Commit 456bee98 authored by Herbert Xu's avatar Herbert Xu
Browse files

KEYS: Fix skcipher IV clobbering

The IV must not be modified by the skcipher operation so we need
to duplicate it.

Fixes: c3917fd9

 ("KEYS: Use skcipher")
Cc: stable@vger.kernel.org
Reported-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 2db34e78
...@@ -29,6 +29,7 @@ ...@@ -29,6 +29,7 @@
#include <linux/rcupdate.h> #include <linux/rcupdate.h>
#include <linux/scatterlist.h> #include <linux/scatterlist.h>
#include <linux/ctype.h> #include <linux/ctype.h>
#include <crypto/aes.h>
#include <crypto/hash.h> #include <crypto/hash.h>
#include <crypto/sha.h> #include <crypto/sha.h>
#include <crypto/skcipher.h> #include <crypto/skcipher.h>
...@@ -478,6 +479,7 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload, ...@@ -478,6 +479,7 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
struct crypto_skcipher *tfm; struct crypto_skcipher *tfm;
struct skcipher_request *req; struct skcipher_request *req;
unsigned int encrypted_datalen; unsigned int encrypted_datalen;
u8 iv[AES_BLOCK_SIZE];
unsigned int padlen; unsigned int padlen;
char pad[16]; char pad[16];
int ret; int ret;
...@@ -500,8 +502,8 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload, ...@@ -500,8 +502,8 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
sg_init_table(sg_out, 1); sg_init_table(sg_out, 1);
sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen); sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen);
skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, memcpy(iv, epayload->iv, sizeof(iv));
epayload->iv); skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
ret = crypto_skcipher_encrypt(req); ret = crypto_skcipher_encrypt(req);
tfm = crypto_skcipher_reqtfm(req); tfm = crypto_skcipher_reqtfm(req);
skcipher_request_free(req); skcipher_request_free(req);
...@@ -581,6 +583,7 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload, ...@@ -581,6 +583,7 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
struct crypto_skcipher *tfm; struct crypto_skcipher *tfm;
struct skcipher_request *req; struct skcipher_request *req;
unsigned int encrypted_datalen; unsigned int encrypted_datalen;
u8 iv[AES_BLOCK_SIZE];
char pad[16]; char pad[16];
int ret; int ret;
...@@ -599,8 +602,8 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload, ...@@ -599,8 +602,8 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
epayload->decrypted_datalen); epayload->decrypted_datalen);
sg_set_buf(&sg_out[1], pad, sizeof pad); sg_set_buf(&sg_out[1], pad, sizeof pad);
skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, memcpy(iv, epayload->iv, sizeof(iv));
epayload->iv); skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
ret = crypto_skcipher_decrypt(req); ret = crypto_skcipher_decrypt(req);
tfm = crypto_skcipher_reqtfm(req); tfm = crypto_skcipher_reqtfm(req);
skcipher_request_free(req); skcipher_request_free(req);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment