crypto: aead - Avoid infinite loop when nivaead fails selftest
authorHerbert Xu <herbert@gondor.apana.org.au>
Wed, 18 Feb 2009 12:41:47 +0000 (20:41 +0800)
committerHerbert Xu <herbert@gondor.apana.org.au>
Wed, 18 Feb 2009 13:21:24 +0000 (21:21 +0800)
When an aead constructed through crypto_nivaead_default fails
its selftest, we'll loop forever trying to construct new aead
objects but failing because it already exists.

The crux of the issue is that once an aead fails the selftest,
we'll ignore it on the next run through crypto_aead_lookup and
attempt to construct a new aead.

We should instead return an error to the caller if we find an
an that has failed the test.

This bug hasn't manifested itself yet because we don't have any
test vectors for the existing nivaead algorithms.  They're tested
through the underlying algorithms only.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto/aead.c

index 3a6f3f52c7c71911ac6cd7506493fb24ccd8eb50..d9aa733db1647b51c1eea32de4840dc21cd9659d 100644 (file)
@@ -422,6 +422,22 @@ static struct crypto_alg *crypto_lookup_aead(const char *name, u32 type,
        if (!alg->cra_aead.ivsize)
                return alg;
 
+       crypto_mod_put(alg);
+       alg = crypto_alg_mod_lookup(name, type | CRYPTO_ALG_TESTED,
+                                   mask & ~CRYPTO_ALG_TESTED);
+       if (IS_ERR(alg))
+               return alg;
+
+       if (alg->cra_type == &crypto_aead_type) {
+               if ((alg->cra_flags ^ type ^ ~mask) & CRYPTO_ALG_TESTED) {
+                       crypto_mod_put(alg);
+                       alg = ERR_PTR(-ENOENT);
+               }
+               return alg;
+       }
+
+       BUG_ON(!alg->cra_aead.ivsize);
+
        return ERR_PTR(crypto_nivaead_default(alg, type, mask));
 }