• Jarod Wilson's avatar
    crypto: des3_ede - permit weak keys unless REQ_WEAK_KEY set · ad79cdd7
    Jarod Wilson authored
    While its a slightly insane to bypass the key1 == key2 ||
    key2 == key3 check in triple-des, since it reduces it to the
    same strength as des, some folks do need to do this from time
    to time for backwards compatibility with des.
    My own case is FIPS CAVS test vectors. Many triple-des test
    vectors use a single key, replicated 3x. In order to get the
    expected results, des3_ede_setkey() needs to only reject weak
    keys if the CRYPTO_TFM_REQ_WEAK_KEY flag is set.
    Also sets a more appropriate RES flag when a weak key is found.
    Signed-off-by: 's avatarJarod Wilson <jarod@redhat.com>
    Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
des_generic.c 35.4 KB