crypto: seqiv - Ensure that IV size is at least 8 bytes
authorHerbert Xu <herbert@gondor.apana.org.au>
Fri, 16 Jan 2015 08:51:20 +0000 (19:51 +1100)
committerHerbert Xu <herbert@gondor.apana.org.au>
Tue, 20 Jan 2015 03:44:16 +0000 (14:44 +1100)
Since seqiv is designed for IPsec we need to be able to accomodate
the whole IPsec sequence number in order to ensure the uniqueness
of the IV.

This patch forbids any algorithm with an IV size of less than 8
from using it.  This should have no impact on existing users since
they all have an IV size of 8.

Reported-by: Maciej ?enczykowski <zenczykowski@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Maciej ?enczykowski <zenczykowski@gmail.com>
crypto/seqiv.c

index 9daa854cc485b61e97eb7b25ead68da14a47ce88..b7bb9a2f4a31c095d7a39fe1762d9a2ad88f06cf 100644 (file)
@@ -267,6 +267,12 @@ static struct crypto_instance *seqiv_ablkcipher_alloc(struct rtattr **tb)
        if (IS_ERR(inst))
                goto out;
 
+       if (inst->alg.cra_ablkcipher.ivsize < sizeof(u64)) {
+               skcipher_geniv_free(inst);
+               inst = ERR_PTR(-EINVAL);
+               goto out;
+       }
+
        inst->alg.cra_ablkcipher.givencrypt = seqiv_givencrypt_first;
 
        inst->alg.cra_init = seqiv_init;
@@ -287,6 +293,12 @@ static struct crypto_instance *seqiv_aead_alloc(struct rtattr **tb)
        if (IS_ERR(inst))
                goto out;
 
+       if (inst->alg.cra_aead.ivsize < sizeof(u64)) {
+               aead_geniv_free(inst);
+               inst = ERR_PTR(-EINVAL);
+               goto out;
+       }
+
        inst->alg.cra_aead.givencrypt = seqiv_aead_givencrypt_first;
 
        inst->alg.cra_init = seqiv_aead_init;