Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp608104img; Fri, 22 Mar 2019 05:05:04 -0700 (PDT) X-Google-Smtp-Source: APXvYqxB8t6Sf2WNTZi2cXrhk6wGjfAN+GJOe1e84cNL10HNVrjpr8/6vSS3NIrROEemUbGFmRhp X-Received: by 2002:a62:469a:: with SMTP id o26mr9014607pfi.251.1553256304463; Fri, 22 Mar 2019 05:05:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553256304; cv=none; d=google.com; s=arc-20160816; b=JTME25iN4xCAqf1syVJOhwM5ukaiBFH3wGV+x8WL3qufGtnVAwrQ2cBci7P5oZclP7 bk9byLU0OvO8VcuYAiqHQMmhFwlZFDjekibpv4DZTZNM+eXjuMkxoa+jn2aNpdNf8Ujf zDTOtH6WBL5YL1XegDoDX2Q6tFmkUpjhQXzXSvH0EzSvTDhekr8HX8YJmnzNrdtJXqHY A3UJHOcMq6OXPoZD+P114/ojG9EQStsifDHG8bSOh/O+ME+q1avBBV9zEjpA2rRzTgbQ bG6Z6EVcJr/ZbOeiFClEdgOpqGrQPBlBStbYWzG66pDxaJVI2OG/bk9BPVIOixykqK4n XPxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=BEUh8h5GWQMcW7MSpgMu8NrdyW0etYantz3qXmOg/E0=; b=qVFQquNg563PN1dqeSCQa/B5VQVEy7+eNL/Z5yA52q+nl53j1cUHOGgjFkqFdUH/jS XgjZawmX/NGbs7mHBSrWx7+Bgds+Uz1PoFe9PRsbWcWbSOkW3fLZ2jThnyB6wzDrhAgF VjTlvWvLuZp6cNJG8Je79xTwmrd/IyTVRH7Bd+25BOOEPVjLLwDeT1azo5UySPG+RuvK hOW6DoFBPN3NYI4UGCX1r8iobWgXytLGSXT7QMIh5xCqDx1KtQTISoiInlEWWt3kHrlK DXp+84uzXVXD/ndJCBGizPe9qFyyoMHhmal3dtHb9DxlKwyVcKIYdDOVEVZhrdoawmY/ tpnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DJXGWPT6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n9si6636178pgc.472.2019.03.22.05.04.49; Fri, 22 Mar 2019 05:05:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DJXGWPT6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388523AbfCVMDa (ORCPT + 99 others); Fri, 22 Mar 2019 08:03:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:41790 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388006AbfCVMD0 (ORCPT ); Fri, 22 Mar 2019 08:03:26 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2CEAB2192D; Fri, 22 Mar 2019 12:03:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553256205; bh=QbvNhy8Ej3o/CvzZ4WzmYdmiQJ0Rx7RPSEEQJZ08JTM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DJXGWPT6mlWlx26XvEfCGY0jYPWhV7JRdR+qasCTzuaoiA4/OEasIih2kXrS/3MFl rtrPkR6iCbtr9HQBuwaZPK4qAVioEAl4hJDnNBdf/Ga+N+NU+n3LYavfQabNUM4BD2 7n2y19d2cgcZ6JhNdXvK7YrnKxZhWjGVnpQ2GTUw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Herbert Xu Subject: [PATCH 4.19 122/280] crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails Date: Fri, 22 Mar 2019 12:14:35 +0100 Message-Id: <20190322111315.233781299@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190322111306.356185024@linuxfoundation.org> References: <20190322111306.356185024@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Eric Biggers commit 6ebc97006b196aafa9df0497fdfa866cf26f259b upstream. Some algorithms have a ->setkey() method that is not atomic, in the sense that setting a key can fail after changes were already made to the tfm context. In this case, if a key was already set the tfm can end up in a state that corresponds to neither the old key nor the new key. For example, in gcm.c, if the kzalloc() fails due to lack of memory, then the CTR part of GCM will have the new key but GHASH will not. It's not feasible to make all ->setkey() methods atomic, especially ones that have to key multiple sub-tfms. Therefore, make the crypto API set CRYPTO_TFM_NEED_KEY if ->setkey() fails, to prevent the tfm from being used until a new key is set. [Cc stable mainly because when introducing the NEED_KEY flag I changed AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG previously didn't have this problem. So these "incompletely keyed" states became theoretically accessible via AF_ALG -- though, the opportunities for causing real mischief seem pretty limited.] Fixes: dc26c17f743a ("crypto: aead - prevent using AEADs without setting key") Cc: # v4.16+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/aead.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/crypto/aead.c +++ b/crypto/aead.c @@ -61,8 +61,10 @@ int crypto_aead_setkey(struct crypto_aea else err = crypto_aead_alg(tfm)->setkey(tfm, key, keylen); - if (err) + if (unlikely(err)) { + crypto_aead_set_flags(tfm, CRYPTO_TFM_NEED_KEY); return err; + } crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); return 0;