diff options
| author | Eric Biggers <ebiggers@google.com> | 2023-10-12 22:56:13 -0700 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2023-10-20 13:39:26 +0800 |
| commit | 6dac6980754c6e19dc1f82dbd8c0a3383e26cf98 (patch) | |
| tree | face20052cfccf3734aa613908b709e0005f9312 /crypto/skcipher.c | |
| parent | ab230b6c7e63b47b853c2bb6023c26c054c2d6c5 (diff) | |
| download | linux-crypto-6dac6980754c6e19dc1f82dbd8c0a3383e26cf98.tar.gz linux-crypto-6dac6980754c6e19dc1f82dbd8c0a3383e26cf98.zip | |
crypto: skcipher - fix weak key check for lskciphers
When an algorithm of the new "lskcipher" type is exposed through the
"skcipher" API, calls to crypto_skcipher_setkey() don't pass on the
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS flag to the lskcipher. This causes
self-test failures for ecb(des), as weak keys are not rejected anymore.
Fix this.
Fixes: 17155679d03d ("crypto: skcipher - Add lskcipher")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/skcipher.c')
| -rw-r--r-- | crypto/skcipher.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/skcipher.c b/crypto/skcipher.c index b9496dc8..ac8b8c04 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -621,7 +621,13 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, int err; if (cipher->co.base.cra_type != &crypto_skcipher_type) { - err = crypto_lskcipher_setkey_sg(tfm, key, keylen); + struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm); + + crypto_lskcipher_clear_flags(*ctx, CRYPTO_TFM_REQ_MASK); + crypto_lskcipher_set_flags(*ctx, + crypto_skcipher_get_flags(tfm) & + CRYPTO_TFM_REQ_MASK); + err = crypto_lskcipher_setkey(*ctx, key, keylen); goto out; } |