projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 94fc2e0)
crypto: inside-secure - Forbid 2-key 3DES in FIPS mode
authorHerbert Xu <herbert@gondor.apana.org.au>
Thu, 11 Apr 2019 08:51:10 +0000 (16:51 +0800)
committerHerbert Xu <herbert@gondor.apana.org.au>
Thu, 18 Apr 2019 14:15:00 +0000 (22:15 +0800)
This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
drivers/crypto/inside-secure/safexcel_cipher.c patch | blob | history

diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
index 7ef30a98cb24b102ba1a83448a1943261487380f..de4be10b172f9a7a16fc2ececa1e0efb0351a112 100644 (file)
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -1039,13 +1039,12 @@ static int safexcel_cbc_des3_ede_decrypt(struct skcipher_request *req)
 static int safexcel_des3_ede_setkey(struct crypto_skcipher *ctfm,
                                   const u8 *key, unsigned int len)
 {
-       struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
-       struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+       struct safexcel_cipher_ctx *ctx = crypto_skcipher_ctx(ctfm);
+       int err;
 
-       if (len != DES3_EDE_KEY_SIZE) {
-               crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
-               return -EINVAL;
-       }
+       err = des3_verify_key(ctfm, key);
+       if (unlikely(err))
+               return err;
 
        /* if context exits and key changed, need to invalidate it */
        if (ctx->base.ctxr_dma) {
John Crispins staging tree