diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2019-04-11 16:51:04 +0800 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2019-04-18 22:14:59 +0800 |
commit | 19291691b02f320e1dc4ea15856d61244b4315da (patch) | |
tree | 4ca3fd24a69e634d3115b940d1b3ee75b72f53d2 /drivers/crypto/cavium | |
parent | 3b2de7247f45e1e6ffc617172afdbe047bb860c6 (diff) | |
download | lwn-19291691b02f320e1dc4ea15856d61244b4315da.tar.gz lwn-19291691b02f320e1dc4ea15856d61244b4315da.zip |
crypto: nitrox - Forbid 2-key 3DES in FIPS mode
This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers/crypto/cavium')
-rw-r--r-- | drivers/crypto/cavium/nitrox/nitrox_skcipher.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c index d4935d6cefdd..7e4a5e69085e 100644 --- a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c +++ b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c @@ -257,12 +257,8 @@ static int nitrox_aes_decrypt(struct skcipher_request *skreq) static int nitrox_3des_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { - if (keylen != DES3_EDE_KEY_SIZE) { - crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); - return -EINVAL; - } - - return nitrox_skcipher_setkey(cipher, 0, key, keylen); + return unlikely(des3_verify_key(cipher, key)) ?: + nitrox_skcipher_setkey(cipher, 0, key, keylen); } static int nitrox_3des_encrypt(struct skcipher_request *skreq) |