Am Mittwoch, 10. Mai 2017, 15:06:40 CEST schrieb Srikanth Jampala:
Hi Srikanth,
In general: you are using the ablkcipher API. I think it is on its way out and
being replaced with skcipher.
Maybe it makes sense to replace it here too. It could be as simple as s/
ablkcipher/skcipher/g
> +static inline int nitrox_ablkcipher_setkey(struct crypto_ablkcipher
> *cipher,
> + int aes_keylen, const u8 *key,
> + unsigned int keylen)
> +{
> + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher);
> + struct nitrox_crypto_instance *inst = crypto_tfm_ctx(tfm);
> + struct flexi_crypto_context *fctx;
> + enum flexi_cipher cipher_type;
> + const char *name;
> +
> + name = crypto_tfm_alg_name(tfm);
> + cipher_type = flexi_cipher_type(name);
> + if (cipher_type == CIPHER_INVALID) {
> + pr_err("unsupported cipher: %s\n", name);
> + return -EINVAL;
> + }
> +
> + /* fill crypto context */
> + fctx = inst->u.fctx;
> + fctx->flags = 0;
> + fctx->w0.cipher_type = cipher_type;
> + fctx->w0.aes_keylen = aes_keylen;
> + fctx->w0.iv_source = IV_FROM_DPTR;
> + fctx->flags = cpu_to_be64(*(u64 *)&fctx->w0);
> + /* copy the key to context */
> + memcpy(fctx->crypto.u.key, key, keylen);
Could you help me finding the location where this memory is zeroized upon
release?
> +
> + return 0;
> +}�
> +
> +static int nitrox_3des_setkey(struct crypto_ablkcipher *cipher, const u8
> *key, + unsigned int keylen)
> +{
> + if (keylen != DES3_EDE_KEY_SIZE) {
> + crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
> + return -EINVAL;
> + }
Please import the check from __des3_ede_setkey (or better, extract that key
check into a generic function like xts_check_key).
Ciao
Stephan
