On 5/6/2019 11:06 AM, Horia Geanta wrote:
> On 5/6/2019 9:40 AM, Herbert Xu wrote:
>> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote:
>>> The detection whether DKP (Derived Key Protocol) is used relies on
>>> the setkey callback.
>>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey"
>>> (for 3DES weak key checking), the logic has to be updated - otherwise
>>> the DMA mapping direction is incorrect (leading to faults in case caam
>>> is behind an IOMMU).
>>>
>>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
>>> Signed-off-by: Horia Geantă <horia.geanta@xxxxxxx>
>>> ---
>>>
>>> This issue was noticed when testing with previously submitted IOMMU support:
>>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=*
>>
>> Thanks for catching this Horia!
>>
>> My preference would be to encode this logic separately rather than
>> relying on the setkey test. How about this patch?
>>
> This is probably more reliable.
>
>> ---8<---
>> The detection for DKP (Derived Key Protocol) relied on the value
>> of the setkey function. This was broken by the recent change which
>> added des3_aead_setkey.
>>
>> This patch fixes this by introducing a new flag for DKP and setting
>> that where needed.
>>
>> Reported-by: Horia Geantă <horia.geanta@xxxxxxx>
>> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Tested-by: Horia Geantă <horia.geanta@xxxxxxx>
>
Unfortunately the commit message dropped the tag provided in v1:
Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d
upstream) but should also be queued up for 5.1.y.
Thanks,
Horia
