Skip to content

Commit dd0d2f4

Browse files
jason-rodrijallisonciq
authored andcommitted
Partial revert of "In essiv_aead_setkey(), use the same logic as crypto_authenc_esn_setkey() to zeroize keys on exit."
LE-3197 A bug was introduced while updating the kernel per atsec’s request. When key zeroization was added, setting the crypto algorithm key was removed in error. This re-adds the code to set the crypto key. Tested under non-FIPS and FIPS mode. NB. This bug only causes the algorithm to be unusable and an error message returned to users. No corruption or insecure algorithm use is allowed. [Sultan: touched up the commit message with what Jeremy wrote] Signed-off-by: Jason Rodriguez <[email protected]> Signed-off-by: Jeremy Allison <[email protected]> Signed-off-by: Sultan Alsawaf <[email protected]>
1 parent 47d6528 commit dd0d2f4

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

crypto/essiv.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -119,9 +119,11 @@ static int essiv_aead_setkey(struct crypto_aead *tfm, const u8 *key,
119119
crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK);
120120
crypto_cipher_set_flags(tctx->essiv_cipher, crypto_aead_get_flags(tfm) &
121121
CRYPTO_TFM_REQ_MASK);
122+
err = crypto_cipher_setkey(tctx->essiv_cipher, salt,
123+
crypto_shash_digestsize(tctx->hash));
122124
out:
123125
memzero_explicit(&keys, sizeof(keys));
124-
return err;
126+
return err;
125127
}
126128

127129
static int essiv_aead_setauthsize(struct crypto_aead *tfm,

0 commit comments

Comments
 (0)