crypto: marvell - Forbid 2-key 3DES in FIPS mode

This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/marvell/cipher.c b/drivers/crypto/marvell/cipher.c
index fb279b3a1ca134e24fd2aa0225281c79cf5f10a2..2fd936b19c6d96a8a9296c571b99911eb9d5c673 100644 (file)
--- a/drivers/crypto/marvell/cipher.c
+++ b/drivers/crypto/marvell/cipher.c
@@ -299,13 +299,12 @@ static int mv_cesa_des_setkey(struct crypto_skcipher *cipher, const u8 *key,
 static int mv_cesa_des3_ede_setkey(struct crypto_skcipher *cipher,
                                   const u8 *key, unsigned int len)
 {
-       struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher);
-       struct mv_cesa_des_ctx *ctx = crypto_tfm_ctx(tfm);
+       struct mv_cesa_des_ctx *ctx = crypto_skcipher_ctx(cipher);
+       int err;
 
-       if (len != DES3_EDE_KEY_SIZE) {
-               crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
-               return -EINVAL;
-       }
+       err = des3_verify_key(cipher, key);
+       if (unlikely(err))
+               return err;
 
        memcpy(ctx->key, key, DES3_EDE_KEY_SIZE);