crypto: skcipher - fix weak key check for lskciphers
When an algorithm of the new "lskcipher" type is exposed through the
"skcipher" API, calls to crypto_skcipher_setkey() don't pass on the
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS flag to the lskcipher. This causes
self-test failures for ecb(des), as weak keys are not rejected anymore.
Fix this.
Fixes: 31865c4c4d
("crypto: skcipher - Add lskcipher")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
5acab6eb59
commit
7ec0a09d4e
@ -194,14 +194,6 @@ int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src,
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(crypto_lskcipher_decrypt);
|
||||
|
||||
int crypto_lskcipher_setkey_sg(struct crypto_skcipher *tfm, const u8 *key,
|
||||
unsigned int keylen)
|
||||
{
|
||||
struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm);
|
||||
|
||||
return crypto_lskcipher_setkey(*ctx, key, keylen);
|
||||
}
|
||||
|
||||
static int crypto_lskcipher_crypt_sg(struct skcipher_request *req,
|
||||
int (*crypt)(struct crypto_lskcipher *tfm,
|
||||
const u8 *src, u8 *dst,
|
||||
|
@ -621,7 +621,13 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
||||
int err;
|
||||
|
||||
if (cipher->co.base.cra_type != &crypto_skcipher_type) {
|
||||
err = crypto_lskcipher_setkey_sg(tfm, key, keylen);
|
||||
struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm);
|
||||
|
||||
crypto_lskcipher_clear_flags(*ctx, CRYPTO_TFM_REQ_MASK);
|
||||
crypto_lskcipher_set_flags(*ctx,
|
||||
crypto_skcipher_get_flags(tfm) &
|
||||
CRYPTO_TFM_REQ_MASK);
|
||||
err = crypto_lskcipher_setkey(*ctx, key, keylen);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -20,8 +20,6 @@ static inline struct crypto_istat_cipher *skcipher_get_stat_common(
|
||||
#endif
|
||||
}
|
||||
|
||||
int crypto_lskcipher_setkey_sg(struct crypto_skcipher *tfm, const u8 *key,
|
||||
unsigned int keylen);
|
||||
int crypto_lskcipher_encrypt_sg(struct skcipher_request *req);
|
||||
int crypto_lskcipher_decrypt_sg(struct skcipher_request *req);
|
||||
int crypto_init_lskcipher_ops_sg(struct crypto_tfm *tfm);
|
||||
|
Loading…
Reference in New Issue
Block a user