git/linux-net
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/ synced 2026-04-17 22:23:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

crypto: skcipher - fix weak key check for lskciphers

Browse Source 
When an algorithm of the new "lskcipher" type is exposed through the
"skcipher" API, calls to crypto_skcipher_setkey() don't pass on the
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS flag to the lskcipher.  This causes
self-test failures for ecb(des), as weak keys are not rejected anymore.
Fix this.

Fixes: 31865c4c4d ("crypto: skcipher - Add lskcipher")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Eric Biggers
2023-10-12 22:56:13 -07:00
committed by Herbert Xu
parent 5acab6eb59
commit 7ec0a09d4e
3 changed files with 7 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/skcipher.c
View File

@@ -621,7 +621,13 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
int err;
if (cipher->co.base.cra_type != &crypto_skcipher_type) {
err = crypto_lskcipher_setkey_sg(tfm, key, keylen);
struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm);
crypto_lskcipher_clear_flags(*ctx, CRYPTO_TFM_REQ_MASK);
crypto_lskcipher_set_flags(*ctx,
crypto_skcipher_get_flags(tfm) &
CRYPTO_TFM_REQ_MASK);
err = crypto_lskcipher_setkey(*ctx, key, keylen);
goto out;
}