This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.

It also removes a couple of unnecessary key length checks that
are already performed by the crypto API.
   
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/crypto/hisilicon/sec/sec_algs.c |   12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/drivers/crypto/hisilicon/sec/sec_algs.c 
b/drivers/crypto/hisilicon/sec/sec_algs.c
index adc0cd8ae97b..02768af0dccd 100644
--- a/drivers/crypto/hisilicon/sec/sec_algs.c
+++ b/drivers/crypto/hisilicon/sec/sec_algs.c
@@ -365,20 +365,16 @@ static int sec_alg_skcipher_setkey_des_cbc(struct 
crypto_skcipher *tfm,
 static int sec_alg_skcipher_setkey_3des_ecb(struct crypto_skcipher *tfm,
                                            const u8 *key, unsigned int keylen)
 {
-       if (keylen != DES_KEY_SIZE * 3)
-               return -EINVAL;
-
-       return sec_alg_skcipher_setkey(tfm, key, keylen,
+       return unlikely(des3_verify_key(tfm, key)) ?:
+              sec_alg_skcipher_setkey(tfm, key, keylen,
                                       SEC_C_3DES_ECB_192_3KEY);
 }
 
 static int sec_alg_skcipher_setkey_3des_cbc(struct crypto_skcipher *tfm,
                                            const u8 *key, unsigned int keylen)
 {
-       if (keylen != DES3_EDE_KEY_SIZE)
-               return -EINVAL;
-
-       return sec_alg_skcipher_setkey(tfm, key, keylen,
+       return unlikely(des3_verify_key(tfm, key)) ?:
+              sec_alg_skcipher_setkey(tfm, key, keylen,
                                       SEC_C_3DES_CBC_192_3KEY);
 }
 

Reply via email to