Am Mittwoch, 10. Mai 2017, 15:06:40 CEST schrieb Srikanth Jampala: Hi Srikanth, In general: you are using the ablkcipher API. I think it is on its way out and being replaced with skcipher. Maybe it makes sense to replace it here too. It could be as simple as s/ ablkcipher/skcipher/g > +static inline int nitrox_ablkcipher_setkey(struct crypto_ablkcipher > *cipher, > + int aes_keylen, const u8 *key, > + unsigned int keylen) > +{ > + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); > + struct nitrox_crypto_instance *inst = crypto_tfm_ctx(tfm); > + struct flexi_crypto_context *fctx; > + enum flexi_cipher cipher_type; > + const char *name; > + > + name = crypto_tfm_alg_name(tfm); > + cipher_type = flexi_cipher_type(name); > + if (cipher_type == CIPHER_INVALID) { > + pr_err("unsupported cipher: %s\n", name); > + return -EINVAL; > + } > + > + /* fill crypto context */ > + fctx = inst->u.fctx; > + fctx->flags = 0; > + fctx->w0.cipher_type = cipher_type; > + fctx->w0.aes_keylen = aes_keylen; > + fctx->w0.iv_source = IV_FROM_DPTR; > + fctx->flags = cpu_to_be64(*(u64 *)&fctx->w0); > + /* copy the key to context */ > + memcpy(fctx->crypto.u.key, key, keylen); Could you help me finding the location where this memory is zeroized upon release? > + > + return 0; > +} > + > +static int nitrox_3des_setkey(struct crypto_ablkcipher *cipher, const u8 > *key, + unsigned int keylen) > +{ > + if (keylen != DES3_EDE_KEY_SIZE) { > + crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); > + return -EINVAL; > + } Please import the check from __des3_ede_setkey (or better, extract that key check into a generic function like xts_check_key). Ciao Stephan