crypto: des3_ede - permit weak keys unless REQ_WEAK_KEY set

While its a slightly insane to bypass the key1 == key2 || key2 == key3 check in triple-des, since it reduces it to the same strength as des, some folks do need to do this from time to time for backwards compatibility with des. My own case is FIPS CAVS test vectors. Many triple-des test vectors use a single key, replicated 3x. In order to get the expected results, des3_ede_setkey() needs to only reject weak keys if the CRYPTO_TFM_REQ_WEAK_KEY flag is set. Also sets a more appropriate RES flag when a weak key is found. Signed-off-by: Jarod Wilson <jarod@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Jarod Wilson <jarod@redhat.com> 2008-12-17 16:51:13 +1100
committer: Herbert Xu <herbert@gondor.apana.org.au> 2008-12-25 11:02:28 +1100
commit: ad79cdd77fc1466e45cf923890f66bcfe7c43f12 (patch)
tree: 21bb847be8e5250de2d0976dc6b3185023b10f4d
parent: bd9d20dba182ce4541b16b083eccd30fb252b9f4 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/des_generic.c b/crypto/des_generic.c
index 5d0e4580f99..5bd3ee345a6 100644
--- a/crypto/des_generic.c
+++ b/crypto/des_generic.c
@@ -868,9 +868,10 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
 	u32 *flags = &tfm->crt_flags;
 
 	if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
-		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))))
+		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
+		     (*flags & CRYPTO_TFM_REQ_WEAK_KEY))
 	{
-		*flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
+		*flags |= CRYPTO_TFM_RES_WEAK_KEY;
 		return -EINVAL;
 	}
author	Jarod Wilson <jarod@redhat.com>	2008-12-17 16:51:13 +1100
committer	Herbert Xu <herbert@gondor.apana.org.au>	2008-12-25 11:02:28 +1100
commit	ad79cdd77fc1466e45cf923890f66bcfe7c43f12 (patch)
tree	21bb847be8e5250de2d0976dc6b3185023b10f4d
parent	bd9d20dba182ce4541b16b083eccd30fb252b9f4 (diff)