization

On multi-core systems, setting of the key before every caclculation,
causes invalid HMAC calculation for other tfm users, because internal
state (ipad, opad) can be invalid before set key call returns.
It needs to be set only once during initialization.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 5dd5b140..4ad657d 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c

@@ -41,6 +41,12 @@
 			hmac_tfm = NULL;
 			return ERR_PTR(rc);
 		}
+		rc = crypto_shash_setkey(hmac_tfm, evmkey, evmkey_len);
+		if (rc) {
+			crypto_free_shash(hmac_tfm);
+			hmac_tfm = NULL;
+			return ERR_PTR(rc);
+		}
 	}
 
 	desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(hmac_tfm),
@@ -51,11 +57,7 @@
 	desc->tfm = hmac_tfm;
 	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
 
-	rc = crypto_shash_setkey(hmac_tfm, evmkey, evmkey_len);
-	if (rc)
-		goto out;
 	rc = crypto_shash_init(desc);
-out:
 	if (rc) {
 		kfree(desc);
 		return ERR_PTR(rc);