On 3/9/2026 4:03 PM, Mimi Zohar wrote:
On Thu, 2026-02-19 at 10:26 +0100, Roberto Sassu wrote:
On Thu, 2026-02-05 at 21:42 -0500, Daniel Hodges wrote:
The crypto_shash_update() and crypto_shash_final() functions can fail
and return error codes, but their return values were not being checked
in several places in security/integrity/evm/evm_crypto.c:
- hmac_add_misc() ignored returns from crypto_shash_update() and
crypto_shash_final()
- evm_calc_hmac_or_hash() ignored returns from crypto_shash_update()
- evm_init_hmac() ignored returns from crypto_shash_update()
If these hash operations fail silently, the resulting HMAC could be
invalid or incomplete, which could weaken the integrity verification
security that EVM provides.
This patch converts hmac_add_misc() from void to int return type and
adds proper error checking and propagation for all crypto_shash_*
function calls. All callers are updated to handle the new return values.
Additionally, error messages are logged when cryptographic operations
fail to provide visibility into the failure rather than silently
returning error codes.
Fixes: 66dbc325afce ("evm: re-release")
Signed-off-by: Daniel Hodges <[email protected]>
After fixing the minor issue below:
Reviewed-by: Roberto Sassu <[email protected]>
Thanks Daniel, Roberto. Daniel there are a couple of places where the line
length is greater than 80. To see them, add "--max-line-length=80" to
scripts/checkpatch.pl. I'd appreciate your fixing them. Otherwise, the patch
looks good.
Daniel, do you have time to fix the style issues, so that we upstream
your patch?
Thanks
Roberto
