diff options
| author | Eric Biggers <ebiggers@google.com> | 2023-10-12 22:56:13 -0700 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2023-10-20 13:39:26 +0800 |
| commit | 7ec0a09d4e84396b8c3c799b0add4399f5fdb7a6 (patch) | |
| tree | 368d41914a5276acc8be1e2df006655e43b25e5f /crypto | |
| parent | 5acab6eb592387191c1bb745ba9b815e1e076db5 (diff) | |
| download | linux-7ec0a09d4e84396b8c3c799b0add4399f5fdb7a6.tar.gz | |
crypto: skcipher - fix weak key check for lskciphers
When an algorithm of the new "lskcipher" type is exposed through the
"skcipher" API, calls to crypto_skcipher_setkey() don't pass on the
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS flag to the lskcipher. This causes
self-test failures for ecb(des), as weak keys are not rejected anymore.
Fix this.
Fixes: 31865c4c4db2 ("crypto: skcipher - Add lskcipher")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/lskcipher.c | 8 | ||||
| -rw-r--r-- | crypto/skcipher.c | 8 | ||||
| -rw-r--r-- | crypto/skcipher.h | 2 |
3 files changed, 7 insertions, 11 deletions
diff --git a/crypto/lskcipher.c b/crypto/lskcipher.c index cb6170ebcaa36c..9edc897309510b 100644 --- a/crypto/lskcipher.c +++ b/crypto/lskcipher.c @@ -194,14 +194,6 @@ int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src, } EXPORT_SYMBOL_GPL(crypto_lskcipher_decrypt); -int crypto_lskcipher_setkey_sg(struct crypto_skcipher *tfm, const u8 *key, - unsigned int keylen) -{ - struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm); - - return crypto_lskcipher_setkey(*ctx, key, keylen); -} - static int crypto_lskcipher_crypt_sg(struct skcipher_request *req, int (*crypt)(struct crypto_lskcipher *tfm, const u8 *src, u8 *dst, diff --git a/crypto/skcipher.c b/crypto/skcipher.c index b9496dc8a609f6..ac8b8c04265429 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -621,7 +621,13 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, int err; if (cipher->co.base.cra_type != &crypto_skcipher_type) { - err = crypto_lskcipher_setkey_sg(tfm, key, keylen); + struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm); + + crypto_lskcipher_clear_flags(*ctx, CRYPTO_TFM_REQ_MASK); + crypto_lskcipher_set_flags(*ctx, + crypto_skcipher_get_flags(tfm) & + CRYPTO_TFM_REQ_MASK); + err = crypto_lskcipher_setkey(*ctx, key, keylen); goto out; } diff --git a/crypto/skcipher.h b/crypto/skcipher.h index 6f1295f0fef24f..16c9484360dab0 100644 --- a/crypto/skcipher.h +++ b/crypto/skcipher.h @@ -20,8 +20,6 @@ static inline struct crypto_istat_cipher *skcipher_get_stat_common( #endif } -int crypto_lskcipher_setkey_sg(struct crypto_skcipher *tfm, const u8 *key, - unsigned int keylen); int crypto_lskcipher_encrypt_sg(struct skcipher_request *req); int crypto_lskcipher_decrypt_sg(struct skcipher_request *req); int crypto_init_lskcipher_ops_sg(struct crypto_tfm *tfm); |