crypto: skcipher - fix weak key check for lskciphers When an algorithm of the new "lskcipher" type is exposed through the "skcipher" API, calls to crypto_skcipher_setkey() don't pass on the CRYPTO_TFM_REQ_FORBID_WEAK_KEYS flag to the lskcipher. This causes self-test failures for ecb(des), as weak keys are not rejected anymore. Fix this. Fixes: 31865c4c4db2 ("crypto: skcipher - Add lskcipher") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

commit: 7ec0a09d4e84396b8c3c799b0add4399f5fdb7a6 [log] [tgz]
author: Eric Biggers <ebiggers@google.com> Thu Oct 12 22:56:13 2023 -0700
committer: Herbert Xu <herbert@gondor.apana.org.au> Fri Oct 20 13:39:26 2023 +0800
tree: 368d41914a5276acc8be1e2df006655e43b25e5f
parent: 5acab6eb592387191c1bb745ba9b815e1e076db5 [diff] [blame]
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index b9496dc..ac8b8c0 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c

@@ -621,7 +621,13 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
 	int err;
 
 	if (cipher->co.base.cra_type != &crypto_skcipher_type) {
-		err = crypto_lskcipher_setkey_sg(tfm, key, keylen);
+		struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm);
+
+		crypto_lskcipher_clear_flags(*ctx, CRYPTO_TFM_REQ_MASK);
+		crypto_lskcipher_set_flags(*ctx,
+					   crypto_skcipher_get_flags(tfm) &
+					   CRYPTO_TFM_REQ_MASK);
+		err = crypto_lskcipher_setkey(*ctx, key, keylen);
 		goto out;
 	}
commit	7ec0a09d4e84396b8c3c799b0add4399f5fdb7a6	[log] [tgz]
author	Eric Biggers <ebiggers@google.com>	Thu Oct 12 22:56:13 2023 -0700
committer	Herbert Xu <herbert@gondor.apana.org.au>	Fri Oct 20 13:39:26 2023 +0800
tree	368d41914a5276acc8be1e2df006655e43b25e5f
parent	5acab6eb592387191c1bb745ba9b815e1e076db5 [diff] [blame]