crypto: hisilicon - Forbid 2-key 3DES in FIPS mode
This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode. It also removes a couple of unnecessary key length checks that are already performed by the crypto API. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
@@ -365,20 +365,16 @@ static int sec_alg_skcipher_setkey_des_cbc(struct crypto_skcipher *tfm,
|
|||||||
static int sec_alg_skcipher_setkey_3des_ecb(struct crypto_skcipher *tfm,
|
static int sec_alg_skcipher_setkey_3des_ecb(struct crypto_skcipher *tfm,
|
||||||
const u8 *key, unsigned int keylen)
|
const u8 *key, unsigned int keylen)
|
||||||
{
|
{
|
||||||
if (keylen != DES_KEY_SIZE * 3)
|
return unlikely(des3_verify_key(tfm, key)) ?:
|
||||||
return -EINVAL;
|
sec_alg_skcipher_setkey(tfm, key, keylen,
|
||||||
|
|
||||||
return sec_alg_skcipher_setkey(tfm, key, keylen,
|
|
||||||
SEC_C_3DES_ECB_192_3KEY);
|
SEC_C_3DES_ECB_192_3KEY);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int sec_alg_skcipher_setkey_3des_cbc(struct crypto_skcipher *tfm,
|
static int sec_alg_skcipher_setkey_3des_cbc(struct crypto_skcipher *tfm,
|
||||||
const u8 *key, unsigned int keylen)
|
const u8 *key, unsigned int keylen)
|
||||||
{
|
{
|
||||||
if (keylen != DES3_EDE_KEY_SIZE)
|
return unlikely(des3_verify_key(tfm, key)) ?:
|
||||||
return -EINVAL;
|
sec_alg_skcipher_setkey(tfm, key, keylen,
|
||||||
|
|
||||||
return sec_alg_skcipher_setkey(tfm, key, keylen,
|
|
||||||
SEC_C_3DES_CBC_192_3KEY);
|
SEC_C_3DES_CBC_192_3KEY);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user