Skip to content

Commit dd50458

Browse files
herbertxherbertx
committed
crypto: algif_skcipher - Require setkey before accept(2)
Some cipher implementations will crash if you try to use them without calling setkey first. This patch adds a check so that the accept(2) call will fail with -ENOKEY if setkey hasn't been done on the socket yet. Cc: [email protected] Reported-by: Dmitry Vyukov <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Tested-by: Dmitry Vyukov <[email protected]>
1 parent c597b6b commit dd50458

File tree

1 file changed

+41
-7
lines changed

1 file changed

+41
-7
lines changed

crypto/algif_skcipher.c

Lines changed: 41 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,11 @@ struct skcipher_sg_list {
3131
struct scatterlist sg[0];
3232
};
3333

34+
struct skcipher_tfm {
35+
struct crypto_skcipher *skcipher;
36+
bool has_key;
37+
};
38+
3439
struct skcipher_ctx {
3540
struct list_head tsgl;
3641
struct af_alg_sgl rsgl;
@@ -750,17 +755,41 @@ static struct proto_ops algif_skcipher_ops = {
750755

751756
static void *skcipher_bind(const char *name, u32 type, u32 mask)
752757
{
753-
return crypto_alloc_skcipher(name, type, mask);
758+
struct skcipher_tfm *tfm;
759+
struct crypto_skcipher *skcipher;
760+
761+
tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
762+
if (!tfm)
763+
return ERR_PTR(-ENOMEM);
764+
765+
skcipher = crypto_alloc_skcipher(name, type, mask);
766+
if (IS_ERR(skcipher)) {
767+
kfree(tfm);
768+
return ERR_CAST(skcipher);
769+
}
770+
771+
tfm->skcipher = skcipher;
772+
773+
return tfm;
754774
}
755775

756776
static void skcipher_release(void *private)
757777
{
758-
crypto_free_skcipher(private);
778+
struct skcipher_tfm *tfm = private;
779+
780+
crypto_free_skcipher(tfm->skcipher);
781+
kfree(tfm);
759782
}
760783

761784
static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
762785
{
763-
return crypto_skcipher_setkey(private, key, keylen);
786+
struct skcipher_tfm *tfm = private;
787+
int err;
788+
789+
err = crypto_skcipher_setkey(tfm->skcipher, key, keylen);
790+
tfm->has_key = !err;
791+
792+
return err;
764793
}
765794

766795
static void skcipher_wait(struct sock *sk)
@@ -792,20 +821,25 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
792821
{
793822
struct skcipher_ctx *ctx;
794823
struct alg_sock *ask = alg_sk(sk);
795-
unsigned int len = sizeof(*ctx) + crypto_skcipher_reqsize(private);
824+
struct skcipher_tfm *tfm = private;
825+
struct crypto_skcipher *skcipher = tfm->skcipher;
826+
unsigned int len = sizeof(*ctx) + crypto_skcipher_reqsize(skcipher);
827+
828+
if (!tfm->has_key)
829+
return -ENOKEY;
796830

797831
ctx = sock_kmalloc(sk, len, GFP_KERNEL);
798832
if (!ctx)
799833
return -ENOMEM;
800834

801-
ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(private),
835+
ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(skcipher),
802836
GFP_KERNEL);
803837
if (!ctx->iv) {
804838
sock_kfree_s(sk, ctx, len);
805839
return -ENOMEM;
806840
}
807841

808-
memset(ctx->iv, 0, crypto_skcipher_ivsize(private));
842+
memset(ctx->iv, 0, crypto_skcipher_ivsize(skcipher));
809843

810844
INIT_LIST_HEAD(&ctx->tsgl);
811845
ctx->len = len;
@@ -818,7 +852,7 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
818852

819853
ask->private = ctx;
820854

821-
skcipher_request_set_tfm(&ctx->req, private);
855+
skcipher_request_set_tfm(&ctx->req, skcipher);
822856
skcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
823857
af_alg_complete, &ctx->completion);
824858

0 commit comments

Comments
 (0)