s390/zcrypt: Fix CCA cipher key gen with clear key value function

commit 94dd3bada53ee77b80d0aeee5571eeb83654d156 upstream. Regression tests showed that the CCA cipher key function which generates an CCA cipher key with given clear key value does not work correctly. At parsing the reply CPRB two limits are wrong calculated resulting in rejecting the reply as invalid with s390dbf message "_ip_cprb_helper reply with invalid or unknown key block". Fixes: f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support") Cc: Stable <stable@vger.kernel.org> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-12-20 09:06:09 +01:00 · 2019-12-20 09:06:09 +01:00 · 8f4bf0ea79
commit 8f4bf0ea79
parent ce285ef8ef
1 changed files with 2 additions and 2 deletions
--- a/drivers/s390/crypto/zcrypt_ccamisc.c
+++ b/drivers/s390/crypto/zcrypt_ccamisc.c
@ -1037,8 +1037,8 @@ static int _ip_cprb_helper(u16 cardnr, u16 domain,
 	prepparm = (struct iprepparm *) prepcblk->rpl_parmb;

 	/* do some plausibility checks on the key block */
-	if (prepparm->kb.len < 120 + 5 * sizeof(uint16_t) ||
-	    prepparm->kb.len > 136 + 5 * sizeof(uint16_t)) {
+	if (prepparm->kb.len < 120 + 3 * sizeof(uint16_t) ||
+	    prepparm->kb.len > 136 + 3 * sizeof(uint16_t)) {
 		DEBUG_ERR("%s reply with invalid or unknown key block\n",
 			  __func__);
 		rc = -EIO;