diff options
author | Stephan Mueller <smueller@chronox.de> | 2016-02-09 15:37:47 +0100 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2016-02-17 04:07:51 +0800 |
commit | 28856a9e52c7cac712af6c143de04766617535dc (patch) | |
tree | 4ee6c79e76f8eadc0148bfeb09fd146c9d53fabf /crypto/xts.c | |
parent | 730d02e27670fa5b6a55778d11023c5897d87d57 (diff) | |
download | linux-stable-28856a9e52c7cac712af6c143de04766617535dc.tar.gz linux-stable-28856a9e52c7cac712af6c143de04766617535dc.tar.bz2 linux-stable-28856a9e52c7cac712af6c143de04766617535dc.zip |
crypto: xts - consolidate sanity check for keys
The patch centralizes the XTS key check logic into the service function
xts_check_key which is invoked from the different XTS implementations.
With this, the XTS implementations in ARM, ARM64, PPC and S390 have now
a sanity check for the XTS keys similar to the other arches.
In addition, this service function received a check to ensure that the
key != the tweak key which is mandated by FIPS 140-2 IG A.9. As the
check is not present in the standards defining XTS, it is only enforced
in FIPS mode of the kernel.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/xts.c')
-rw-r--r-- | crypto/xts.c | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/crypto/xts.c b/crypto/xts.c index f6fd43f100c8..26ba5833b994 100644 --- a/crypto/xts.c +++ b/crypto/xts.c @@ -35,16 +35,11 @@ static int setkey(struct crypto_tfm *parent, const u8 *key, { struct priv *ctx = crypto_tfm_ctx(parent); struct crypto_cipher *child = ctx->tweak; - u32 *flags = &parent->crt_flags; int err; - /* key consists of keys of equal size concatenated, therefore - * the length must be even */ - if (keylen % 2) { - /* tell the user why there was an error */ - *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; - return -EINVAL; - } + err = xts_check_key(parent, key, keylen); + if (err) + return err; /* we need two cipher instances: one to compute the initial 'tweak' * by encrypting the IV (usually the 'plain' iv) and the other |