On Fri, Jun 28, 2019 at 11:35:26AM +0200, Ard Biesheuvel wrote:
>
> static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
> unsigned int keylen)
> {
> struct des_ctx *dctx = crypto_tfm_ctx(tfm);
> - u32 *flags = &tfm->crt_flags;
> - u32 tmp[DES_EXPKEY_WORDS];
> - int ret;
> -
> - /* Expand to tmp */
> - ret = des_ekey(tmp, key);
> + int err;
>
> - if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
> - *flags |= CRYPTO_TFM_RES_WEAK_KEY;
> - return -EINVAL;
> + err = des_expand_key(dctx, key, keylen);
> + if (err == -ENOKEY) {
> + if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
> + err = -EINVAL;
> + else
> + err = 0;
> }
>
> - /* Copy to output */
> - memcpy(dctx->expkey, tmp, sizeof(dctx->expkey));
> -
> - return 0;
> + if (err) {
> + memzero_explicit(dctx, sizeof(*dctx));
This should use memset as it's not a stack location. Ditto with
the 3DES version below. It may not look like a big deal but we
sometimes get bogus patches that convert such memsets to memzeros
and being consistent with our own usage might discourage them.
Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
