Skip to content

GitLab

Switch branch/tag
History Find file
Clone
crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
Eric Biggers authored 
Some algorithms have a ->setkey() method that is not atomic, in the
sense that setting a key can fail after changes were already made to the
tfm context.  In this case, if a key was already set the tfm can end up
in a state that corresponds to neither the old key nor the new key.

It's not feasible to make all ->setkey() methods atomic, especially ones
that have to key multiple sub-tfms.  Therefore, make the crypto API set
CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a
key, to prevent the tfm from being used until a new key is set.

Note: we can't set CRYPTO_TFM_NEED_KEY for OPTIONAL_KEY algorithms, so
->setkey() for those must nevertheless be atomic.  That's fine for now
since only the crc32 and crc32c algorithms set OPTIONAL_KEY, and it's
not intended that OPTIONAL_KEY be used much.

[Cc stable mainly because when introducing the NEED_KEY flag I changed
 AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG
 previously didn't have this problem.  So these "incompletely keyed"
 states became theoretically accessible via AF_ALG -- though, the
 opportunities for causing real mischief seem pretty limited.]

Fixes: 9fa68f62

 ("crypto: hash - prevent using keyed hashes without setting key")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
ba7d7433
Name Last commit Last update
Documentation Merge tag 'kbuild-v4.21-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
LICENSES Merge tag 'docs-4.20' of git://git.lwn.net/linux
arch Merge tag 'kbuild-v4.21-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
block Merge tag 'for-4.21/block-20190102' of git://git.kernel.dk/linux-block
certs kbuild: remove redundant target cleaning on failure
crypto crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
drivers crypto: virtio - clean up indentation, replace spaces with tab
firmware kbuild: change filechk to surround the given command with { }
fs Merge tag 'fscrypt_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt
include crypto: algapi - remove crypto_alloc_instance()
init jump_label: move 'asm goto' support test to Kconfig
ipc ipc: IPCMNI limit check for semmni
kernel Merge tag 'kbuild-v4.21-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
lib Merge tag 'kbuild-v4.21-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
mm Change mincore() to count "mapped" pages rather than "cached" pages
net jump_label: move 'asm goto' support test to Kconfig
samples Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
scripts kconfig: rename generated .*conf-cfg to *conf-cfg
security Merge branch 'mount.part1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
sound Remove 'type' argument from access_ok() function
tools Merge tag 'kbuild-v4.21-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
usr user/Makefile: Fix typo and capitalization in comment section
virt Merge branch 'akpm' (patches from Andrew)
.clang-format page cache: Convert find_get_pages_contig to XArray
.cocciconfig scripts: add Linux .cocciconfig for coccinelle
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile
README
README
Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7