diff options
author | Eric Biggers | 2019-01-18 22:48:00 -0800 |
---|---|---|
committer | Herbert Xu | 2019-01-25 18:41:52 +0800 |
commit | 231baecdef7a906579925ccf1bd45aa734f32320 (patch) | |
tree | d445c32fbb19c327331c8cc3d254d72a96ffa919 /crypto | |
parent | 37ebffff65b2321a9b51ae928851330154358f1d (diff) |
crypto: clarify name of WEAK_KEY request flag
CRYPTO_TFM_REQ_WEAK_KEY confuses newcomers to the crypto API because it
sounds like it is requesting a weak key. Actually, it is requesting
that weak keys be forbidden (for algorithms that have the notion of
"weak keys"; currently only DES and XTS do).
Also it is only one letter away from CRYPTO_TFM_RES_WEAK_KEY, with which
it can be easily confused. (This in fact happened in the UX500 driver,
though just in some debugging messages.)
Therefore, make the intent clear by renaming it to
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/des_generic.c | 4 | ||||
-rw-r--r-- | crypto/testmgr.c | 14 | ||||
-rw-r--r-- | crypto/testmgr.h | 4 |
3 files changed, 11 insertions, 11 deletions
diff --git a/crypto/des_generic.c b/crypto/des_generic.c index a71720544d11..1e6621665dd9 100644 --- a/crypto/des_generic.c +++ b/crypto/des_generic.c @@ -789,7 +789,7 @@ static int des_setkey(struct crypto_tfm *tfm, const u8 *key, /* Expand to tmp */ ret = des_ekey(tmp, key); - if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { *flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } @@ -866,7 +866,7 @@ int __des3_ede_setkey(u32 *expkey, u32 *flags, const u8 *key, if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || !((K[2] ^ K[4]) | (K[3] ^ K[5]))) && - (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { *flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/crypto/testmgr.c b/crypto/testmgr.c index e4f3f5f688e7..4ac3d22256c3 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -706,7 +706,8 @@ static int __test_aead(struct crypto_aead *tfm, int enc, crypto_aead_clear_flags(tfm, ~0); if (template[i].wk) - crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_aead_set_flags(tfm, + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); if (template[i].klen > MAX_KEYLEN) { pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n", @@ -820,7 +821,8 @@ static int __test_aead(struct crypto_aead *tfm, int enc, crypto_aead_clear_flags(tfm, ~0); if (template[i].wk) - crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_aead_set_flags(tfm, + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); if (template[i].klen > MAX_KEYLEN) { pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n", d, j, algo, template[i].klen, MAX_KEYLEN); @@ -1078,7 +1080,7 @@ static int test_cipher(struct crypto_cipher *tfm, int enc, crypto_cipher_clear_flags(tfm, ~0); if (template[i].wk) - crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); ret = crypto_cipher_setkey(tfm, template[i].key, template[i].klen); @@ -1194,8 +1196,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, crypto_skcipher_clear_flags(tfm, ~0); if (template[i].wk) - crypto_skcipher_set_flags(tfm, - CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); ret = crypto_skcipher_setkey(tfm, template[i].key, template[i].klen); @@ -1265,8 +1266,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, j++; crypto_skcipher_clear_flags(tfm, ~0); if (template[i].wk) - crypto_skcipher_set_flags(tfm, - CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); ret = crypto_skcipher_setkey(tfm, template[i].key, template[i].klen); diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 95297240b0f1..d8f6035c7ff2 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -50,7 +50,7 @@ struct hash_testvec { * @ctext: Pointer to ciphertext * @len: Length of @ptext and @ctext in bytes * @fail: If set to one, the test need to fail - * @wk: Does the test need CRYPTO_TFM_REQ_WEAK_KEY + * @wk: Does the test need CRYPTO_TFM_REQ_FORBID_WEAK_KEYS? * ( e.g. test needs to fail due to a weak key ) * @np: numbers of SG to distribute data in (from 1 to MAX_TAP) * @tap: How to distribute data in @np SGs @@ -91,7 +91,7 @@ struct cipher_testvec { * @anp: Numbers of SG to distribute assoc data in * @fail: setkey() failure expected? * @novrfy: Decryption verification failure expected? - * @wk: Does the test need CRYPTO_TFM_REQ_WEAK_KEY? + * @wk: Does the test need CRYPTO_TFM_REQ_FORBID_WEAK_KEYS? * (e.g. setkey() needs to fail due to a weak key) * @klen: Length of @key in bytes * @plen: Length of @ptext in bytes |