evm: key must be set once during initialization

On multi-core systems, setting of the key before every caclculation,
causes invalid HMAC calculation for other tfm users, because internal
state (ipad, opad) can be invalid before set key call returns.
It needs to be set only once during initialization.

Signed-off-by: Dmitry Kasatkin <[email protected]>
Acked-by: Mimi Zohar <[email protected]>
Signed-off-by: James Morris <[email protected]>

diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 5dd5b140242cd8872b255c9e88878ab56155d07c..4ad657d8809730d8db975e699dc79696634f9d8a 100644 (file)
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -41,6 +41,12 @@ static struct shash_desc *init_desc(void)
                        hmac_tfm = NULL;
                        return ERR_PTR(rc);
                }
+               rc = crypto_shash_setkey(hmac_tfm, evmkey, evmkey_len);
+               if (rc) {
+                       crypto_free_shash(hmac_tfm);
+                       hmac_tfm = NULL;
+                       return ERR_PTR(rc);
+               }
        }
 
        desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(hmac_tfm),
@@ -51,11 +57,7 @@ static struct shash_desc *init_desc(void)
        desc->tfm = hmac_tfm;
        desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
 
-       rc = crypto_shash_setkey(hmac_tfm, evmkey, evmkey_len);
-       if (rc)
-               goto out;
        rc = crypto_shash_init(desc);
-out:
        if (rc) {
                kfree(desc);
                return ERR_PTR(rc);