Commit 94fc2e0b authored by Herbert Xu's avatar Herbert Xu

crypto: hisilicon - Forbid 2-key 3DES in FIPS mode

This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.

It also removes a couple of unnecessary key length checks that
are already performed by the crypto API.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 270e21da
...@@ -365,20 +365,16 @@ static int sec_alg_skcipher_setkey_des_cbc(struct crypto_skcipher *tfm, ...@@ -365,20 +365,16 @@ static int sec_alg_skcipher_setkey_des_cbc(struct crypto_skcipher *tfm,
static int sec_alg_skcipher_setkey_3des_ecb(struct crypto_skcipher *tfm, static int sec_alg_skcipher_setkey_3des_ecb(struct crypto_skcipher *tfm,
const u8 *key, unsigned int keylen) const u8 *key, unsigned int keylen)
{ {
if (keylen != DES_KEY_SIZE * 3) return unlikely(des3_verify_key(tfm, key)) ?:
return -EINVAL; sec_alg_skcipher_setkey(tfm, key, keylen,
return sec_alg_skcipher_setkey(tfm, key, keylen,
SEC_C_3DES_ECB_192_3KEY); SEC_C_3DES_ECB_192_3KEY);
} }
static int sec_alg_skcipher_setkey_3des_cbc(struct crypto_skcipher *tfm, static int sec_alg_skcipher_setkey_3des_cbc(struct crypto_skcipher *tfm,
const u8 *key, unsigned int keylen) const u8 *key, unsigned int keylen)
{ {
if (keylen != DES3_EDE_KEY_SIZE) return unlikely(des3_verify_key(tfm, key)) ?:
return -EINVAL; sec_alg_skcipher_setkey(tfm, key, keylen,
return sec_alg_skcipher_setkey(tfm, key, keylen,
SEC_C_3DES_CBC_192_3KEY); SEC_C_3DES_CBC_192_3KEY);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment