On 5/6/2019 11:06 AM, Horia Geanta wrote:
On 5/6/2019 9:40 AM, Herbert Xu wrote:
On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote:
The detection whether DKP (Derived Key Protocol) is used relies on the setkey callback. Since "aead_setkey" was replaced in some cases with "des3_aead_setkey" (for 3DES weak key checking), the logic has to be updated - otherwise the DMA mapping direction is incorrect (leading to faults in case caam is behind an IOMMU).
Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") Signed-off-by: Horia Geantă horia.geanta@nxp.com
This issue was noticed when testing with previously submitted IOMMU support: https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&st...
Thanks for catching this Horia!
My preference would be to encode this logic separately rather than relying on the setkey test. How about this patch?
This is probably more reliable.
---8<--- The detection for DKP (Derived Key Protocol) relied on the value of the setkey function. This was broken by the recent change which added des3_aead_setkey.
This patch fixes this by introducing a new flag for DKP and setting that where needed.
Reported-by: Horia Geantă horia.geanta@nxp.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au
Tested-by: Horia Geantă horia.geanta@nxp.com
Unfortunately the commit message dropped the tag provided in v1: Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d upstream) but should also be queued up for 5.1.y.
Thanks, Horia