On Thu, 27 Jun 2019 at 16:50, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > > On Thu, 27 Jun 2019 at 16:44, Horia Geanta <horia.geanta@xxxxxxx> wrote: > > > > On 6/27/2019 3:03 PM, Ard Biesheuvel wrote: > > > n my effort to remove crypto_alloc_cipher() invocations from non-crypto > > > code, i ran into a DES call in the CIFS driver. This is addressed in > > > patch #30. > > > > > > The other patches are cleanups for the quirky DES interface, and lots > > > of duplication of the weak key checks etc. > > > > > > Changes since vpub/scm/linux/kernel/git/arm64/linux.git/log/?h=for-next/fixes1/RFC: > > > - fix build errors in various drivers that i failed to catch in my > > > initial testing > > > - put all caam changes into the correct patch > > > - fix weak key handling error flagged by the self tests, as reported > > > by Eric. > > I am seeing a similar (?) issue: > > alg: skcipher: ecb-des-caam setkey failed on test vector 4; expected_error=-22, actual_error=-126, flags=0x100101 > > > > crypto_des_verify_key() in include/crypto/internal/des.h returns -ENOKEY, > > while testmgr expects -EINVAL (setkey_error = -EINVAL in the test vector). > > > > I assume crypto_des_verify_key() should return -EINVAL, not -ENOKEY. > > > > Yes, but I tried to keep handling of the crypto_tfm flags out of the > library interface. > > I will try to find a way to solve this cleanly. Actually, it should be as simple as diff --git a/include/crypto/internal/des.h b/include/crypto/internal/des.h index dfe5e8f92270..522c09c08002 100644 --- a/include/crypto/internal/des.h +++ b/include/crypto/internal/des.h @@ -27,10 +27,12 @@ static inline int crypto_des_verify_key(struct crypto_tfm *tfm, const u8 *key) int err; err = des_expand_key(&tmp, key, DES_KEY_SIZE); - if (err == -ENOKEY && - !(crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) - err = 0; - + if (err == -ENOKEY) { + if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) + err = -EINVAL; + else + err = 0; + } if (err) crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);