[PATCH] crypto: caam - fix DKP detection logic

[PATCH] crypto: caam - fix DKP detection logic

[Horia Geantă]

The detection whether DKP (Derived Key Protocol) is used relies on
the setkey callback.
Since "aead_setkey" was replaced in some cases with "des3_aead_setkey"
(for 3DES weak key checking), the logic has to be updated - otherwise
the DMA mapping direction is incorrect (leading to faults in case caam
is behind an IOMMU).

Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
---

This issue was noticed when testing with previously submitted IOMMU support:
https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=*

 drivers/crypto/caam/caamalg.c     | 3 ++-
 drivers/crypto/caam/caamalg_qi.c  | 3 ++-
 drivers/crypto/caam/caamalg_qi2.c | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 0030cee3e75d..015fca99d867 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -3418,7 +3418,8 @@ static int caam_aead_init(struct crypto_aead *tfm)
 	struct caam_ctx *ctx = crypto_aead_ctx(tfm);
 
 	return caam_init_common(ctx, &caam_alg->caam,
-				alg->setkey == aead_setkey);
+				alg->setkey == aead_setkey ||
+				alg->setkey == des3_aead_setkey);
 }
 
 static void caam_exit_common(struct caam_ctx *ctx)
diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index 70af211d2d01..4d98f5664d3e 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -2434,7 +2434,8 @@ static int caam_aead_init(struct crypto_aead *tfm)
 	struct caam_ctx *ctx = crypto_aead_ctx(tfm);
 
 	return caam_init_common(ctx, &caam_alg->caam,
-				alg->setkey == aead_setkey);
+				alg->setkey == aead_setkey ||
+				alg->setkey == des3_aead_setkey);
 }
 
 static void caam_exit_common(struct caam_ctx *ctx)
diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c
index 33a4df6b81de..5977e615ff10 100644
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -1480,7 +1480,8 @@ static int caam_cra_init_aead(struct crypto_aead *tfm)
 
 	crypto_aead_set_reqsize(tfm, sizeof(struct caam_request));
 	return caam_cra_init(crypto_aead_ctx(tfm), &caam_alg->caam,
-			     alg->setkey == aead_setkey);
+			     alg->setkey == aead_setkey ||
+			     alg->setkey == des3_aead_setkey);
 }
 
 static void caam_exit_common(struct caam_ctx *ctx)
-- 
2.17.1

[v2 PATCH] crypto: caam - fix DKP detection logic

[Herbert Xu]

On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote:
> The detection whether DKP (Derived Key Protocol) is used relies on
> the setkey callback.
> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey"
> (for 3DES weak key checking), the logic has to be updated - otherwise
> the DMA mapping direction is incorrect (leading to faults in case caam
> is behind an IOMMU).
> 
> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
> ---
> 
> This issue was noticed when testing with previously submitted IOMMU support:
> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=*

Thanks for catching this Horia!

My preference would be to encode this logic separately rather than
relying on the setkey test.  How about this patch?

---8<---
The detection for DKP (Derived Key Protocol) relied on the value
of the setkey function.  This was broken by the recent change which
added des3_aead_setkey.

This patch fixes this by introducing a new flag for DKP and setting
that where needed.

Reported-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 3e23d4b2cce2..c0ece44f303b 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -89,6 +89,7 @@ struct caam_alg_entry {
 	int class2_alg_type;
 	bool rfc3686;
 	bool geniv;
+	bool nodkp;
 };
 
 struct caam_aead_alg {
@@ -2052,6 +2053,7 @@ static struct caam_aead_alg driver_aeads[] = {
 		},
 		.caam = {
 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
+			.nodkp = true,
 		},
 	},
 	{
@@ -2070,6 +2072,7 @@ static struct caam_aead_alg driver_aeads[] = {
 		},
 		.caam = {
 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
+			.nodkp = true,
 		},
 	},
 	/* Galois Counter Mode */
@@ -2089,6 +2092,7 @@ static struct caam_aead_alg driver_aeads[] = {
 		},
 		.caam = {
 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
+			.nodkp = true,
 		},
 	},
 	/* single-pass ipsec_esp descriptor */
@@ -3334,6 +3338,7 @@ static struct caam_aead_alg driver_aeads[] = {
 					   OP_ALG_AAI_AEAD,
 			.class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
 					   OP_ALG_AAI_AEAD,
+			.nodkp = true,
 		},
 	},
 	{
@@ -3356,6 +3361,7 @@ static struct caam_aead_alg driver_aeads[] = {
 					   OP_ALG_AAI_AEAD,
 			.class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
 					   OP_ALG_AAI_AEAD,
+			.nodkp = true,
 		},
 	},
 };
@@ -3417,8 +3423,7 @@ static int caam_aead_init(struct crypto_aead *tfm)
 		 container_of(alg, struct caam_aead_alg, aead);
 	struct caam_ctx *ctx = crypto_aead_ctx(tfm);
 
-	return caam_init_common(ctx, &caam_alg->caam,
-				alg->setkey == aead_setkey);
+	return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp);
 }
 
 static void caam_exit_common(struct caam_ctx *ctx)
diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index 70af211d2d01..d290d6b41825 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -36,6 +36,7 @@ struct caam_alg_entry {
 	int class2_alg_type;
 	bool rfc3686;
 	bool geniv;
+	bool nodkp;
 };
 
 struct caam_aead_alg {
@@ -1523,6 +1524,7 @@ static struct caam_aead_alg driver_aeads[] = {
 		},
 		.caam = {
 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
+			.nodkp = true,
 		},
 	},
 	{
@@ -1541,6 +1543,7 @@ static struct caam_aead_alg driver_aeads[] = {
 		},
 		.caam = {
 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
+			.nodkp = true,
 		},
 	},
 	/* Galois Counter Mode */
@@ -1560,6 +1563,7 @@ static struct caam_aead_alg driver_aeads[] = {
 		},
 		.caam = {
 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
+			.nodkp = true,
 		}
 	},
 	/* single-pass ipsec_esp descriptor */
@@ -2433,8 +2437,7 @@ static int caam_aead_init(struct crypto_aead *tfm)
 						      aead);
 	struct caam_ctx *ctx = crypto_aead_ctx(tfm);
 
-	return caam_init_common(ctx, &caam_alg->caam,
-				alg->setkey == aead_setkey);
+	return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp);
 }
 
 static void caam_exit_common(struct caam_ctx *ctx)
diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c
index 33a4df6b81de..2b2980a8a9b9 100644
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -42,6 +42,7 @@ struct caam_alg_entry {
 	int class2_alg_type;
 	bool rfc3686;
 	bool geniv;
+	bool nodkp;
 };
 
 struct caam_aead_alg {
@@ -1480,7 +1481,7 @@ static int caam_cra_init_aead(struct crypto_aead *tfm)
 
 	crypto_aead_set_reqsize(tfm, sizeof(struct caam_request));
 	return caam_cra_init(crypto_aead_ctx(tfm), &caam_alg->caam,
-			     alg->setkey == aead_setkey);
+			     !caam_alg->caam.nodkp);
 }
 
 static void caam_exit_common(struct caam_ctx *ctx)
@@ -1641,6 +1642,7 @@ static struct caam_aead_alg driver_aeads[] = {
 		},
 		.caam = {
 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
+			.nodkp = true,
 		},
 	},
 	{
@@ -1659,6 +1661,7 @@ static struct caam_aead_alg driver_aeads[] = {
 		},
 		.caam = {
 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
+			.nodkp = true,
 		},
 	},
 	/* Galois Counter Mode */
@@ -1678,6 +1681,7 @@ static struct caam_aead_alg driver_aeads[] = {
 		},
 		.caam = {
 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
+			.nodkp = true,
 		}
 	},
 	/* single-pass ipsec_esp descriptor */
@@ -2755,6 +2759,7 @@ static struct caam_aead_alg driver_aeads[] = {
 					   OP_ALG_AAI_AEAD,
 			.class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
 					   OP_ALG_AAI_AEAD,
+			.nodkp = true,
 		},
 	},
 	{
@@ -2777,6 +2782,7 @@ static struct caam_aead_alg driver_aeads[] = {
 					   OP_ALG_AAI_AEAD,
 			.class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
 					   OP_ALG_AAI_AEAD,
+			.nodkp = true,
 		},
 	},
 	{
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [v2 PATCH] crypto: caam - fix DKP detection logic

[Horia Geanta]

On 5/6/2019 9:40 AM, Herbert Xu wrote:
> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote:
>> The detection whether DKP (Derived Key Protocol) is used relies on
>> the setkey callback.
>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey"
>> (for 3DES weak key checking), the logic has to be updated - otherwise
>> the DMA mapping direction is incorrect (leading to faults in case caam
>> is behind an IOMMU).
>>
>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
>> ---
>>
>> This issue was noticed when testing with previously submitted IOMMU support:
>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=*
> 
> Thanks for catching this Horia!
> 
> My preference would be to encode this logic separately rather than
> relying on the setkey test.  How about this patch?
> 
This is probably more reliable.

> ---8<---
> The detection for DKP (Derived Key Protocol) relied on the value
> of the setkey function.  This was broken by the recent change which
> added des3_aead_setkey.
> 
> This patch fixes this by introducing a new flag for DKP and setting
> that where needed.
> 
> Reported-by: Horia Geantă <horia.geanta@nxp.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Horia Geantă <horia.geanta@nxp.com>

Thanks,
Horia

Re: [v2 PATCH] crypto: caam - fix DKP detection logic

[Horia Geanta]

On 5/6/2019 11:06 AM, Horia Geanta wrote:
> On 5/6/2019 9:40 AM, Herbert Xu wrote:
>> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote:
>>> The detection whether DKP (Derived Key Protocol) is used relies on
>>> the setkey callback.
>>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey"
>>> (for 3DES weak key checking), the logic has to be updated - otherwise
>>> the DMA mapping direction is incorrect (leading to faults in case caam
>>> is behind an IOMMU).
>>>
>>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
>>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
>>> ---
>>>
>>> This issue was noticed when testing with previously submitted IOMMU support:
>>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=*
>>
>> Thanks for catching this Horia!
>>
>> My preference would be to encode this logic separately rather than
>> relying on the setkey test.  How about this patch?
>>
> This is probably more reliable.
> 
>> ---8<---
>> The detection for DKP (Derived Key Protocol) relied on the value
>> of the setkey function.  This was broken by the recent change which
>> added des3_aead_setkey.
>>
>> This patch fixes this by introducing a new flag for DKP and setting
>> that where needed.
>>
>> Reported-by: Horia Geantă <horia.geanta@nxp.com>
>> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> Tested-by: Horia Geantă <horia.geanta@nxp.com>
> 
Unfortunately the commit message dropped the tag provided in v1:
Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")

This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d
upstream) but should also be queued up for 5.1.y.

Thanks,
Horia

Re: [v2 PATCH] crypto: caam - fix DKP detection logic

[Greg Kroah-Hartman]

On Thu, May 30, 2019 at 11:36:25AM +0000, Horia Geanta wrote:
> On 5/6/2019 11:06 AM, Horia Geanta wrote:
> > On 5/6/2019 9:40 AM, Herbert Xu wrote:
> >> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote:
> >>> The detection whether DKP (Derived Key Protocol) is used relies on
> >>> the setkey callback.
> >>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey"
> >>> (for 3DES weak key checking), the logic has to be updated - otherwise
> >>> the DMA mapping direction is incorrect (leading to faults in case caam
> >>> is behind an IOMMU).
> >>>
> >>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
> >>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
> >>> ---
> >>>
> >>> This issue was noticed when testing with previously submitted IOMMU support:
> >>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=*
> >>
> >> Thanks for catching this Horia!
> >>
> >> My preference would be to encode this logic separately rather than
> >> relying on the setkey test.  How about this patch?
> >>
> > This is probably more reliable.
> > 
> >> ---8<---
> >> The detection for DKP (Derived Key Protocol) relied on the value
> >> of the setkey function.  This was broken by the recent change which
> >> added des3_aead_setkey.
> >>
> >> This patch fixes this by introducing a new flag for DKP and setting
> >> that where needed.
> >>
> >> Reported-by: Horia Geantă <horia.geanta@nxp.com>
> >> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> > Tested-by: Horia Geantă <horia.geanta@nxp.com>
> > 
> Unfortunately the commit message dropped the tag provided in v1:
> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
> 
> This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d
> upstream) but should also be queued up for 5.1.y.

I do not understand, sorry.  What exact patches need to be applied to
5.1.y?

thanks,

greg k-h

Re: [v2 PATCH] crypto: caam - fix DKP detection logic

[Horia Geanta]

On 6/3/2019 10:52 AM, Greg Kroah-Hartman wrote:
> On Thu, May 30, 2019 at 11:36:25AM +0000, Horia Geanta wrote:
>> On 5/6/2019 11:06 AM, Horia Geanta wrote:
>>> On 5/6/2019 9:40 AM, Herbert Xu wrote:
>>>> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote:
>>>>> The detection whether DKP (Derived Key Protocol) is used relies on
>>>>> the setkey callback.
>>>>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey"
>>>>> (for 3DES weak key checking), the logic has to be updated - otherwise
>>>>> the DMA mapping direction is incorrect (leading to faults in case caam
>>>>> is behind an IOMMU).
>>>>>
>>>>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
>>>>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
>>>>> ---
>>>>>
>>>>> This issue was noticed when testing with previously submitted IOMMU support:
>>>>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=*
>>>>
>>>> Thanks for catching this Horia!
>>>>
>>>> My preference would be to encode this logic separately rather than
>>>> relying on the setkey test.  How about this patch?
>>>>
>>> This is probably more reliable.
>>>
>>>> ---8<---
>>>> The detection for DKP (Derived Key Protocol) relied on the value
>>>> of the setkey function.  This was broken by the recent change which
>>>> added des3_aead_setkey.
>>>>
>>>> This patch fixes this by introducing a new flag for DKP and setting
>>>> that where needed.
>>>>
>>>> Reported-by: Horia Geantă <horia.geanta@nxp.com>
>>>> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>>> Tested-by: Horia Geantă <horia.geanta@nxp.com>
>>>
>> Unfortunately the commit message dropped the tag provided in v1:
>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
>>
>> This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d
>> upstream) but should also be queued up for 5.1.y.
> 
> I do not understand, sorry.  What exact patches need to be applied to
> 5.1.y?
> 
Commit 24586b5feaf1 ("crypto: caam - fix DKP detection logic").

Thanks,
Horia

Re: [v2 PATCH] crypto: caam - fix DKP detection logic

[Greg Kroah-Hartman]

On Mon, Jun 03, 2019 at 08:10:15AM +0000, Horia Geanta wrote:
> On 6/3/2019 10:52 AM, Greg Kroah-Hartman wrote:
> > On Thu, May 30, 2019 at 11:36:25AM +0000, Horia Geanta wrote:
> >> On 5/6/2019 11:06 AM, Horia Geanta wrote:
> >>> On 5/6/2019 9:40 AM, Herbert Xu wrote:
> >>>> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote:
> >>>>> The detection whether DKP (Derived Key Protocol) is used relies on
> >>>>> the setkey callback.
> >>>>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey"
> >>>>> (for 3DES weak key checking), the logic has to be updated - otherwise
> >>>>> the DMA mapping direction is incorrect (leading to faults in case caam
> >>>>> is behind an IOMMU).
> >>>>>
> >>>>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
> >>>>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
> >>>>> ---
> >>>>>
> >>>>> This issue was noticed when testing with previously submitted IOMMU support:
> >>>>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=*
> >>>>
> >>>> Thanks for catching this Horia!
> >>>>
> >>>> My preference would be to encode this logic separately rather than
> >>>> relying on the setkey test.  How about this patch?
> >>>>
> >>> This is probably more reliable.
> >>>
> >>>> ---8<---
> >>>> The detection for DKP (Derived Key Protocol) relied on the value
> >>>> of the setkey function.  This was broken by the recent change which
> >>>> added des3_aead_setkey.
> >>>>
> >>>> This patch fixes this by introducing a new flag for DKP and setting
> >>>> that where needed.
> >>>>
> >>>> Reported-by: Horia Geantă <horia.geanta@nxp.com>
> >>>> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> >>> Tested-by: Horia Geantă <horia.geanta@nxp.com>
> >>>
> >> Unfortunately the commit message dropped the tag provided in v1:
> >> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
> >>
> >> This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d
> >> upstream) but should also be queued up for 5.1.y.
> > 
> > I do not understand, sorry.  What exact patches need to be applied to
> > 5.1.y?
> > 
> Commit 24586b5feaf1 ("crypto: caam - fix DKP detection logic").

But that commit says:
	Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
which is only contained in 5.2-rc1, so why would I want to apply the
first one to 5.1.y?

Still confused,

greg k-h

Re: [v2 PATCH] crypto: caam - fix DKP detection logic

[Horia Geanta]

On 6/3/2019 11:43 AM, Greg Kroah-Hartman wrote:
> On Mon, Jun 03, 2019 at 08:10:15AM +0000, Horia Geanta wrote:
>> On 6/3/2019 10:52 AM, Greg Kroah-Hartman wrote:
>>> On Thu, May 30, 2019 at 11:36:25AM +0000, Horia Geanta wrote:
>>>> On 5/6/2019 11:06 AM, Horia Geanta wrote:
>>>>> On 5/6/2019 9:40 AM, Herbert Xu wrote:
>>>>>> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote:
>>>>>>> The detection whether DKP (Derived Key Protocol) is used relies on
>>>>>>> the setkey callback.
>>>>>>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey"
>>>>>>> (for 3DES weak key checking), the logic has to be updated - otherwise
>>>>>>> the DMA mapping direction is incorrect (leading to faults in case caam
>>>>>>> is behind an IOMMU).
>>>>>>>
>>>>>>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
>>>>>>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
>>>>>>> ---
>>>>>>>
>>>>>>> This issue was noticed when testing with previously submitted IOMMU support:
>>>>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork.kernel.org%2Fproject%2Flinux-crypto%2Flist%2F%3Fseries%3D110277%26state%3D*&amp;data=02%7C01%7Choria.geanta%40nxp.com%7C0531d21296e1471cd12708d6e7ff7ed1%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C636951481867509241&amp;sdata=vpeK41WQcINZTn4REHwk1Zgh5kIwPJNqiB75sT3ABV0%3D&amp;reserved=0
>>>>>>
>>>>>> Thanks for catching this Horia!
>>>>>>
>>>>>> My preference would be to encode this logic separately rather than
>>>>>> relying on the setkey test.  How about this patch?
>>>>>>
>>>>> This is probably more reliable.
>>>>>
>>>>>> ---8<---
>>>>>> The detection for DKP (Derived Key Protocol) relied on the value
>>>>>> of the setkey function.  This was broken by the recent change which
>>>>>> added des3_aead_setkey.
>>>>>>
>>>>>> This patch fixes this by introducing a new flag for DKP and setting
>>>>>> that where needed.
>>>>>>
>>>>>> Reported-by: Horia Geantă <horia.geanta@nxp.com>
>>>>>> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>>>>> Tested-by: Horia Geantă <horia.geanta@nxp.com>
>>>>>
>>>> Unfortunately the commit message dropped the tag provided in v1:
>>>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
>>>>
>>>> This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d
>>>> upstream) but should also be queued up for 5.1.y.
>>>
>>> I do not understand, sorry.  What exact patches need to be applied to
>>> 5.1.y?
>>>
>> Commit 24586b5feaf1 ("crypto: caam - fix DKP detection logic").
> 
> But that commit says:
> 	Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
> which is only contained in 5.2-rc1, so why would I want to apply the
> first one to 5.1.y?
> 
Sorry, my bad.

I've looked at the failing kernel version: 5.1.0-09365-g8ea5b2abd07e
and seeing that commit 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS
mode") is in the tree, concluded it was delivered in 5.1 and would need the fix.

Please disregard the request.

Thanks,
Horia