[PATCH 1/2] MODSIGN: check hash of kernel module in blacklist
David Howells
dhowells at redhat.com
Wed Dec 11 14:49:31 UTC 2013
Lee, Chun-Yi <joeyli.kernel at gmail.com> wrote:
> + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
> + digest_size = crypto_shash_digestsize(tfm);
> + digest = kzalloc(digest_size + desc_size, GFP_KERNEL);
> + if (!digest) {
> + pr_err("digest memory buffer allocate fail\n");
> + ret = -ENOMEM;
> + goto error_digest;
> + }
> + desc = (void *)digest + digest_size;
> + desc->tfm = tfm;
> + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
> + ret = crypto_shash_init(desc);
> + if (ret < 0)
> + goto error_shash;
> +
> + ret = crypto_shash_finup(desc, mod, modlen, digest);
> + if (ret < 0)
> + goto error_shash;
Can you use the digest generated by mod_make_digest() to avoid computing the
hash twice?
David
More information about the kernel
mailing list