mirror of
https://github.com/torvalds/linux.git
synced 2026-05-12 16:18:45 +02:00
crypto: krb5enc - fix async decrypt skipping hash verification
krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher
callback, which is the caller's own completion handler. When the
skcipher completes asynchronously, this signals "done" to the caller
without executing krb5enc_dispatch_decrypt_hash(), completely bypassing
the integrity verification (hash check).
Compare with the encrypt path which correctly uses
krb5enc_encrypt_done as an intermediate callback to chain into the
hash computation on async completion.
Fix by adding krb5enc_decrypt_done as an intermediate callback that
chains into krb5enc_dispatch_decrypt_hash() upon async skcipher
completion, matching the encrypt path's callback pattern.
Also fix EBUSY/EINPROGRESS handling throughout: remove
krb5enc_request_complete() which incorrectly swallowed EINPROGRESS
notifications that must be passed up to callers waiting on backlogged
requests, and add missing EBUSY checks in krb5enc_encrypt_ahash_done
for the dispatch_encrypt return value.
Fixes: d1775a177f ("crypto: Add 'krb5enc' hash and cipher AEAD algorithm")
Signed-off-by: Dudu Lu <phx0fer@gmail.com>
Unset MAY_BACKLOG on the async completion path so the user won't
see back-to-back EINPROGRESS notifications.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Dudu Lu
Herbert Xu
parent
5aa58c3a57
commit
3bfbf5f0a9
|
|
@ -39,12 +39,6 @@ struct krb5enc_request_ctx {
|
|||
char tail[];
|
||||
};
|
||||
|
||||
static void krb5enc_request_complete(struct aead_request *req, int err)
|
||||
{
|
||||
if (err != -EINPROGRESS)
|
||||
aead_request_complete(req, err);
|
||||
}
|
||||
|
||||
/**
|
||||
* crypto_krb5enc_extractkeys - Extract Ke and Ki keys from the key blob.
|
||||
* @keys: Where to put the key sizes and pointers
|
||||
|
|
@ -127,7 +121,7 @@ static void krb5enc_encrypt_done(void *data, int err)
|
|||
{
|
||||
struct aead_request *req = data;
|
||||
|
||||
krb5enc_request_complete(req, err);
|
||||
aead_request_complete(req, err);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -188,14 +182,16 @@ static void krb5enc_encrypt_ahash_done(void *data, int err)
|
|||
struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
|
||||
|
||||
if (err)
|
||||
return krb5enc_request_complete(req, err);
|
||||
goto out;
|
||||
|
||||
krb5enc_insert_checksum(req, ahreq->result);
|
||||
|
||||
err = krb5enc_dispatch_encrypt(req,
|
||||
aead_request_flags(req) & ~CRYPTO_TFM_REQ_MAY_SLEEP);
|
||||
if (err != -EINPROGRESS)
|
||||
aead_request_complete(req, err);
|
||||
err = krb5enc_dispatch_encrypt(req, 0);
|
||||
if (err == -EINPROGRESS)
|
||||
return;
|
||||
|
||||
out:
|
||||
aead_request_complete(req, err);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -265,17 +261,16 @@ static void krb5enc_decrypt_hash_done(void *data, int err)
|
|||
{
|
||||
struct aead_request *req = data;
|
||||
|
||||
if (err)
|
||||
return krb5enc_request_complete(req, err);
|
||||
|
||||
err = krb5enc_verify_hash(req);
|
||||
krb5enc_request_complete(req, err);
|
||||
if (!err)
|
||||
err = krb5enc_verify_hash(req);
|
||||
aead_request_complete(req, err);
|
||||
}
|
||||
|
||||
/*
|
||||
* Dispatch the hashing of the plaintext after we've done the decryption.
|
||||
*/
|
||||
static int krb5enc_dispatch_decrypt_hash(struct aead_request *req)
|
||||
static int krb5enc_dispatch_decrypt_hash(struct aead_request *req,
|
||||
unsigned int flags)
|
||||
{
|
||||
struct crypto_aead *krb5enc = crypto_aead_reqtfm(req);
|
||||
struct aead_instance *inst = aead_alg_instance(krb5enc);
|
||||
|
|
@ -291,7 +286,7 @@ static int krb5enc_dispatch_decrypt_hash(struct aead_request *req)
|
|||
ahash_request_set_tfm(ahreq, auth);
|
||||
ahash_request_set_crypt(ahreq, req->dst, hash,
|
||||
req->assoclen + req->cryptlen - authsize);
|
||||
ahash_request_set_callback(ahreq, aead_request_flags(req),
|
||||
ahash_request_set_callback(ahreq, flags,
|
||||
krb5enc_decrypt_hash_done, req);
|
||||
|
||||
err = crypto_ahash_digest(ahreq);
|
||||
|
|
@ -301,6 +296,21 @@ static int krb5enc_dispatch_decrypt_hash(struct aead_request *req)
|
|||
return krb5enc_verify_hash(req);
|
||||
}
|
||||
|
||||
static void krb5enc_decrypt_done(void *data, int err)
|
||||
{
|
||||
struct aead_request *req = data;
|
||||
|
||||
if (err)
|
||||
goto out;
|
||||
|
||||
err = krb5enc_dispatch_decrypt_hash(req, 0);
|
||||
if (err == -EINPROGRESS)
|
||||
return;
|
||||
|
||||
out:
|
||||
aead_request_complete(req, err);
|
||||
}
|
||||
|
||||
/*
|
||||
* Dispatch the decryption of the ciphertext.
|
||||
*/
|
||||
|
|
@ -324,7 +334,7 @@ static int krb5enc_dispatch_decrypt(struct aead_request *req)
|
|||
|
||||
skcipher_request_set_tfm(skreq, ctx->enc);
|
||||
skcipher_request_set_callback(skreq, aead_request_flags(req),
|
||||
req->base.complete, req->base.data);
|
||||
krb5enc_decrypt_done, req);
|
||||
skcipher_request_set_crypt(skreq, src, dst,
|
||||
req->cryptlen - authsize, req->iv);
|
||||
|
||||
|
|
@ -339,7 +349,7 @@ static int krb5enc_decrypt(struct aead_request *req)
|
|||
if (err < 0)
|
||||
return err;
|
||||
|
||||
return krb5enc_dispatch_decrypt_hash(req);
|
||||
return krb5enc_dispatch_decrypt_hash(req, aead_request_flags(req));
|
||||
}
|
||||
|
||||
static int krb5enc_init_tfm(struct crypto_aead *tfm)
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user