| Message ID | 8714658.CDJkKcVGEf@positron.chronox.de (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | Add KDF implementations to crypto API | expand |
On Sun, Jan 24, 2021 at 03:04:50PM +0100, Stephan Müller wrote: > The clearing of the OKM memory buffer in case of an error is already > performed by the HKDF implementation crypto_hkdf_expand. Thus, the > code clearing is not needed any more in the file system code base. > > Signed-off-by: Stephan Mueller <smueller@chronox.de> > --- > fs/crypto/hkdf.c | 9 +++------ > 1 file changed, 3 insertions(+), 6 deletions(-) > > diff --git a/fs/crypto/hkdf.c b/fs/crypto/hkdf.c > index ae236b42b1f0..c48dd8ca3a46 100644 > --- a/fs/crypto/hkdf.c > +++ b/fs/crypto/hkdf.c > @@ -102,13 +102,10 @@ int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context, > .iov_base = (u8 *)info, > .iov_len = infolen, > } }; > - int err = crypto_hkdf_expand(hkdf->hmac_tfm, > - info_iov, ARRAY_SIZE(info_iov), > - okm, okmlen); > > - if (unlikely(err)) > - memzero_explicit(okm, okmlen); /* so caller doesn't need to */ > - return err; > + return crypto_hkdf_expand(hkdf->hmac_tfm, > + info_iov, ARRAY_SIZE(info_iov), > + okm, okmlen); > } > Shoudn't this just be folded into the previous patch, which converted fscrypt_hkdf_expand() to use crypto_hkdf_expand() in the first place? - Eric
diff --git a/fs/crypto/hkdf.c b/fs/crypto/hkdf.c index ae236b42b1f0..c48dd8ca3a46 100644 --- a/fs/crypto/hkdf.c +++ b/fs/crypto/hkdf.c @@ -102,13 +102,10 @@ int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context, .iov_base = (u8 *)info, .iov_len = infolen, } }; - int err = crypto_hkdf_expand(hkdf->hmac_tfm, - info_iov, ARRAY_SIZE(info_iov), - okm, okmlen); - if (unlikely(err)) - memzero_explicit(okm, okmlen); /* so caller doesn't need to */ - return err; + return crypto_hkdf_expand(hkdf->hmac_tfm, + info_iov, ARRAY_SIZE(info_iov), + okm, okmlen); } void fscrypt_destroy_hkdf(struct fscrypt_hkdf *hkdf)
The clearing of the OKM memory buffer in case of an error is already performed by the HKDF implementation crypto_hkdf_expand. Thus, the code clearing is not needed any more in the file system code base. Signed-off-by: Stephan Mueller <smueller@chronox.de> --- fs/crypto/hkdf.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-)