From 7ec0a09d4e84396b8c3c799b0add4399f5fdb7a6 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 12 Oct 2023 22:56:13 -0700 Subject: crypto: skcipher - fix weak key check for lskciphers When an algorithm of the new "lskcipher" type is exposed through the "skcipher" API, calls to crypto_skcipher_setkey() don't pass on the CRYPTO_TFM_REQ_FORBID_WEAK_KEYS flag to the lskcipher. This causes self-test failures for ecb(des), as weak keys are not rejected anymore. Fix this. Fixes: 31865c4c4db2 ("crypto: skcipher - Add lskcipher") Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/lskcipher.c | 8 -------- crypto/skcipher.c | 8 +++++++- crypto/skcipher.h | 2 -- 3 files changed, 7 insertions(+), 11 deletions(-) (limited to 'crypto') diff --git a/crypto/lskcipher.c b/crypto/lskcipher.c index cb6170ebcaa3..9edc89730951 100644 --- a/crypto/lskcipher.c +++ b/crypto/lskcipher.c @@ -194,14 +194,6 @@ int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src, } EXPORT_SYMBOL_GPL(crypto_lskcipher_decrypt); -int crypto_lskcipher_setkey_sg(struct crypto_skcipher *tfm, const u8 *key, - unsigned int keylen) -{ - struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm); - - return crypto_lskcipher_setkey(*ctx, key, keylen); -} - static int crypto_lskcipher_crypt_sg(struct skcipher_request *req, int (*crypt)(struct crypto_lskcipher *tfm, const u8 *src, u8 *dst, diff --git a/crypto/skcipher.c b/crypto/skcipher.c index b9496dc8a609..ac8b8c042654 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -621,7 +621,13 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, int err; if (cipher->co.base.cra_type != &crypto_skcipher_type) { - err = crypto_lskcipher_setkey_sg(tfm, key, keylen); + struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm); + + crypto_lskcipher_clear_flags(*ctx, CRYPTO_TFM_REQ_MASK); + crypto_lskcipher_set_flags(*ctx, + crypto_skcipher_get_flags(tfm) & + CRYPTO_TFM_REQ_MASK); + err = crypto_lskcipher_setkey(*ctx, key, keylen); goto out; } diff --git a/crypto/skcipher.h b/crypto/skcipher.h index 6f1295f0fef2..16c9484360da 100644 --- a/crypto/skcipher.h +++ b/crypto/skcipher.h @@ -20,8 +20,6 @@ static inline struct crypto_istat_cipher *skcipher_get_stat_common( #endif } -int crypto_lskcipher_setkey_sg(struct crypto_skcipher *tfm, const u8 *key, - unsigned int keylen); int crypto_lskcipher_encrypt_sg(struct skcipher_request *req); int crypto_lskcipher_decrypt_sg(struct skcipher_request *req); int crypto_init_lskcipher_ops_sg(struct crypto_tfm *tfm); -- cgit v1.2.3