On Thu, 27 Jun 2019 at 15:26, Horia Geanta <horia.geanta@xxxxxxx> wrote:
>
> On 6/27/2019 3:03 PM, Ard Biesheuvel wrote:
> > @@ -785,20 +781,23 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
> > static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
> > const u8 *key, unsigned int keylen)
> > {
> > - u32 tmp[DES3_EDE_EXPKEY_WORDS];
> > - struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
> > + int err;
> >
> > - if (keylen == DES3_EDE_KEY_SIZE &&
> > - __des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) {
> > - return -EINVAL;
> > - }
> > + err = crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key);
> > + if (unlikely(err))
> > + return err;
> >
> > - if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
> > - CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
> > - crypto_skcipher_set_flags(skcipher,
> > - CRYPTO_TFM_RES_WEAK_KEY);
> > - return -EINVAL;
> > - }
> > + return skcipher_setkey(skcipher, key, keylen);
>
> This would be a bit more compact:
>
> return unlikely(crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key)) ?:
> skcipher_setkey(skcipher, key, keylen);
>
> and could be used in most places.
>
> Actually here:
>
> > @@ -697,8 +693,13 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
> > static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
> > const u8 *key, unsigned int keylen)
> > {
> > - return unlikely(des3_verify_key(skcipher, key)) ?:
> > - skcipher_setkey(skcipher, key, keylen);
> > + int err;
> > +
> > + err = crypto_des3_ede_verify_key(crypto_skcipher_tfm(skcipher), key);
> > + if (unlikely(err))
> > + return err;
> > +
> > + return skcipher_setkey(skcipher, key, keylen);
> > }
>
> this pattern is already used, only the verification function
> has to be replaced.
>
OK, got it.
