Hi David,
First, thanks for your review and suggestion!
於 三,2013-12-11 於 14:49 +0000,David Howells 提到:
Lee, Chun-Yi <joeyli.kernel(a)gmail.com> wrote:
> + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
> + digest_size = crypto_shash_digestsize(tfm);
> + digest = kzalloc(digest_size + desc_size, GFP_KERNEL);
> + if (!digest) {
> + pr_err("digest memory buffer allocate fail\n");
> + ret = -ENOMEM;
> + goto error_digest;
> + }
> + desc = (void *)digest + digest_size;
> + desc->tfm = tfm;
> + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
> + ret = crypto_shash_init(desc);
> + if (ret < 0)
> + goto error_shash;
> +
> + ret = crypto_shash_finup(desc, mod, modlen, digest);
> + if (ret < 0)
> + goto error_shash;
Can you use the digest generated by mod_make_digest() to avoid computing the
hash twice?
David
My original thinking is the algorithm of blacklisted hashes may not the
same with the hash of kernel module signature. But as you point out, now
I think maybe don't need this flexibility.
In next version, I will use the same hash algorithm as mod_make_digest()
to void computing it twice.
Thanks a lot!
Joey Lee