s390/zcrypt: Fix CCA cipher key gen with clear key value function

Regression tests showed that the CCA cipher key function which
generates an CCA cipher key with given clear key value does not work
correctly. At parsing the reply CPRB two limits are wrong calculated
resulting in rejecting the reply as invalid with s390dbf message
"_ip_cprb_helper reply with invalid or unknown key block".

Fixes: f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support")
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

diff --git a/drivers/s390/crypto/zcrypt_ccamisc.c b/drivers/s390/crypto/zcrypt_ccamisc.c
index c1db64a2db21b92e4f44b475a828a8357a097206..110fe9d0cb91090b4879021a81c24e86f4a8fa59 100644 (file)
--- a/drivers/s390/crypto/zcrypt_ccamisc.c
+++ b/drivers/s390/crypto/zcrypt_ccamisc.c
@@ -1037,8 +1037,8 @@ static int _ip_cprb_helper(u16 cardnr, u16 domain,
        prepparm = (struct iprepparm *) prepcblk->rpl_parmb;
 
        /* do some plausibility checks on the key block */
-       if (prepparm->kb.len < 120 + 5 * sizeof(uint16_t) ||
-           prepparm->kb.len > 136 + 5 * sizeof(uint16_t)) {
+       if (prepparm->kb.len < 120 + 3 * sizeof(uint16_t) ||
+           prepparm->kb.len > 136 + 3 * sizeof(uint16_t)) {
                DEBUG_ERR("%s reply with invalid or unknown key block\n",
                          __func__);
                rc = -EIO;