The cipher registered as __driver-gcm-aes-aesni is never intended
to be used directly by any caller. Instead it is a service mechanism to
rfc4106-gcm-aesni.
The kernel crypto API unconditionally calls the registered setkey
function. In case a caller erroneously uses __driver-gcm-aes-aesni a
call to crypto_aead_setkey will cause a NULL pointer dereference without
this patch.
CC: Tadeusz Struk <tadeusz.st...@intel.com>
Signed-off-by: Stephan Mueller <smuel...@chronox.de>
---
arch/x86/crypto/aesni-intel_glue.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/arch/x86/crypto/aesni-intel_glue.c
b/arch/x86/crypto/aesni-intel_glue.c
index 947c6bf..a278ef9 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -1012,6 +1012,16 @@ static int rfc4106_decrypt(struct aead_request *req)
}
}
+static int __driver_rfc4106_set_key(struct crypto_aead *parent,
+ const u8 *key, unsigned int key_len)
+{
+ /*
+ * __driver-gcm-aes-aesni is only a backend for rfc4106-gcm-aesni
+ * and is never intended to be used as a regular cipher.
+ */
+ return -EOPNOTSUPP;
+}
+
static int __driver_rfc4106_encrypt(struct aead_request *req)
{
u8 one_entry_in_sg = 0;
@@ -1366,6 +1376,7 @@ static struct crypto_alg aesni_algs[] = { {
.cra_module = THIS_MODULE,
.cra_u = {
.aead = {
+ .setkey = __driver_rfc4106_set_key,
.encrypt = __driver_rfc4106_encrypt,
.decrypt = __driver_rfc4106_decrypt,
},
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
