| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180906225854.40989-2-keescook@chromium.org>
Date: Thu, 6 Sep 2018 15:58:51 -0700
From: Kees Cook <keescook@...omium.org>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Kees Cook <keescook@...omium.org>,
Eric Biggers <ebiggers@...gle.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Gilad Ben-Yossef <gilad@...yossef.com>,
Alexander Stein <alexander.stein@...tec-electronic.com>,
Antoine Tenart <antoine.tenart@...tlin.com>,
Boris Brezillon <boris.brezillon@...tlin.com>,
Arnaud Ebalard <arno@...isbad.org>,
Corentin Labbe <clabbe.montjoie@...il.com>,
Maxime Ripard <maxime.ripard@...tlin.com>,
Chen-Yu Tsai <wens@...e.org>,
Christian Lamparter <chunkeey@...il.com>,
Philippe Ombredanne <pombredanne@...b.com>,
Jonathan Cameron <Jonathan.Cameron@...wei.com>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org
Subject: [PATCH v2 1/4] crypto: skcipher - Consolidate encrypt/decrypt sanity check
In preparation to adding additional sanity checks before running an
skcipher request, this consolidates the open-coded checks into a single
function. Instead of passing both req and tfm into the new check this
just returns the tfm on success and an ERR_PTR on failure, keeping things
as clean as possible.
Signed-off-by: Kees Cook <keescook@...omium.org>
---
include/crypto/skcipher.h | 33 +++++++++++++++++++++++++++------
1 file changed, 27 insertions(+), 6 deletions(-)
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 2f327f090c3e..6e954d398e0f 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -422,6 +422,27 @@ static inline struct crypto_skcipher *crypto_skcipher_reqtfm(
return __crypto_skcipher_cast(req->base.tfm);
}
+/**
+ * crypto_skcipher_reqtfm_check() - obtain and check cipher handle from request
+ * @req: skcipher_request out of which the cipher handle is to be obtained
+ *
+ * Return the crypto_skcipher handle when furnishing an skcipher_request
+ * data structure. Check for error conditions that would make it unusable
+ * for an encrypt/decrypt call.
+ *
+ * Return: crypto_skcipher handle, or ERR_PTR on error.
+ */
+static inline struct crypto_skcipher *crypto_skcipher_reqtfm_check(
+ struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+
+ if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
+ return ERR_PTR(-ENOKEY);
+
+ return tfm;
+}
+
/**
* crypto_skcipher_encrypt() - encrypt plaintext
* @req: reference to the skcipher_request handle that holds all information
@@ -435,10 +456,10 @@ static inline struct crypto_skcipher *crypto_skcipher_reqtfm(
*/
static inline int crypto_skcipher_encrypt(struct skcipher_request *req)
{
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm_check(req);
- if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
- return -ENOKEY;
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
return tfm->encrypt(req);
}
@@ -456,10 +477,10 @@ static inline int crypto_skcipher_encrypt(struct skcipher_request *req)
*/
static inline int crypto_skcipher_decrypt(struct skcipher_request *req)
{
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm_check(req);
- if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
- return -ENOKEY;
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
return tfm->decrypt(req);
}
--
2.17.1
Powered by blists - more mailing lists