summaryrefslogtreecommitdiff
path: root/drivers/crypto/cavium
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2019-04-11 16:51:04 +0800
committerHerbert Xu <herbert@gondor.apana.org.au>2019-04-18 22:14:59 +0800
commit19291691b02f320e1dc4ea15856d61244b4315da (patch)
tree4ca3fd24a69e634d3115b940d1b3ee75b72f53d2 /drivers/crypto/cavium
parent3b2de7247f45e1e6ffc617172afdbe047bb860c6 (diff)
downloadlwn-19291691b02f320e1dc4ea15856d61244b4315da.tar.gz
lwn-19291691b02f320e1dc4ea15856d61244b4315da.zip
crypto: nitrox - Forbid 2-key 3DES in FIPS mode
This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers/crypto/cavium')
-rw-r--r--drivers/crypto/cavium/nitrox/nitrox_skcipher.c8
1 files changed, 2 insertions, 6 deletions
diff --git a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c
index d4935d6cefdd..7e4a5e69085e 100644
--- a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c
+++ b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c
@@ -257,12 +257,8 @@ static int nitrox_aes_decrypt(struct skcipher_request *skreq)
static int nitrox_3des_setkey(struct crypto_skcipher *cipher,
const u8 *key, unsigned int keylen)
{
- if (keylen != DES3_EDE_KEY_SIZE) {
- crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
- return -EINVAL;
- }
-
- return nitrox_skcipher_setkey(cipher, 0, key, keylen);
+ return unlikely(des3_verify_key(cipher, key)) ?:
+ nitrox_skcipher_setkey(cipher, 0, key, keylen);
}
static int nitrox_3des_encrypt(struct skcipher_request *skreq)