On Thu, 27 Jun 2019 at 15:26, Horia Geanta <horia.geanta@xxxxxxx> wrote: > > On 6/27/2019 3:03 PM, Ard Biesheuvel wrote: > > @@ -785,20 +781,23 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, > > static int des_skcipher_setkey(struct crypto_skcipher *skcipher, > > const u8 *key, unsigned int keylen) > > { > > - u32 tmp[DES3_EDE_EXPKEY_WORDS]; > > - struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher); > > + int err; > > > > - if (keylen == DES3_EDE_KEY_SIZE && > > - __des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) { > > - return -EINVAL; > > - } > > + err = crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key); > > + if (unlikely(err)) > > + return err; > > > > - if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) & > > - CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { > > - crypto_skcipher_set_flags(skcipher, > > - CRYPTO_TFM_RES_WEAK_KEY); > > - return -EINVAL; > > - } > > + return skcipher_setkey(skcipher, key, keylen); > > This would be a bit more compact: > > return unlikely(crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key)) ?: > skcipher_setkey(skcipher, key, keylen); > > and could be used in most places. > > Actually here: > > > @@ -697,8 +693,13 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, > > static int des3_skcipher_setkey(struct crypto_skcipher *skcipher, > > const u8 *key, unsigned int keylen) > > { > > - return unlikely(des3_verify_key(skcipher, key)) ?: > > - skcipher_setkey(skcipher, key, keylen); > > + int err; > > + > > + err = crypto_des3_ede_verify_key(crypto_skcipher_tfm(skcipher), key); > > + if (unlikely(err)) > > + return err; > > + > > + return skcipher_setkey(skcipher, key, keylen); > > } > > this pattern is already used, only the verification function > has to be replaced. > OK, got it.