From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 3/3] crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
Date: Sun, 6 Jan 2019 18:47:44 -0800 [thread overview]
Message-ID: <20190107024744.4952-4-ebiggers@kernel.org> (raw)
In-Reply-To: <20190107024744.4952-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Some algorithms have a ->setkey() method that is not atomic, in the
sense that setting a key can fail after changes were already made to the
tfm context. In this case, if a key was already set the tfm can end up
in a state that corresponds to neither the old key nor the new key.
For example, in gcm.c, if the kzalloc() fails due to lack of memory,
then the CTR part of GCM will have the new key but GHASH will not.
It's not feasible to make all ->setkey() methods atomic, especially ones
that have to key multiple sub-tfms. Therefore, make the crypto API set
CRYPTO_TFM_NEED_KEY if ->setkey() fails, to prevent the tfm from being
used until a new key is set.
[Cc stable mainly because when introducing the NEED_KEY flag I changed
AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG
previously didn't have this problem. So these "incompletely keyed"
states became theoretically accessible via AF_ALG -- though, the
opportunities for causing real mischief seem pretty limited.]
Fixes: dc26c17f743a ("crypto: aead - prevent using AEADs without setting key")
Cc: <stable@vger.kernel.org> # v4.16+
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
crypto/aead.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/aead.c b/crypto/aead.c
index 189c52d1f63ab..4908b5e846f0e 100644
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -61,8 +61,10 @@ int crypto_aead_setkey(struct crypto_aead *tfm,
else
err = crypto_aead_alg(tfm)->setkey(tfm, key, keylen);
- if (err)
+ if (unlikely(err)) {
+ crypto_aead_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
return err;
+ }
crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
--
2.20.1
next prev parent reply other threads:[~2019-01-07 2:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-07 2:47 [PATCH 0/3] crypto: set CRYPTO_TFM_NEED_KEY if ->setkey() fails Eric Biggers
2019-01-07 2:47 ` [PATCH 1/3] crypto: hash - " Eric Biggers
2019-01-07 2:47 ` [PATCH 2/3] crypto: skcipher " Eric Biggers
2019-01-07 2:47 ` Eric Biggers [this message]
2019-01-18 10:55 ` [PATCH 0/3] crypto: " Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190107024744.4952-4-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).