Commit ebb7c695 authored by Ingo Franzki's avatar Ingo Franzki Committed by Martin Schwidefsky

pkey: Indicate old mkvp only if old and current mkvp are different

When the CCA master key is set twice with the same master key,
then the old and the current master key are the same and thus the
verification patterns are the same, too. The check to report if a
secure key is currently wrapped by the old master key erroneously
reports old mkvp in this case.
Reviewed-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
Signed-off-by: default avatarIngo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
parent 0ff06c44
...@@ -1079,7 +1079,7 @@ int pkey_verifykey(const struct pkey_seckey *seckey, ...@@ -1079,7 +1079,7 @@ int pkey_verifykey(const struct pkey_seckey *seckey,
rc = mkvp_cache_fetch(cardnr, domain, mkvp); rc = mkvp_cache_fetch(cardnr, domain, mkvp);
if (rc) if (rc)
goto out; goto out;
if (t->mkvp == mkvp[1]) { if (t->mkvp == mkvp[1] && t->mkvp != mkvp[0]) {
DEBUG_DBG("%s secure key has old mkvp\n", __func__); DEBUG_DBG("%s secure key has old mkvp\n", __func__);
if (pattributes) if (pattributes)
*pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP; *pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment