Skip to content

Commit

Permalink
pkey: Indicate old mkvp only if old and current mkvp are different
Browse files Browse the repository at this point in the history
When the CCA master key is set twice with the same master key,
then the old and the current master key are the same and thus the
verification patterns are the same, too. The check to report if a
secure key is currently wrapped by the old master key erroneously
reports old mkvp in this case.

Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
  • Loading branch information
Ingo Franzki authored and Martin Schwidefsky committed Feb 21, 2019
1 parent 0ff06c4 commit ebb7c69
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/s390/crypto/pkey_api.c
Original file line number Diff line number Diff line change
Expand Up @@ -1079,7 +1079,7 @@ int pkey_verifykey(const struct pkey_seckey *seckey,
rc = mkvp_cache_fetch(cardnr, domain, mkvp);
if (rc)
goto out;
if (t->mkvp == mkvp[1]) {
if (t->mkvp == mkvp[1] && t->mkvp != mkvp[0]) {
DEBUG_DBG("%s secure key has old mkvp\n", __func__);
if (pattributes)
*pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
Expand Down

0 comments on commit ebb7c69

Please sign in to comment.