diff options
| author | Eric Biggers <ebiggers@google.com> | 2018-01-03 14:16:30 -0500 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2018-01-12 07:03:39 -0500 |
| commit | dc26c17f743aa8e4720a5fda577dde855f2e36f8 (patch) | |
| tree | fcd23cb048b79d5d3a83a0901aae8289da8e46cc /crypto/algif_aead.c | |
| parent | f8d33fac84806eebd2ba31a3136066eeca19255f (diff) | |
crypto: aead - prevent using AEADs without setting key
Similar to what was done for the hash API, update the AEAD API to track
whether each transform has been keyed, and reject encryption/decryption
if a key is needed but one hasn't been set.
This isn't quite as important as the equivalent fix for the hash API
because AEADs always require a key, so are unlikely to be used without
one. Still, tracking the key will prevent accidental unkeyed use.
algif_aead also had to track the key anyway, so the new flag replaces
that and slightly simplifies the algif_aead implementation.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/algif_aead.c')
| -rw-r--r-- | crypto/algif_aead.c | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index d963c8cf8a55..4b07edd5a9ff 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c | |||
| @@ -42,7 +42,6 @@ | |||
| 42 | 42 | ||
| 43 | struct aead_tfm { | 43 | struct aead_tfm { |
| 44 | struct crypto_aead *aead; | 44 | struct crypto_aead *aead; |
| 45 | bool has_key; | ||
| 46 | struct crypto_skcipher *null_tfm; | 45 | struct crypto_skcipher *null_tfm; |
| 47 | }; | 46 | }; |
| 48 | 47 | ||
| @@ -398,7 +397,7 @@ static int aead_check_key(struct socket *sock) | |||
| 398 | 397 | ||
| 399 | err = -ENOKEY; | 398 | err = -ENOKEY; |
| 400 | lock_sock_nested(psk, SINGLE_DEPTH_NESTING); | 399 | lock_sock_nested(psk, SINGLE_DEPTH_NESTING); |
| 401 | if (!tfm->has_key) | 400 | if (crypto_aead_get_flags(tfm->aead) & CRYPTO_TFM_NEED_KEY) |
| 402 | goto unlock; | 401 | goto unlock; |
| 403 | 402 | ||
| 404 | if (!pask->refcnt++) | 403 | if (!pask->refcnt++) |
| @@ -523,12 +522,8 @@ static int aead_setauthsize(void *private, unsigned int authsize) | |||
| 523 | static int aead_setkey(void *private, const u8 *key, unsigned int keylen) | 522 | static int aead_setkey(void *private, const u8 *key, unsigned int keylen) |
| 524 | { | 523 | { |
| 525 | struct aead_tfm *tfm = private; | 524 | struct aead_tfm *tfm = private; |
| 526 | int err; | ||
| 527 | |||
| 528 | err = crypto_aead_setkey(tfm->aead, key, keylen); | ||
| 529 | tfm->has_key = !err; | ||
| 530 | 525 | ||
| 531 | return err; | 526 | return crypto_aead_setkey(tfm->aead, key, keylen); |
| 532 | } | 527 | } |
| 533 | 528 | ||
| 534 | static void aead_sock_destruct(struct sock *sk) | 529 | static void aead_sock_destruct(struct sock *sk) |
| @@ -589,7 +584,7 @@ static int aead_accept_parent(void *private, struct sock *sk) | |||
| 589 | { | 584 | { |
| 590 | struct aead_tfm *tfm = private; | 585 | struct aead_tfm *tfm = private; |
| 591 | 586 | ||
| 592 | if (!tfm->has_key) | 587 | if (crypto_aead_get_flags(tfm->aead) & CRYPTO_TFM_NEED_KEY) |
| 593 | return -ENOKEY; | 588 | return -ENOKEY; |
| 594 | 589 | ||
| 595 | return aead_accept_parent_nokey(private, sk); | 590 | return aead_accept_parent_nokey(private, sk); |