summaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2023-10-12 22:56:13 -0700
committerHerbert Xu <herbert@gondor.apana.org.au>2023-10-20 13:39:26 +0800
commit7ec0a09d4e84396b8c3c799b0add4399f5fdb7a6 (patch)
tree368d41914a5276acc8be1e2df006655e43b25e5f /crypto
parent5acab6eb592387191c1bb745ba9b815e1e076db5 (diff)
downloadlwn-7ec0a09d4e84396b8c3c799b0add4399f5fdb7a6.tar.gz
lwn-7ec0a09d4e84396b8c3c799b0add4399f5fdb7a6.zip
crypto: skcipher - fix weak key check for lskciphers
When an algorithm of the new "lskcipher" type is exposed through the "skcipher" API, calls to crypto_skcipher_setkey() don't pass on the CRYPTO_TFM_REQ_FORBID_WEAK_KEYS flag to the lskcipher. This causes self-test failures for ecb(des), as weak keys are not rejected anymore. Fix this. Fixes: 31865c4c4db2 ("crypto: skcipher - Add lskcipher") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/lskcipher.c8
-rw-r--r--crypto/skcipher.c8
-rw-r--r--crypto/skcipher.h2
3 files changed, 7 insertions, 11 deletions
diff --git a/crypto/lskcipher.c b/crypto/lskcipher.c
index cb6170ebcaa3..9edc89730951 100644
--- a/crypto/lskcipher.c
+++ b/crypto/lskcipher.c
@@ -194,14 +194,6 @@ int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src,
}
EXPORT_SYMBOL_GPL(crypto_lskcipher_decrypt);
-int crypto_lskcipher_setkey_sg(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keylen)
-{
- struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm);
-
- return crypto_lskcipher_setkey(*ctx, key, keylen);
-}
-
static int crypto_lskcipher_crypt_sg(struct skcipher_request *req,
int (*crypt)(struct crypto_lskcipher *tfm,
const u8 *src, u8 *dst,
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index b9496dc8a609..ac8b8c042654 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -621,7 +621,13 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
int err;
if (cipher->co.base.cra_type != &crypto_skcipher_type) {
- err = crypto_lskcipher_setkey_sg(tfm, key, keylen);
+ struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm);
+
+ crypto_lskcipher_clear_flags(*ctx, CRYPTO_TFM_REQ_MASK);
+ crypto_lskcipher_set_flags(*ctx,
+ crypto_skcipher_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_lskcipher_setkey(*ctx, key, keylen);
goto out;
}
diff --git a/crypto/skcipher.h b/crypto/skcipher.h
index 6f1295f0fef2..16c9484360da 100644
--- a/crypto/skcipher.h
+++ b/crypto/skcipher.h
@@ -20,8 +20,6 @@ static inline struct crypto_istat_cipher *skcipher_get_stat_common(
#endif
}
-int crypto_lskcipher_setkey_sg(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keylen);
int crypto_lskcipher_encrypt_sg(struct skcipher_request *req);
int crypto_lskcipher_decrypt_sg(struct skcipher_request *req);
int crypto_init_lskcipher_ops_sg(struct crypto_tfm *tfm);