Hi David,
First, thanks for your review and suggestion!
於 三,2013-12-11 於 14:49 +0000,David Howells 提到:
> Lee, Chun-Yi <joeyli.kernel@xxxxxxxxx> wrote:
>
> > + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
> > + digest_size = crypto_shash_digestsize(tfm);
> > + digest = kzalloc(digest_size + desc_size, GFP_KERNEL);
> > + if (!digest) {
> > + pr_err("digest memory buffer allocate fail\n");
> > + ret = -ENOMEM;
> > + goto error_digest;
> > + }
> > + desc = (void *)digest + digest_size;
> > + desc->tfm = tfm;
> > + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
> > + ret = crypto_shash_init(desc);
> > + if (ret < 0)
> > + goto error_shash;
> > +
> > + ret = crypto_shash_finup(desc, mod, modlen, digest);
> > + if (ret < 0)
> > + goto error_shash;
>
> Can you use the digest generated by mod_make_digest() to avoid computing the
> hash twice?
>
> David
>
My original thinking is the algorithm of blacklisted hashes may not the
same with the hash of kernel module signature. But as you point out, now
I think maybe don't need this flexibility.
In next version, I will use the same hash algorithm as mod_make_digest()
to void computing it twice.
Thanks a lot!
Joey Lee
_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel
