crypto: inside-secure - Forbid 2-key 3DES in FIPS mode
This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>hifive-unleashed-5.2
parent
94fc2e0be0
commit
67ac62bf3d
|
@ -1039,13 +1039,12 @@ static int safexcel_cbc_des3_ede_decrypt(struct skcipher_request *req)
|
||||||
static int safexcel_des3_ede_setkey(struct crypto_skcipher *ctfm,
|
static int safexcel_des3_ede_setkey(struct crypto_skcipher *ctfm,
|
||||||
const u8 *key, unsigned int len)
|
const u8 *key, unsigned int len)
|
||||||
{
|
{
|
||||||
struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
|
struct safexcel_cipher_ctx *ctx = crypto_skcipher_ctx(ctfm);
|
||||||
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
|
int err;
|
||||||
|
|
||||||
if (len != DES3_EDE_KEY_SIZE) {
|
err = des3_verify_key(ctfm, key);
|
||||||
crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
|
if (unlikely(err))
|
||||||
return -EINVAL;
|
return err;
|
||||||
}
|
|
||||||
|
|
||||||
/* if context exits and key changed, need to invalidate it */
|
/* if context exits and key changed, need to invalidate it */
|
||||||
if (ctx->base.ctxr_dma) {
|
if (ctx->base.ctxr_dma) {
|
||||||
|
|
Loading…
Reference in New Issue