eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 03:40:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix kernel crypto backend to set key before accept call even for HMAC.

Browse Source
This commit is contained in:
Milan Broz
2016-01-04 14:19:50 +01:00
parent 229497871d
commit 4dc88e8ffb
1 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/crypto_backend/crypto_kernel.c
View File

@@ -68,7 +68,8 @@ struct crypt_hmac {
int hash_len; int hash_len;
}; };
static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd) static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd,
const void *key, size_t key_length)
{ {
*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0); *tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (*tfmfd < 0) if (*tfmfd < 0)
@@ -80,6 +81,12 @@ static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *op
return -ENOENT; return -ENOENT;
} }
if (key && setsockopt(*tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) {
close(*tfmfd);
*tfmfd = -1;
return -EINVAL;
}
*opfd = accept(*tfmfd, NULL, 0); *opfd = accept(*tfmfd, NULL, 0);
if (*opfd < 0) { if (*opfd < 0) {
close(*tfmfd); close(*tfmfd);
@@ -106,7 +113,7 @@ int crypt_backend_init(struct crypt_device *ctx)
if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux")) if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux"))
return -EINVAL; return -EINVAL;
if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd) < 0) if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd, NULL, 0) < 0)
return -EINVAL; return -EINVAL;
close(tfmfd); close(tfmfd);
@@ -171,7 +178,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name)); strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name));
if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) { if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, NULL, 0) < 0) {
free(h); free(h);
return -EINVAL; return -EINVAL;
} }
@@ -246,16 +253,11 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
snprintf((char *)sa.salg_name, sizeof(sa.salg_name), snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
"hmac(%s)", ha->kernel_name); "hmac(%s)", ha->kernel_name);
if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) { if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, buffer, length) < 0) {
free(h); free(h);
return -EINVAL; return -EINVAL;
} }
if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) < 0) {
crypt_hmac_destroy(h);
return -EINVAL;
}
*ctx = h; *ctx = h;
return 0; return 0;
} }