crypto: hisilicon - Forbid 2-key 3DES in FIPS mode

This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode. It also removes a couple of unnecessary key length checks that are already performed by the crypto API. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: hisilicon - Forbid 2-key 3DES in FIPS mode
This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode. It also removes a couple of unnecessary key length checks that are already performed by the crypto API. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
94fc2e0b · Herbert Xu · 270e21da · 94fc2e0b
Commit 94fc2e0b authored Apr 11, 2019 by Herbert Xu
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 8 deletions

drivers/crypto/hisilicon/sec/sec_algs.c drivers/crypto/hisilicon/sec/sec_algs.c +4 -8

No files found.
--- a/drivers/crypto/hisilicon/sec/sec_algs.c
+++ b/drivers/crypto/hisilicon/sec/sec_algs.c
@@ -365,20 +365,16 @@ static int sec_alg_skcipher_setkey_des_cbc(struct crypto_skcipher *tfm,
 static int sec_alg_skcipher_setkey_3des_ecb(struct crypto_skcipher *tfm,
 					    const u8 *key, unsigned int keylen)
 {
-	if (keylen != DES_KEY_SIZE * 3)
+	return unlikely(des3_verify_key(tfm, key)) ?:
-		return -EINVAL;
+	       sec_alg_skcipher_setkey(tfm, key, keylen,
-	return sec_alg_skcipher_setkey(tfm, key, keylen,
 				       SEC_C_3DES_ECB_192_3KEY);
 }
 static int sec_alg_skcipher_setkey_3des_cbc(struct crypto_skcipher *tfm,
 					    const u8 *key, unsigned int keylen)
 {
-	if (keylen != DES3_EDE_KEY_SIZE)
+	return unlikely(des3_verify_key(tfm, key)) ?:
-		return -EINVAL;
+	       sec_alg_skcipher_setkey(tfm, key, keylen,
-	return sec_alg_skcipher_setkey(tfm, key, keylen,
 				       SEC_C_3DES_CBC_192_3KEY);
 }