pkey: Indicate old mkvp only if old and current mkvp are different

When the CCA master key is set twice with the same master key, then the old and the current master key are the same and thus the verification patterns are the same, too. The check to report if a secure key is currently wrapped by the old master key erroneously reports old mkvp in this case. Reviewed-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
author: Ingo Franzki <ifranzki@linux.ibm.com> 2019-02-20 16:01:39 +0300
committer: Martin Schwidefsky <schwidefsky@de.ibm.com> 2019-02-21 17:57:23 +0300
commit: ebb7c695d3bc7a4986b92edc8d9ef43491be183e (patch)
tree: cfca0bd73d64b92a6ece046a205a4c38b5406652 /drivers/s390
parent: 0ff06c44efeede4acd068847d3bf8cf894b6c664 (diff)
download: linux-ebb7c695d3bc7a4986b92edc8d9ef43491be183e.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 2f92bbed4bf6..3e85d665c572 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -1079,7 +1079,7 @@ int pkey_verifykey(const struct pkey_seckey *seckey,
 	rc = mkvp_cache_fetch(cardnr, domain, mkvp);
 	if (rc)
 		goto out;
-	if (t->mkvp == mkvp[1]) {
+	if (t->mkvp == mkvp[1] && t->mkvp != mkvp[0]) {
 		DEBUG_DBG("%s secure key has old mkvp\n", __func__);
 		if (pattributes)
 			*pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
author	Ingo Franzki <ifranzki@linux.ibm.com>	2019-02-20 16:01:39 +0300
committer	Martin Schwidefsky <schwidefsky@de.ibm.com>	2019-02-21 17:57:23 +0300
commit	ebb7c695d3bc7a4986b92edc8d9ef43491be183e (patch)
tree	cfca0bd73d64b92a6ece046a205a4c38b5406652 /drivers/s390
parent	0ff06c44efeede4acd068847d3bf8cf894b6c664 (diff)
download	linux-ebb7c695d3bc7a4986b92edc8d9ef43491be183e.tar.xz